| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Jun 2020 14:49:42 +0200
From: Takashi Iwai <tiwai@...e.de>
To: 朱灿灿 <zhucancan@...o.com>
Cc: <tiwai@...e.com>, <perex@...ex.cz>, <alsa-devel@...a-project.org>,
<linux-kernel@...r.kernel.org>, kernel <kernel@...o.com>,
"wenhu wang" <wenhu.wang@...o.com>
Subject: Re: [PATCH] ALSA: core: Fix control device release issue
On Tue, 02 Jun 2020 11:48:04 +0200,
朱灿灿 wrote:
>
> From: zhucancan <zhucancan@...o.com>
> Date: Tue, 2 Jun 2020 16:22:57 +0800
> Subject: [PATCH] ALSA: core: Fix control device release issue
>
> We use snd_pcm_add_usr_ctls() in component's .pcm_new(),
> unfortunately snd_soc_dapm_add_routes() meets error during
> adding card->dapm_routes/of_dapm_routes, it will goto probe_end
> to call soc_cleanup_card_resources().
>
> The commit dc82e52492f6 ("ALSA: core: Assure control device
> to be registered at last") will make pcm device release is
> prior to control device release, but the control device needs
> to use pcm pointor, which is already freed by pcm device release.
>
> [ 70.056000] Unable to handle kernel paging request at virtual address ffffff80f2d2c480
> [ 70.066139] init: processing action (init.svc.media=*) from (/system/etc/init/mediaserver.rc:1)
> [ 70.076311] Mem abort info:
> [ 70.126679] ESR = 0x96000047
> [ 70.126685] EC = 0x25: DABT (current EL), IL = 32 bits
> [ 70.126689] SET = 0, FnV = 0
> [ 70.126693] EA = 0, S1PTW = 0
> [ 70.126696] Data abort info:
> [ 70.126700] ISV = 0, ISS = 0x00000047
> [ 70.126704] CM = 0, WnR = 1
> [ 70.126710] swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000a216b000
> [ 70.126715] [ffffff80f2d2c480] pgd=00000001ffb7f003, pud=00000001ffb7f003, pmd=00000001ff9e8003, pte=0068000172d2cf12
> [ 70.126731] Internal error: Oops: 96000047 [#1] PREEMPT SMP
> [ 70.126821] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G W O 5.4.12-qgki-debug-g4c7ca9f20 #10
> [ 70.126840] Workqueue: events deferred_probe_work_func$2b500e852cead69fde05a2b98ceb2fa6.cfi_jt
> [ 70.126845] pstate: 80c00005 (Nzcv daif +PAN +UAO)
> [ 70.126854] pc : pcm_usr_ctl_private_free$165f4400ee6732c7c8c8157be0f72518+0x20/0x34
> [ 70.126861] lr : snd_ctl_remove+0xf4/0x154
> [ 70.126862] sp : ffffffc01007b750
> [ 70.126865] x29: ffffffc01007b750 x28: ffffffd973c2bb2c
> [ 70.126868] x27: ffffff8107b741a0 x26: dead000000000100
> [ 70.126874] x25: 0000000000000002 x24: ffffffd973c2bb8c
> [ 70.126877] x23: ffffffd975027c80 x22: ffffffd97415437f
> [ 70.126880] x21: 0000000000000001 x20: ffffffd973c37e10
> [ 70.126883] x19: ffffff80f2d55d00 x18: ffffff80451de4d0
> [ 70.126886] x17: ffffff80f2d58000 x16: 0000000000000400
> [ 70.126889] x15: a6fe4e9bdc5a6b05 x14: 0000000000000000
> [ 70.126892] x13: ffffffff03ab5408 x12: 0000000000000001
> [ 70.126896] x11: 7079542070704120 x10: 0000000000000398
> [ 70.126899] x9 : 0000000000000001 x8 : ffffff80f2d2c398
> [ 70.126902] x7 : 0000000000000000 x6 : ffffff80f6b4d178
> [ 70.126905] x5 : ffffffd97335fe8c x4 : 0000000000000000
> [ 70.126908] x3 : ffffffc01007b650 x2 : ffffffc01007b768
> [ 70.126911] x1 : 00000000ffffffff x0 : ffffff811ff41480
> [ 70.126916] Call trace:
> [ 70.126920] pcm_usr_ctl_private_free$165f4400ee6732c7c8c8157be0f72518+0x20/0x34
Which driver or core contains this function? I can't find it in the
latest upstream code.
Overall, it looks rather like an issue of the driver side, not the
ALSA core. If the relevant control is tied with a PCM stream, it has
to be freed individually beforehand at the time when the stream gets
freed.
thanks,
Takashi
> [ 70.126923] snd_ctl_remove+0xf4/0x154
> [ 70.126927] snd_ctl_dev_free$1b8efea49186b79e6e4a39cac5748f1c+0x3c/0x70
> [ 70.126930] snd_device_free_all+0x234/0x2c8
> [ 70.126934] release_card_device$fb7328386cac0bdf1b3f2f88da79521f+0x24/0xcc
> [ 70.126941] device_release$d2fdd8912beb71f9ccc7ca72fceb0522+0x48/0x118
> [ 70.126949] kobject_cleanup+0x138/0x25c
> [ 70.126952] kobject_put+0x50/0x60
> [ 70.126955] put_device+0x14/0x20
> [ 70.126957] snd_card_free+0x60/0x98
> [ 70.126963] soc_cleanup_card_resources+0x2c/0x420
> [ 70.126966] snd_soc_bind_card+0xcc0/0xfa8
> [ 70.126968] snd_soc_register_card+0x110/0x128
> [ 70.126974] devm_snd_soc_register_card+0x4c/0x90
>
> Fixes: dc82e52492f6 ("ALSA: core: Assure control device to be registered at last")
> Signed-off-by: zhucancan <zhucancan@...o.com>
> ---
> sound/core/device.c | 8 --------
> 1 file changed, 8 deletions(-)
>
> diff --git a/sound/core/device.c b/sound/core/device.c
> index bf0b04a7ee79..1aee0f5623a2 100644
> --- a/sound/core/device.c
> +++ b/sound/core/device.c
> @@ -225,14 +225,6 @@ void snd_device_free_all(struct snd_card *card)
>
> if (snd_BUG_ON(!card))
> return;
> - list_for_each_entry_safe_reverse(dev, next, &card->devices, list) {
> - /* exception: free ctl and lowlevel stuff later */
> - if (dev->type == SNDRV_DEV_CONTROL ||
> - dev->type == SNDRV_DEV_LOWLEVEL)
> - continue;
> - __snd_device_free(dev);
> - }
> -
> /* free all */
> list_for_each_entry_safe_reverse(dev, next, &card->devices, list)
> __snd_device_free(dev);
> --
> 2.21.0
>
>
>
>
>
>
>
>
>
Powered by blists - more mailing lists