[v5,0/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()

Message ID	2038148563.21614751502179.JavaMail.epsvc@epcpadp3 (mailing list archive)
Headers	show Return-Path: <SRS0=LSvA=IB=alsa-project.org=alsa-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6D70564EBB From: "Gyeongtaek Lee" <gt82.lee@samsung.com> To: "'Kuninori Morimoto'" <kuninori.morimoto.gx@renesas.com>, <broonie@kernel.org>, <cpgs@samsung.com> Subject: [PATCH v5 0/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger() Date: Wed, 3 Mar 2021 15:01:24 +0900 Message-ID: <2038148563.21614751502179.JavaMail.epsvc@epcpadp3> MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Thread-Index: AdcPxSxmyTU0C67NRtS/utnZZ5oyWA== Content-Language: ko Content-Type: text/plain; charset="utf-8" References: <CGME20210303060125epcas2p2f8bd60105935980a670a72f8481ddf00@epcas2p2.samsung.com> Cc: alsa-devel@alsa-project.org, khw0178.kim@samsung.com, 'Takashi Iwai' <tiwai@suse.de>, lgirdwood@gmail.com, 'Pierre-Louis Bossart' <pierre-louis.bossart@linux.intel.com>, kimty@samsung.com, donggyun.ko@samsung.com, hmseo@samsung.com, cpgs@samsung.com, s47.kang@samsung.com, pilsun.jang@samsung.com, tkjung@samsung.com Precedence: list Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" <alsa-devel-bounces@alsa-project.org>
Series	ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger() \| expand [v5,0/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger() [v5,1/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()

Message ID

2038148563.21614751502179.JavaMail.epsvc@epcpadp3 (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6D70564EBB
From: "Gyeongtaek Lee" <gt82.lee@samsung.com>
To: "'Kuninori Morimoto'" <kuninori.morimoto.gx@renesas.com>,
 <broonie@kernel.org>, <cpgs@samsung.com>
Subject: [PATCH v5 0/1] ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()
Date: Wed, 3 Mar 2021 15:01:24 +0900
Message-ID: <2038148563.21614751502179.JavaMail.epsvc@epcpadp3>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Thread-Index: AdcPxSxmyTU0C67NRtS/utnZZ5oyWA==
Content-Language: ko
Content-Type: text/plain; charset="utf-8"
References: 
 <CGME20210303060125epcas2p2f8bd60105935980a670a72f8481ddf00@epcas2p2.samsung.com>
Cc: alsa-devel@alsa-project.org, khw0178.kim@samsung.com, 'Takashi
 Iwai' <tiwai@suse.de>, lgirdwood@gmail.com,
 'Pierre-Louis Bossart' <pierre-louis.bossart@linux.intel.com>,
 kimty@samsung.com, donggyun.ko@samsung.com, hmseo@samsung.com,
 cpgs@samsung.com, s47.kang@samsung.com, pilsun.jang@samsung.com,
 tkjung@samsung.com
Precedence: list
Errors-To: alsa-devel-bounces@alsa-project.org
Sender: "Alsa-devel" <alsa-devel-bounces@alsa-project.org>

Series

ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger() | expand

Message

Gyeongtaek Lee March 3, 2021, 6:01 a.m. UTC

On Wed, 2021-02-17 16:29, Takashi Iwai wrote:
>On Wed, 17 Feb 2021 05:31:49 +0100,
>Gyeongtaek Lee wrote:
>> 
>> If stop by underrun and DPCM BE disconnection is run simultaneously,
>> data abort can be occurred by the sequence below.
>> 
>> CPU0					CPU1
>> dpcm_be_dai_trigger():			dpcm_be_disconnect():
>> 
>> for_each_dpcm_be(fe, stream, dpcm) {
>> 
>> 					spin_lock_irqsave(&fe->card->dpcm_lock, flags);
>> 					list_del(&dpcm->list_be);
>> 					list_del(&dpcm->list_fe);
>> 					spin_unlock_irqrestore(&fe->card->dpcm_lock, flags);
>> 					kfree(dpcm);
>> 
>> struct snd_soc_pcm_runtime *be = dpcm->be; <-- Accessing freed memory
>> 
>> To prevent this situation, dpcm_lock should be acquired during
>> iteration of dpcm list in dpcm_be_dai_trigger().
>
>I don't think we can apply spin lock there blindly.  There is
>non-atomic PCM that must not take a spin lock there, too.
Hi, Takashi

I fixed the patch to hold dpcm_lock during accessing dpcm related data only,
not on the trigger callback of driver.

Thank you.
Gyeongtaek Lee
>
>
>thanks,
>
>Takashi
>

Gyeongtaek Lee (1):
  ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger()

 include/sound/soc-dpcm.h |  5 ++++
 sound/soc/soc-pcm.c      | 59 +++++++++++++++++++++++++++++++++-------
 2 files changed, 54 insertions(+), 10 deletions(-)


base-commit: fe07bfda2fb9cdef8a4d4008a409bb02f35f1bd8