[alsa-devel] [RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai
Crash happens in snd_soc_dapm_new_dai() when substream->private_data access is made and substream is NULL here. This is seen for DAIs where only playback or capture stream is defined. This seems to be happening for codec2codec DAI link.
Both playback and capture are 0 during soc_new_pcm(). This is probably happening because cpu_dai and codec_dai are both validated either for SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
Shouldn't be playback = 1 when, - playback stream is available for codec_dai AND - capture stream is available for cpu_dai
and vice-versa for capture = 1?
Signed-off-by: Sameer Pujar spujar@nvidia.com --- sound/soc/soc-pcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index 74d340d..5aa9c0b 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && - snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) + snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && - snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) + snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) capture = 1; }
The patch
ASoC: soc-pcm: crash in snd_soc_dapm_new_dai
has been applied to the asoc tree at
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-5.5
All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying to this mail.
Thanks, Mark
From af4bac11531fbc0b5955fdccbe3f5ea265cd7374 Mon Sep 17 00:00:00 2001
From: Sameer Pujar spujar@nvidia.com Date: Sun, 19 Jan 2020 19:49:23 +0530 Subject: [PATCH] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai
Crash happens in snd_soc_dapm_new_dai() when substream->private_data access is made and substream is NULL here. This is seen for DAIs where only playback or capture stream is defined. This seems to be happening for codec2codec DAI link.
Both playback and capture are 0 during soc_new_pcm(). This is probably happening because cpu_dai and codec_dai are both validated either for SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
Shouldn't be playback = 1 when, - playback stream is available for codec_dai AND - capture stream is available for cpu_dai
and vice-versa for capture = 1?
Signed-off-by: Sameer Pujar spujar@nvidia.com Link: https://lore.kernel.org/r/1579443563-12287-1-git-send-email-spujar@nvidia.co... Signed-off-by: Mark Brown broonie@kernel.org --- sound/soc/soc-pcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index b78f6ff2b1d3..f70bec7815ee 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -2916,10 +2916,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && - snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) + snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && - snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) + snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) capture = 1; }
Hi All, Request for comments if my understanding is right here. Thanks.
On 1/19/2020 7:49 PM, Sameer Pujar wrote:
Crash happens in snd_soc_dapm_new_dai() when substream->private_data access is made and substream is NULL here. This is seen for DAIs where only playback or capture stream is defined. This seems to be happening for codec2codec DAI link.
Both playback and capture are 0 during soc_new_pcm(). This is probably happening because cpu_dai and codec_dai are both validated either for SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
Shouldn't be playback = 1 when,
- playback stream is available for codec_dai AND
- capture stream is available for cpu_dai
and vice-versa for capture = 1?
Signed-off-by: Sameer Pujar spujar@nvidia.com
sound/soc/soc-pcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index 74d340d..5aa9c0b 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK))
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE))
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) capture = 1;
On Sun, Jan 19, 2020 at 07:49:23PM +0530, Sameer Pujar wrote:
Crash happens in snd_soc_dapm_new_dai() when substream->private_data access is made and substream is NULL here. This is seen for DAIs where only playback or capture stream is defined. This seems to be happening for codec2codec DAI link.
Both playback and capture are 0 during soc_new_pcm(). This is probably happening because cpu_dai and codec_dai are both validated either for SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
Shouldn't be playback = 1 when,
- playback stream is available for codec_dai AND
- capture stream is available for cpu_dai
and vice-versa for capture = 1?
Signed-off-by: Sameer Pujar spujar@nvidia.com
sound/soc/soc-pcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c index 74d340d..5aa9c0b 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK))
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE))
snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) capture = 1;
There are no longer any playback/capture PCMs registered on qcom/apq8016_sbc with this patch. :(
With this patch: $ ls /dev/snd controlC0 timer
Without this patch: $ ls /dev/snd controlC0 pcmC0D0p pcmC0D1c timer
(There is exactly one playback-only and capture-only PCM normally...)
The routing looks like this: qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #0 WCD multicodec-0 qcom-apq8016-sbc 7702000.sound: multicodec <-> Primary MI2S mapping ok qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #1 WCD-Capture multicodec-1 qcom-apq8016-sbc 7702000.sound: multicodec <-> Tertiary MI2S mapping ok WCD: connected DAI link 7708000.lpass:Primary Playback -> 771c000.codec:AIF1 Playback WCD: connected DAI link 7708000.lpass:Primary Playback -> 200f000.spmi:pm8916@1:codec@f00:PDM Playback WCD-Capture: connected DAI link 771c000.codec:AIF1 Capture -> 7708000.lpass:Tertiary Capture WCD-Capture: connected DAI link 200f000.spmi:pm8916@1:codec@f00:PDM Capture -> 7708000.lpass:Tertiary Capture
For the playback stream, codec_dai and cpu_dai (lpass) only support SNDRV_PCM_STREAM_PLAYBACK. The same applies to the capture stream.
I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK used for both cpu_dai and codec_dai in the playback case?
Thanks, Stephan
On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:
I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK used for both cpu_dai and codec_dai in the playback case?
It is in the normal case, but with a CODEC<->CODEC link (which was what this was targeting) we need to bodge things by swapping playback and capture on one end of the link.
On Mon, Feb 17, 2020 at 03:43:01PM +0000, Mark Brown wrote:
On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:
I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK used for both cpu_dai and codec_dai in the playback case?
It is in the normal case, but with a CODEC<->CODEC link (which was what this was targeting) we need to bodge things by swapping playback and capture on one end of the link.
I see. Looking at the code again I'm guessing the cause of the crash "fixed" by this patch is commit a342031cdd08 ("ASoC: create pcm for codec2codec links as well") where the codec2codec case was sort of patched in. This is what we had before this patch:
/* Adapt stream for codec2codec links */ struct snd_soc_pcm_stream *cpu_capture = rtd->dai_link->params ? &cpu_dai->driver->playback : &cpu_dai->driver->capture; struct snd_soc_pcm_stream *cpu_playback = rtd->dai_link->params ? &cpu_dai->driver->capture : &cpu_dai->driver->playback;
This does the swapping you mentioned, so I guess rtd->dai_link->params is only set for the codec2codec case?
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) capture = 1; }
capture = capture && cpu_capture->channels_min; playback = playback && cpu_playback->channels_min;
And this does a part of the check in snd_soc_dai_stream_valid(), but without the NULL check of cpu_capture/cpu_playback. (Maybe that is the cause of the crash.)
From my limited understanding, I would say that a much simpler way to
implement this would be:
/* Adapt stream for codec2codec links */ int cpu_capture = rtd->dai_link->params ? SNDRV_PCM_STREAM_PLAYBACK : SNDRV_PCM_STREAM_CAPTURE; int cpu_playback = rtd->dai_link->params ? SNDRV_PCM_STREAM_CAPTURE : SNDRV_PCM_STREAM_PLAYBACK;
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && snd_soc_dai_stream_valid(cpu_dai, cpu_playback)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && snd_soc_dai_stream_valid(cpu_dai, cpu_capture)) capture = 1; }
since snd_soc_dai_stream_valid() does both the NULL-check and the "channels_min" check.
But I'm really not familar with the codec2codec case and am unable to test it :) What do you think?
Thanks, Stephan
On Mon, Feb 17, 2020 at 06:12:53PM +0100, Stephan Gerhold wrote:
On Mon, Feb 17, 2020 at 03:43:01PM +0000, Mark Brown wrote:
On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:
I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK used for both cpu_dai and codec_dai in the playback case?
It is in the normal case, but with a CODEC<->CODEC link (which was what this was targeting) we need to bodge things by swapping playback and capture on one end of the link.
I see. Looking at the code again I'm guessing the cause of the crash "fixed" by this patch is commit a342031cdd08 ("ASoC: create pcm for codec2codec links as well") where the codec2codec case was sort of patched in. This is what we had before this patch:
/* Adapt stream for codec2codec links */ struct snd_soc_pcm_stream *cpu_capture = rtd->dai_link->params ? &cpu_dai->driver->playback : &cpu_dai->driver->capture; struct snd_soc_pcm_stream *cpu_playback = rtd->dai_link->params ? &cpu_dai->driver->capture : &cpu_dai->driver->playback;This does the swapping you mentioned, so I guess rtd->dai_link->params is only set for the codec2codec case?
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_PLAYBACK)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && snd_soc_dai_stream_valid(cpu_dai, SNDRV_PCM_STREAM_CAPTURE)) capture = 1; } capture = capture && cpu_capture->channels_min; playback = playback && cpu_playback->channels_min;And this does a part of the check in snd_soc_dai_stream_valid(), but without the NULL check of cpu_capture/cpu_playback. (Maybe that is the cause of the crash.)
Uh, no, I am completely wrong here. :) cpu_capture/cpu_playback cannot actually be NULL... I should have looked more carefully at snd_soc_dai_stream_valid()...
But I still wonder if the approach below would be easier?
From my limited understanding, I would say that a much simpler way to implement this would be:
/* Adapt stream for codec2codec links */ int cpu_capture = rtd->dai_link->params ? SNDRV_PCM_STREAM_PLAYBACK : SNDRV_PCM_STREAM_CAPTURE; int cpu_playback = rtd->dai_link->params ? SNDRV_PCM_STREAM_CAPTURE : SNDRV_PCM_STREAM_PLAYBACK;
for_each_rtd_codec_dai(rtd, i, codec_dai) { if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) && snd_soc_dai_stream_valid(cpu_dai, cpu_playback)) playback = 1; if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) && snd_soc_dai_stream_valid(cpu_dai, cpu_capture)) capture = 1; }
since snd_soc_dai_stream_valid() does both the NULL-check and the "channels_min" check.
But I'm really not familar with the codec2codec case and am unable to test it :) What do you think?
Thanks, Stephan
On Mon, Feb 17, 2020 at 06:12:45PM +0100, Stephan Gerhold wrote:
This does the swapping you mentioned, so I guess rtd->dai_link->params is only set for the codec2codec case?
Yes, that's the idea.
From my limited understanding, I would say that a much simpler way to implement this would be:
But I'm really not familar with the codec2codec case and am unable to test it :) What do you think?
I think that looks reasonable from just looking at the e-mail without a context diff and you should submit a patch so others can test!
participants (3)
-
Mark Brown -
Sameer Pujar -
Stephan Gerhold