Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp584597rwb; Tue, 27 Sep 2022 01:35:04 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5Dwy03LZOUeNIu9swe2D03Rfjw+cUxydABuCsA5B3ECJ+meYMfNyv6ueUysk6ABTNuflJx X-Received: by 2002:a05:6402:3508:b0:451:db83:b2a7 with SMTP id b8-20020a056402350800b00451db83b2a7mr27066640edd.266.1664267703909; Tue, 27 Sep 2022 01:35:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664267703; cv=none; d=google.com; s=arc-20160816; b=Vn1/Rtyj/lSQvOVy28ogdtZV7mm+l0ZWjIRKxfBMbKf9KixHo9clrUp1G7zue68BRh 3XCLCaN9s8ooQsldy2gQPR12L8eCq9zt09j/U8HoAV/ektm54uq2776aBNYc79e0W0Ew /jIdhYnnHCKIJvrSf/R9jv6PMl0VKcqaQHoCqvNzjgwy8gRMAXI3U7aDGARsjFk3tGNp mM34D7wPuSaGQ91ctOhgleImTXZRuq0VQD5EYMvOoDi6F33okdtvTd6O5C3eptV8R5cn wZEjDj8J3EKbm54lbbIzAcv/z32np1EAwcEdF7v/Bdqs2mteTH5K4avI3pbkgl1zUsxl M0Bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=sAVEubMlbi9u1lJtAiDDrASr8bGFwIwDpvU6r7jhpDI=; b=dSEeVBukVYatnrgo2yBs1sQvKCxuNcwdEiqv6nrLX9BHva4V7T9rDO13Z4UQJORlnB uqbdE8LIJDiMEJ/Pg8U8fDFG0f7TN9sp2wO5NnspaVra/X1mytrvEO8uOfWobVrQIBUb CQM6MzCTO/RiXdYatwgMyfWNhYfY9vpOXiI17mgXIRqz2X6Rsvd6VOEFgtUNTVLVQ/Ip EF/tRT4ftzA42K3bAnY5EnhKtAiptBYeR8T0f4TXrXwIZ1E8y8XYyFWdP1y3Rszyqefr D9sywszs4PoGJRqAakzTbfkwXwGAAQKtc6fLcDNQQP8HR+ozQcRLDnHMrUyApDYEojZ1 8JMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DZQrAnU7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e19-20020a50a693000000b0043e1d52fd9fsi913594edc.594.2022.09.27.01.34.38; Tue, 27 Sep 2022 01:35:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DZQrAnU7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229676AbiI0Hv4 (ORCPT + 99 others); Tue, 27 Sep 2022 03:51:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229687AbiI0Hvy (ORCPT ); Tue, 27 Sep 2022 03:51:54 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4DA11AB05C for ; Tue, 27 Sep 2022 00:51:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1664265113; x=1695801113; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=rPV9Jaa6aRhKTfWgBwKJ5PnntUWNGwm2KhocZIEEi/g=; b=DZQrAnU7ErRhZm05lPgIirc7ErPXoNyQ8qmCvLlghhv2UmUREezlBwPk YLJOPJtYvTQuxeThV9f611ba8SedWfljAcIE+uutcxylMyr2/UO2EUh5Y wvVuWJNMKs0rQIyPtJfwv7cC8hTY4ToE3jEV3mB6NRP8f/CFmaHxXVsHS nv9T45SbihuAPopkID12mHzwyQFHSBTHj3FNCYT1n8YMQS1AlhZkloG/B 1mc2t610Mc16dOjDiMdML0ZKN25u7g00teAYDmP1ZVqw/p6RpxOeoJo8V x8iJc1mhnwTIDjL3RrmjCv2rMSfcCiMhFNd01EyoQeKNUFGjxUgnqX0RR g==; X-IronPort-AV: E=McAfee;i="6500,9779,10482"; a="327605583" X-IronPort-AV: E=Sophos;i="5.93,348,1654585200"; d="scan'208";a="327605583" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2022 00:51:52 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10482"; a="866475014" X-IronPort-AV: E=Sophos;i="5.93,348,1654585200"; d="scan'208";a="866475014" Received: from patils-mobl1.ger.corp.intel.com (HELO [10.252.36.213]) ([10.252.36.213]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2022 00:51:48 -0700 Message-ID: Date: Tue, 27 Sep 2022 09:51:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.11.0 Subject: Re: [PATCH] ASoC: soc-pcm: fix fe and be race when accessing substream->runtime Content-Language: en-US To: Eugeniu Rosca , Liam Girdwood , Mark Brown , Jaroslav Kysela , Takashi Iwai , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org Cc: Yanmin Zhang , Eugeniu Rosca , Jiada Wang , Zhang Yanmin , Ramesh Babu , Dean Jenkins , Ramesh Babu B , xiao jin , Cezary Rojewski References: <1664210154-11552-1-git-send-email-erosca@de.adit-jv.com> From: Pierre-Louis Bossart In-Reply-To: <1664210154-11552-1-git-send-email-erosca@de.adit-jv.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-9.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/26/22 18:35, Eugeniu Rosca wrote: > From: xiao jin > > After start of fe and be, fe might go to close without triggering > STOP, and substream->runtime is freed. However, be is still at > START state and its substream->runtime still points to the > freed runtime. > > Later on, FE is opened/started again, and triggers STOP. > snd_pcm_do_stop => dpcm_fe_dai_trigger > => dpcm_fe_dai_do_trigger > => dpcm_be_dai_trigger > => dpcm_do_trigger > => soc_pcm_trigger > => skl_platform_pcm_trigger > skl_platform_pcm_trigger accesses the freed old runtime data and > kernel panic. > > The patch fixes it by assigning be_substream->runtime in > dpcm_be_dai_startup when be's state is START. Can I ask on which kernel this patch was validated and on what platform? We've done a lot of work since last year on DPCM states, and I wonder the problem mentioned above actually exists on recent kernels. Specifically, if the FE is closed, I don't get how the BE is not closed as well. And if this problem is found on a recent kernel, then it should be seen in the AVS driver as well, no? > Signed-off-by: xiao jin > Signed-off-by: Zhang Yanmin > Signed-off-by: Eugeniu Rosca > --- > sound/soc/soc-pcm.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c > index 4f60c0a83311..6ca1d02065ce 100644 > --- a/sound/soc/soc-pcm.c > +++ b/sound/soc/soc-pcm.c > @@ -1608,6 +1608,8 @@ int dpcm_be_dai_startup(struct snd_soc_pcm_runtime *fe, int stream) > if (be->dpcm[stream].users++ != 0) > continue; > > + be_substream->runtime = be->dpcm[stream].runtime; > + > if ((be->dpcm[stream].state != SND_SOC_DPCM_STATE_NEW) && > (be->dpcm[stream].state != SND_SOC_DPCM_STATE_CLOSE)) > continue; > @@ -1615,7 +1617,6 @@ int dpcm_be_dai_startup(struct snd_soc_pcm_runtime *fe, int stream) > dev_dbg(be->dev, "ASoC: open %s BE %s\n", > stream ? "capture" : "playback", be->dai_link->name); > > - be_substream->runtime = be->dpcm[stream].runtime; > err = __soc_pcm_open(be, be_substream); > if (err < 0) { > be->dpcm[stream].users--;