[PATCH] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()
Kuninori Morimoto
kuninori.morimoto.gx at renesas.com
Wed Dec 2 23:33:03 CET 2020
Hi Gyeongtaek
Thank you for your patch
> If stop by underrun and DPCM BE disconnection is run simultaneously,
> data abort can be occurred by the sequence below.
>
> /* In core X, running dpcm_be_dai_trigger() */
> for_each_dpcm_be(fe, stream, dpcm) {
> /* In core Y, running dpcm_be_disconnect() */
> spin_lock_irqsave(&fe->card->dpcm_lock, flags);
> list_del(&dpcm->list_be);
> list_del(&dpcm->list_fe);
> spin_unlock_irqrestore(&fe->card->dpcm_lock, flags);
> kfree(dpcm);
> /* In core X, running dpcm_be_dai_trigger() */
> struct snd_soc_pcm_runtime *be = dpcm->be; <== Accessing freed memory
It is easy to read/understand if this code has alignment.
> To prevent this situation, dpcm_lock should be acquired during
> iteration of dpcm list in dpcm_do_trigger().
>
> Signed-off-by: Gyeongtaek Lee <gt82.lee at samsung.com>
> Cc: stable at vger.kernel.org
> ---
Is this bugfix patch for some recent commit ?
If so, having Fixes: tag is helpful.
Thank you for your help !!
Best regards
---
Kuninori Morimoto
More information about the Alsa-devel
mailing list