[RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai

Message ID	1579443563-12287-1-git-send-email-spujar@nvidia.com (mailing list archive)
State	Accepted
Commit	af4bac11531fbc0b5955fdccbe3f5ea265cd7374
Headers	show Return-Path: <SRS0=BOfx=3I=alsa-project.org=alsa-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DBD14206D7 TLS: TLSv1.2, DES-CBC3-SHA) id <B5e2465690000>; Sun, 19 Jan 2020 06:19:23 -0800 From: Sameer Pujar <spujar@nvidia.com> To: <tiwai@suse.com>, <perex@perex.cz> Date: Sun, 19 Jan 2020 19:49:23 +0530 Message-ID: <1579443563-12287-1-git-send-email-spujar@nvidia.com> MIME-Version: 1.0 Cc: Sameer Pujar <spujar@nvidia.com>, alsa-devel@alsa-project.org, broonie@kernel.org, linux-kernel@vger.kernel.org Subject: [alsa-devel] [RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" <alsa-devel-bounces@alsa-project.org>
Series	[RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai \| expand [RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai

Sameer Pujar Jan. 19, 2020, 2:19 p.m. UTC

Crash happens in snd_soc_dapm_new_dai() when substream->private_data
access is made and substream is NULL here. This is seen for DAIs where
only playback or capture stream is defined. This seems to be happening
for codec2codec DAI link.

Both playback and capture are 0 during soc_new_pcm(). This is probably
happening because cpu_dai and codec_dai are both validated either for
SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.

Shouldn't be playback = 1 when,
 - playback stream is available for codec_dai AND
 - capture stream is available for cpu_dai

and vice-versa for capture = 1?

Signed-off-by: Sameer Pujar <spujar@nvidia.com>
---
 sound/soc/soc-pcm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Sameer Pujar Jan. 23, 2020, 9:55 a.m. UTC | #1

Hi All,
Request for comments if my understanding is right here. Thanks.

On 1/19/2020 7:49 PM, Sameer Pujar wrote:
> Crash happens in snd_soc_dapm_new_dai() when substream->private_data
> access is made and substream is NULL here. This is seen for DAIs where
> only playback or capture stream is defined. This seems to be happening
> for codec2codec DAI link.
>
> Both playback and capture are 0 during soc_new_pcm(). This is probably
> happening because cpu_dai and codec_dai are both validated either for
> SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
>
> Shouldn't be playback = 1 when,
>   - playback stream is available for codec_dai AND
>   - capture stream is available for cpu_dai
>
> and vice-versa for capture = 1?
>
> Signed-off-by: Sameer Pujar <spujar@nvidia.com>
> ---
>   sound/soc/soc-pcm.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
> index 74d340d..5aa9c0b 100644
> --- a/sound/soc/soc-pcm.c
> +++ b/sound/soc/soc-pcm.c
> @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
>   
>   		for_each_rtd_codec_dai(rtd, i, codec_dai) {
>   			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
>   				playback = 1;
>   			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
>   				capture = 1;
>   		}
>

Stephan Gerhold Feb. 17, 2020, 2:41 p.m. UTC | #2

On Sun, Jan 19, 2020 at 07:49:23PM +0530, Sameer Pujar wrote:
> Crash happens in snd_soc_dapm_new_dai() when substream->private_data
> access is made and substream is NULL here. This is seen for DAIs where
> only playback or capture stream is defined. This seems to be happening
> for codec2codec DAI link.
> 
> Both playback and capture are 0 during soc_new_pcm(). This is probably
> happening because cpu_dai and codec_dai are both validated either for
> SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
> 
> Shouldn't be playback = 1 when,
>  - playback stream is available for codec_dai AND
>  - capture stream is available for cpu_dai
> 
> and vice-versa for capture = 1?
> 
> Signed-off-by: Sameer Pujar <spujar@nvidia.com>
> ---
>  sound/soc/soc-pcm.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
> index 74d340d..5aa9c0b 100644
> --- a/sound/soc/soc-pcm.c
> +++ b/sound/soc/soc-pcm.c
> @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
>  
>  		for_each_rtd_codec_dai(rtd, i, codec_dai) {
>  			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
>  				playback = 1;
>  			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
>  				capture = 1;
>  		}
>  

There are no longer any playback/capture PCMs registered on
qcom/apq8016_sbc with this patch. :(

With this patch:
  $ ls /dev/snd
  controlC0  timer

Without this patch:
  $ ls /dev/snd
  controlC0  pcmC0D0p   pcmC0D1c   timer

(There is exactly one playback-only and capture-only PCM normally...)

The routing looks like this:
  qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #0 WCD multicodec-0
  qcom-apq8016-sbc 7702000.sound: multicodec <-> Primary MI2S mapping ok
  qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #1 WCD-Capture multicodec-1
  qcom-apq8016-sbc 7702000.sound: multicodec <-> Tertiary MI2S mapping ok
  WCD: connected DAI link 7708000.lpass:Primary Playback -> 771c000.codec:AIF1 Playback
  WCD: connected DAI link 7708000.lpass:Primary Playback -> 200f000.spmi:pm8916@1:codec@f00:PDM Playback
  WCD-Capture: connected DAI link 771c000.codec:AIF1 Capture -> 7708000.lpass:Tertiary Capture
  WCD-Capture: connected DAI link 200f000.spmi:pm8916@1:codec@f00:PDM Capture -> 7708000.lpass:Tertiary Capture

For the playback stream, codec_dai and cpu_dai (lpass) only support SNDRV_PCM_STREAM_PLAYBACK.
The same applies to the capture stream.

I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK
used for both cpu_dai and codec_dai in the playback case?

Thanks,
Stephan

Mark Brown Feb. 17, 2020, 3:43 p.m. UTC | #3

On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:

> I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK
> used for both cpu_dai and codec_dai in the playback case?

It is in the normal case, but with a CODEC<->CODEC link (which was what
this was targeting) we need to bodge things by swapping playback and
capture on one end of the link.

Stephan Gerhold Feb. 17, 2020, 5:12 p.m. UTC | #4

On Mon, Feb 17, 2020 at 03:43:01PM +0000, Mark Brown wrote:
> On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:
> 
> > I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK
> > used for both cpu_dai and codec_dai in the playback case?
> 
> It is in the normal case, but with a CODEC<->CODEC link (which was what
> this was targeting) we need to bodge things by swapping playback and
> capture on one end of the link.

I see. Looking at the code again I'm guessing the cause of the crash
"fixed" by this patch is commit a342031cdd08 ("ASoC: create pcm for
codec2codec links as well") where the codec2codec case was sort of
patched in. This is what we had before this patch:

		/* Adapt stream for codec2codec links */
		struct snd_soc_pcm_stream *cpu_capture = rtd->dai_link->params ?
			&cpu_dai->driver->playback : &cpu_dai->driver->capture;
		struct snd_soc_pcm_stream *cpu_playback = rtd->dai_link->params ?
			&cpu_dai->driver->capture : &cpu_dai->driver->playback;

This does the swapping you mentioned, so I guess rtd->dai_link->params
is only set for the codec2codec case?

		for_each_rtd_codec_dai(rtd, i, codec_dai) {
			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
				playback = 1;
			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
				capture = 1;
		}

		capture = capture && cpu_capture->channels_min;
		playback = playback && cpu_playback->channels_min;

And this does a part of the check in snd_soc_dai_stream_valid(),
but without the NULL check of cpu_capture/cpu_playback.
(Maybe that is the cause of the crash.)

From my limited understanding, I would say that a much simpler way to
implement this would be:

	/* Adapt stream for codec2codec links */
	int cpu_capture = rtd->dai_link->params ?
		SNDRV_PCM_STREAM_PLAYBACK : SNDRV_PCM_STREAM_CAPTURE;
	int cpu_playback = rtd->dai_link->params ?
		SNDRV_PCM_STREAM_CAPTURE : SNDRV_PCM_STREAM_PLAYBACK;

	for_each_rtd_codec_dai(rtd, i, codec_dai) {
		if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
		    snd_soc_dai_stream_valid(cpu_dai,   cpu_playback))
			playback = 1;
		if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
		    snd_soc_dai_stream_valid(cpu_dai,   cpu_capture))
			capture = 1;
	}

since snd_soc_dai_stream_valid() does both the NULL-check and the 
"channels_min" check.

But I'm really not familar with the codec2codec case and am unable to
test it :) What do you think?

Thanks,
Stephan

Stephan Gerhold Feb. 17, 2020, 5:19 p.m. UTC | #5

On Mon, Feb 17, 2020 at 06:12:53PM +0100, Stephan Gerhold wrote:
> On Mon, Feb 17, 2020 at 03:43:01PM +0000, Mark Brown wrote:
> > On Mon, Feb 17, 2020 at 03:41:20PM +0100, Stephan Gerhold wrote:
> > 
> > > I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK
> > > used for both cpu_dai and codec_dai in the playback case?
> > 
> > It is in the normal case, but with a CODEC<->CODEC link (which was what
> > this was targeting) we need to bodge things by swapping playback and
> > capture on one end of the link.
> 
> I see. Looking at the code again I'm guessing the cause of the crash
> "fixed" by this patch is commit a342031cdd08 ("ASoC: create pcm for
> codec2codec links as well") where the codec2codec case was sort of
> patched in. This is what we had before this patch:
> 
> 		/* Adapt stream for codec2codec links */
> 		struct snd_soc_pcm_stream *cpu_capture = rtd->dai_link->params ?
> 			&cpu_dai->driver->playback : &cpu_dai->driver->capture;
> 		struct snd_soc_pcm_stream *cpu_playback = rtd->dai_link->params ?
> 			&cpu_dai->driver->capture : &cpu_dai->driver->playback;
> 
> This does the swapping you mentioned, so I guess rtd->dai_link->params
> is only set for the codec2codec case?
> 
> 		for_each_rtd_codec_dai(rtd, i, codec_dai) {
> 			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
> 			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
> 				playback = 1;
> 			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
> 			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
> 				capture = 1;
> 		}
> 
> 		capture = capture && cpu_capture->channels_min;
> 		playback = playback && cpu_playback->channels_min;
> 
> And this does a part of the check in snd_soc_dai_stream_valid(),
> but without the NULL check of cpu_capture/cpu_playback.
> (Maybe that is the cause of the crash.)

Uh, no, I am completely wrong here. :)
cpu_capture/cpu_playback cannot actually be NULL...
I should have looked more carefully at snd_soc_dai_stream_valid()...

But I still wonder if the approach below would be easier?

> 
> From my limited understanding, I would say that a much simpler way to
> implement this would be:
> 
> 	/* Adapt stream for codec2codec links */
> 	int cpu_capture = rtd->dai_link->params ?
> 		SNDRV_PCM_STREAM_PLAYBACK : SNDRV_PCM_STREAM_CAPTURE;
> 	int cpu_playback = rtd->dai_link->params ?
> 		SNDRV_PCM_STREAM_CAPTURE : SNDRV_PCM_STREAM_PLAYBACK;
> 
> 	for_each_rtd_codec_dai(rtd, i, codec_dai) {
> 		if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
> 		    snd_soc_dai_stream_valid(cpu_dai,   cpu_playback))
> 			playback = 1;
> 		if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
> 		    snd_soc_dai_stream_valid(cpu_dai,   cpu_capture))
> 			capture = 1;
> 	}
> 
> since snd_soc_dai_stream_valid() does both the NULL-check and the 
> "channels_min" check.
> 
> But I'm really not familar with the codec2codec case and am unable to
> test it :) What do you think?
> 
> Thanks,
> Stephan

Mark Brown Feb. 17, 2020, 5:30 p.m. UTC | #6

On Mon, Feb 17, 2020 at 06:12:45PM +0100, Stephan Gerhold wrote:

> This does the swapping you mentioned, so I guess rtd->dai_link->params
> is only set for the codec2codec case?

Yes, that's the idea.

> From my limited understanding, I would say that a much simpler way to
> implement this would be:
> 
> But I'm really not familar with the codec2codec case and am unable to
> test it :) What do you think?

I think that looks reasonable from just looking at the e-mail without a
context diff and you should submit a patch so others can test!

[RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai

Commit Message

Comments

Patch