iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a976486977
linux/include/sound
History
KaiChieh Chuang a976486977
ASoC: dpcm: prevent snd_soc_dpcm use after free 
The dpcm get from fe_clients/be_clients
may be free before use

Add a spin lock at snd_soc_card level,
to protect the dpcm instance.
The lock may be used in atomic context, so use spin lock.

Use irq spin lock version,
since the lock may be used in interrupts.

possible race condition between
void dpcm_be_disconnect(
	...
	list_del(&dpcm->list_be);
	list_del(&dpcm->list_fe);
	kfree(dpcm);
	...

and
	for_each_dpcm_fe()
	for_each_dpcm_be*()

race condition example
Thread 1:
    snd_soc_dapm_mixer_update_power()
        -> soc_dpcm_runtime_update()
            -> dpcm_be_disconnect()
                -> kfree(dpcm);
Thread 2:
    dpcm_fe_dai_trigger()
        -> dpcm_be_dai_trigger()
            -> snd_soc_dpcm_can_be_free_stop()
                -> if (dpcm->fe == fe)

Excpetion Scenario:
	two FE link to same BE
	FE1 -> BE
	FE2 ->

	Thread 1: switch of mixer between FE2 -> BE
	Thread 2: pcm_stop FE1

Exception:

Unable to handle kernel paging request at virtual address dead0000000000e0

pc=<> [<ffffff8960e2cd10>] dpcm_be_dai_trigger+0x29c/0x47c
	sound/soc/soc-pcm.c:3226
		if (dpcm->fe == fe)
lr=<> [<ffffff8960e2f694>] dpcm_fe_dai_do_trigger+0x94/0x26c

Backtrace:
[<ffffff89602dba80>] notify_die+0x68/0xb8
[<ffffff896028c7dc>] die+0x118/0x2a8
[<ffffff89602a2f84>] __do_kernel_fault+0x13c/0x14c
[<ffffff89602a27f4>] do_translation_fault+0x64/0xa0
[<ffffff8960280cf8>] do_mem_abort+0x4c/0xd0
[<ffffff8960282ad0>] el1_da+0x24/0x40
[<ffffff8960e2cd10>] dpcm_be_dai_trigger+0x29c/0x47c
[<ffffff8960e2f694>] dpcm_fe_dai_do_trigger+0x94/0x26c
[<ffffff8960e2edec>] dpcm_fe_dai_trigger+0x3c/0x44
[<ffffff8960de5588>] snd_pcm_do_stop+0x50/0x5c
[<ffffff8960dded24>] snd_pcm_action+0xb4/0x13c
[<ffffff8960ddfdb4>] snd_pcm_drop+0xa0/0x128
[<ffffff8960de69bc>] snd_pcm_common_ioctl+0x9d8/0x30f0
[<ffffff8960de1cac>] snd_pcm_ioctl_compat+0x29c/0x2f14
[<ffffff89604c9d60>] compat_SyS_ioctl+0x128/0x244
[<ffffff8960283740>] el0_svc_naked+0x34/0x38
[<ffffffffffffffff>] 0xffffffffffffffff

Signed-off-by: KaiChieh Chuang <kaichieh.chuang@mediatek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2019-03-11 16:58:49 +00:00
..
ac97 ASoC: ac97: convert to SPDX identifiers 2018-07-02 10:56:09 +01:00
ac97_codec.h ASoC: ac97: convert to SPDX identifiers 2018-07-02 10:56:09 +01:00
aci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ad1816a.h
ad1843.h
adau1373.h
aess.h
ak4xxx-adda.h
ak4113.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4114.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4117.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4531_codec.h
ak4641.h
alc5623.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
asequencer.h
asound.h
asoundef.h
compress_driver.h ALSA: soc-compress: add support to snd_compr_set_runtime_buffer() 2018-12-14 12:43:41 +00:00
control.h ALSA: control: Hardening for potential Spectre v1 2018-04-25 10:37:46 +02:00
core.h ALSA: core: Assure control device to be registered at last 2018-05-17 08:21:23 +02:00
cs35l33.h ASoC: cs35l33: Initial commit of the cs35l33 CODEC driver. 2016-06-27 17:39:06 +01:00
cs35l34.h ASoC: cs35l34: Initial commit of the cs35l34 CODEC driver. 2016-10-21 12:02:44 +01:00
cs35l35.h ASoC: cs35l35: Add Boost Inductor Calculation 2017-05-19 17:31:34 +01:00
cs35l36.h ASoC: cs35l36: Add support for Cirrus CS35L36 Amplifier 2019-02-08 13:00:28 +00:00
cs42l52.h
cs42l56.h
cs42l73.h
cs4231-regs.h
cs4271.h
cs8403.h
cs8427.h
da7213.h ASoC: da7213: Add support to handle mclk data provided to driver 2015-10-07 15:11:34 +01:00
da7218.h ASoC: da7218: Add da7218 codec driver 2015-11-30 12:24:12 +00:00
da7219-aad.h ASoC: codecs: Add da7219 codec driver 2015-10-02 18:11:27 +01:00
da7219.h ASoC: da7219: Add common clock usage for providing DAI clks 2018-03-09 17:40:41 +00:00
da9055.h
designware_i2s.h ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc driver 2017-06-28 19:01:12 +01:00
dmaengine_pcm.h ASoC: dmaengine: Remove unused SND_DMAENGINE_PCM_FLAG_CUSTOM_CHANNEL_NAME flag 2019-02-14 16:17:35 +00:00
emu10k1_synth.h
emu10k1.h ALSA: emu10k1: Reduce GFP_ATOMIC allocation 2018-04-16 14:01:53 +02:00
emu8000_reg.h
emu8000.h
emux_legacy.h
emux_synth.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
es1688.h
gus.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
hda_chmap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_codec.h ALSA: hda: Refactor display power management 2018-12-11 08:06:55 +01:00
hda_component.h ALSA: hda: Make snd_hdac_display_power() void function 2018-12-11 08:18:25 +01:00
hda_hwdep.h
hda_i915.h ALSA: hda: Make audio component support more generic 2018-07-17 22:25:48 +02:00
hda_register.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_regmap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_verbs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hdaudio_ext.h ALSA: hdac: add extended ops in the hdac_bus 2018-06-28 07:33:29 +02:00
hdaudio.h ALSA: HD-Audio: SKL+: force HDaudio legacy or SKL+ driver selection 2018-12-19 18:07:23 +01:00
hdmi-codec.h ASoC: hdmi-codec: add .get_dai_id support 2017-05-24 18:45:29 +01:00
hwdep.h ->poll() methods should return __poll_t 2017-11-27 16:19:52 -05:00
i2c.h ALSA: i2c: constify snd_i2c_ops structures 2015-11-30 11:40:08 +01:00
info.h ->poll() methods should return __poll_t 2017-11-27 16:19:52 -05:00
initval.h
jack.h ALSA: jack: Allow building the jack layer without input device 2016-02-23 09:03:07 +01:00
l3.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
max9768.h
max98088.h
max98090.h
max98095.h
memalloc.h ALSA: memalloc: Add non-cached buffer type 2018-08-28 13:56:47 +02:00
minors.h
mixer_oss.h ALSA: Use IS_ENABLED() in common headers 2017-05-17 07:13:04 +02:00
mpu401.h
omap-hdmi-audio.h drm: omapdrm: hdmi: Pass HDMI core version as integer to HDMI audio 2017-08-16 12:52:41 +03:00
opl3.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
opl4.h
pcm_drm_eld.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_iec958.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_oss.h ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams 2018-03-23 22:18:05 +01:00
pcm_params.h ALSA: pcm: Fix interval evaluation with openmin/max 2018-11-29 12:05:19 +01:00
pcm-indirect.h ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers 2017-05-25 23:34:45 +02:00
pcm.h ALSA: pcm: Add __force to cast in snd_pcm_lib_read/write() 2018-07-26 08:32:13 +02:00
pt2258.h
pxa2xx-lib.h ASoC: pxa: move some functions to pxa2xx-lib 2018-06-29 12:05:04 +01:00
rawmidi.h ALSA: rawmidi: A lightweight function to discard pending bytes 2018-10-04 20:13:17 +02:00
rt286.h
rt298.h ASoC: add rt298 codec driver 2015-07-09 12:00:11 +01:00
rt5514.h ASoC: rt5514: The DSP clock can be calibrated by the other clock source 2017-11-07 11:23:36 +01:00
rt5645.h ASoC: rt5645: Set card long_name for GPD win / pocket 2017-12-12 10:41:56 +00:00
rt5659.h ASoC: rt5659: Add the support of Intel HDA Header 2018-02-12 09:31:26 +00:00
rt5660.h ASoC: rt5660: add rt5660 codec driver 2016-09-24 19:51:57 +01:00
rt5663.h ASoC: rt5663: Add the function of impedance sensing 2017-09-19 12:57:59 +01:00
rt5665.h treewide: Remove remaining executable attributes from source files 2017-02-25 12:12:50 -08:00
rt5668.h ASoC: rt5668: add rt5668B codec driver 2018-04-16 19:24:32 +01:00
rt5670.h ASoC: rt5670: Add IRQ function 2015-03-11 12:08:20 +00:00
rt5682.h ASoC: rt5682: add rt5682 codec driver 2018-06-18 12:54:38 +01:00
s3c24xx_uda134x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sb16_csp.h ALSA: sb: Fix sparse warning wrt PCM format type 2018-07-27 09:05:33 +02:00
sb.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
seq_device.h ALSA: seq: Define driver object in each driver 2015-02-12 14:15:54 +01:00
seq_kernel.h ALSA: seq: Avoid invalid lockdep class warning 2017-11-06 20:25:31 +01:00
seq_midi_emul.h
seq_midi_event.h ALSA: seq: Minor cleanup of MIDI event parser helpers 2018-08-01 22:54:35 +02:00
seq_oss_legacy.h
seq_oss.h
seq_virmidi.h ALSA: seq: virmidi: Use READ_ONCE/WRITE_ONCE() macros 2018-07-30 14:52:30 +02:00
sh_dac_audio.h
sh_fsi.h ASoC: fsi: convert to SPDX identifiers 2018-08-02 10:56:59 +01:00
simple_card_utils.h ASoC: simple-card: rename to asoc_simple_card_canonicalize_platform() 2019-01-21 18:14:16 +00:00
simple_card.h ASoC: simple-card: convert to SPDX identifiers 2018-07-02 10:52:47 +01:00
snd_wavefront.h ASoC: Updates for v4.15 2017-11-13 15:45:57 +01:00
soc-acpi-intel-match.h ASoC: Intel: common: add ACPI matching tables for ICL 2018-12-03 12:02:13 +00:00
soc-acpi.h ASoC: soc-acpi: remove new_mach_data field 2019-02-12 16:56:06 +00:00
soc-dai.h ASoC: core: add support to snd_soc_dai_get_channel_map() 2018-07-24 12:06:43 +01:00
soc-dapm.h ASoC: dapm: harden use of lookup tables 2019-02-06 17:32:02 +00:00
soc-dpcm.h ASoC: add for_each_dpcm_be() macro 2018-09-20 10:31:20 -07:00
soc-topology.h ASoC: topology: unload physical dai link in remove 2019-02-04 11:59:30 +01:00
soc.h ASoC: dpcm: prevent snd_soc_dpcm use after free 2019-03-11 16:58:49 +00:00
soundfont.h
spear_dma.h ASoC: Update email-id of Rajeev Kumar 2015-04-28 16:31:01 +01:00
spear_spdif.h
sta32x.h ASoC: sta32x: add device tree binding. 2015-01-27 17:13:25 +00:00
sta350.h
tas2552-plat.h
tas5086.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tea6330t.h
timer.h ALSA: timer: Limit max instances per timer 2017-11-06 10:41:24 +01:00
tlv320aic3x.h
tlv320aic32x4.h ASoC: tlv320aic32x4: Add gpio configuration to the codec 2017-07-17 16:22:28 +01:00
tlv320dac33-plat.h
tlv.h ALSA: control: cage TLV_DB_RANGE_HEAD in kernel land because it was obsoleted 2016-09-25 22:16:49 +02:00
tpa6130a2-plat.h
uda134x.h
uda1380.h
util_mem.h
vx_core.h
wavefront.h
wm0010.h
wm1250-ev1.h
wm2000.h
wm2200.h
wm5100.h
wm8903.h
wm8904.h ASoC: wm8904: Correct number of EQ registers 2015-10-20 15:46:09 +01:00
wm8955.h
wm8960.h
wm8962.h
wm8993.h
wm8996.h
wm9081.h
wm9090.h
wss.h