On 03 Dec 2020 07:33:03 +0900, Kuninori Morimoto wrote:
>Hi Gyeongtaek
>
>Thank you for your patch
>
>> If stop by underrun and DPCM BE disconnection is run simultaneously,
>> data abort can be occurred by the sequence below.
>>
>> /* In core X, running dpcm_be_dai_trigger() */
>> for_each_dpcm_be(fe, stream, dpcm) {
>> /* In core Y, running dpcm_be_disconnect() */
>> spin_lock_irqsave(&fe->card->dpcm_lock, flags);
>> list_del(&dpcm->list_be);
>> list_del(&dpcm->list_fe);
>> spin_unlock_irqrestore(&fe->card->dpcm_lock, flags);
>> kfree(dpcm);
>> /* In core X, running dpcm_be_dai_trigger() */
>> struct snd_soc_pcm_runtime *be = dpcm->be; <== Accessing freed memory
>
>It is easy to read/understand if this code has alignment.
>
>> To prevent this situation, dpcm_lock should be acquired during
>> iteration of dpcm list in dpcm_do_trigger().
>>
>> Signed-off-by: Gyeongtaek Lee <gt82.lee@xxxxxxxxxxx>
>> Cc: stable@xxxxxxxxxxxxxxx
>> ---
>
>Is this bugfix patch for some recent commit ?
>If so, having Fixes: tag is helpful.
>
>Thank you for your help !!
Thank you for your review.
I'll resend the patch v2 after fixing the patch as
your review comment.
Thanks again.
Gyeongtaek Lee
>
>Best regards
>---
>Kuninori Morimoto
>
