On Wed, 2021-02-17 16:29, Takashi Iwai wrote: >On Wed, 17 Feb 2021 05:31:49 +0100, >Gyeongtaek Lee wrote: >> >> If stop by underrun and DPCM BE disconnection is run simultaneously, >> data abort can be occurred by the sequence below. >> >> CPU0 CPU1 >> dpcm_be_dai_trigger(): dpcm_be_disconnect(): >> >> for_each_dpcm_be(fe, stream, dpcm) { >> >> spin_lock_irqsave(&fe->card->dpcm_lock, flags); >> list_del(&dpcm->list_be); >> list_del(&dpcm->list_fe); >> spin_unlock_irqrestore(&fe->card->dpcm_lock, flags); >> kfree(dpcm); >> >> struct snd_soc_pcm_runtime *be = dpcm->be; <-- Accessing freed memory >> >> To prevent this situation, dpcm_lock should be acquired during >> iteration of dpcm list in dpcm_be_dai_trigger(). > >I don't think we can apply spin lock there blindly. There is >non-atomic PCM that must not take a spin lock there, too. Hi, Takashi I fixed the patch to hold dpcm_lock during accessing dpcm related data only, not on the trigger callback of driver. Thank you. Gyeongtaek Lee > > >thanks, > >Takashi > Gyeongtaek Lee (1): ASoC: dpcm: acquire dpcm_lock in dpcm_do_trigger() include/sound/soc-dpcm.h | 5 ++++ sound/soc/soc-pcm.c | 59 +++++++++++++++++++++++++++++++++------- 2 files changed, 54 insertions(+), 10 deletions(-) base-commit: fe07bfda2fb9cdef8a4d4008a409bb02f35f1bd8 -- 2.21.0