Skip to main content

Browse the archive

https://github.com/torvalds/linux
13 July 2024, 08:20:57 UTC
Revision 92a586bdc06de6629dae1b357dac221253f55ff8 authored by Takashi Iwai on 25 June 2014, 12:24:47 UTC, committed by Takashi Iwai on 26 June 2014, 08:33:35 UTC 
ALSA: usb-audio: Fix races at disconnection and PCM closing
 
When a USB-audio device is disconnected while PCM is still running, we
still see some race: the disconnect callback calls
snd_usb_endpoint_free() that calls release_urbs() and then kfree()
while a PCM stream would be closed at the same time and calls
stop_endpoints() that leads to wait_clear_urbs().  That is, the EP
object might be deallocated while a PCM stream is syncing with
wait_clear_urbs() with the same EP.

Basically calling multiple wait_clear_urbs() would work fine, also
calling wait_clear_urbs() and release_urbs() would work, too, as
wait_clear_urbs() just reads some fields in ep.  The problem is the
succeeding kfree() in snd_pcm_endpoint_free().

This patch moves out the EP deallocation into the later point, the
destructor callback.  At this stage, all PCMs must have been already
closed, so it's safe to free the objects.

Reported-by: Alan Stern <stern@rowland.harvard.edu>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
1 parent 8b3dfda
History
Tip revision: 92a586bdc06de6629dae1b357dac221253f55ff8 authored by Takashi Iwai on 25 June 2014, 12:24:47 UTC
ALSA: usb-audio: Fix races at disconnection and PCM closing
Tip revision: 92a586b
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.gitignore -rw-r--r-- 1.1 KB
.mailmap -rw-r--r-- 4.4 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 93.6 KB
Kbuild -rw-r--r-- 2.5 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 275.0 KB
Makefile -rw-r--r-- 50.8 KB
README -rw-r--r-- 18.3 KB
REPORTING-BUGS -rw-r--r-- 7.3 KB

README

back to top