On Tue, 20 Oct 2015 13:40:00 +0200, Lars-Peter Clausen wrote: > > On 10/20/2015 01:17 PM, Takashi Iwai wrote: > > On Tue, 20 Oct 2015 11:46:31 +0200, > > Lars-Peter Clausen wrote: > >> > >> Use the new dmaengine_synchronize() function to make sure that all complete > >> callbacks have finished running before the runtime data, which is accessed > >> in the completed callback, is freed. > >> > >> This fixes a long standing use-after-free race condition that has been > >> observed on some systems. > > > > What if a substream is restarted immediately after the stop? > > > > What can happen is that you get a complete callback and the associated > snd_pcm_period_elapsed() too early, before the period has actually elapsed, > but I don't think that this is a problem if the DMA driver properly > implements residue reporting. > > This fails if we rely on period counting, but that is broken anyway and > already prone to other race conditions. > > I've tested this series with xrun injection and some modifications to the > DMA driver to always trigger the race condition when the stream is stopped. > And I've not seen any issues after the transfer re-started. (There is a > dead-lock condition though but that does not seem to be related to this > series)
OK, then I'm fine with the changes. I suppose this will go through dmaengine tree? If so, feel free to take my ack: Reviewed-by: Takashi Iwai <[email protected]> thanks, Takashi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
