[PATCH v5 0/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()
Gyeongtaek Lee
gt82.lee at samsung.com
Wed Mar 3 07:01:24 CET 2021
On Wed, 2021-02-17 16:29, Takashi Iwai wrote:
>On Wed, 17 Feb 2021 05:31:49 +0100,
>Gyeongtaek Lee wrote:
>>
>> If stop by underrun and DPCM BE disconnection is run simultaneously,
>> data abort can be occurred by the sequence below.
>>
>> CPU0 CPU1
>> dpcm_be_dai_trigger(): dpcm_be_disconnect():
>>
>> for_each_dpcm_be(fe, stream, dpcm) {
>>
>> spin_lock_irqsave(&fe->card->dpcm_lock, flags);
>> list_del(&dpcm->list_be);
>> list_del(&dpcm->list_fe);
>> spin_unlock_irqrestore(&fe->card->dpcm_lock, flags);
>> kfree(dpcm);
>>
>> struct snd_soc_pcm_runtime *be = dpcm->be; <-- Accessing freed memory
>>
>> To prevent this situation, dpcm_lock should be acquired during
>> iteration of dpcm list in dpcm_be_dai_trigger().
>
>I don't think we can apply spin lock there blindly. There is
>non-atomic PCM that must not take a spin lock there, too.
Hi, Takashi
I fixed the patch to hold dpcm_lock during accessing dpcm related data only,
not on the trigger callback of driver.
Thank you.
Gyeongtaek Lee
>
>
>thanks,
>
>Takashi
>
Gyeongtaek Lee (1):
ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()
include/sound/soc-dpcm.h | 5 ++++
sound/soc/soc-pcm.c | 59 +++++++++++++++++++++++++++++++++-------
2 files changed, 54 insertions(+), 10 deletions(-)
base-commit: fe07bfda2fb9cdef8a4d4008a409bb02f35f1bd8
--
2.21.0
More information about the Alsa-devel
mailing list