subject:"\[PATCH\] cx18\: Fix a sleep\-in\-atomic bug in snd_cx18_pcm_hw

[PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

2017-06-01 Thread Jia-Ju Bai

The driver may sleep under a spin lock, and the function call path is:
snd_cx18_pcm_hw_free (acquire the lock by spin_lock_irqsave)
  vfree --> may sleep

To fix it, the "substream->runtime->dma_area" is passed to a temporary
value, and mark it NULL when holding the lock. The memory is freed by
vfree through the temporary value outside the lock holding.

Signed-off-by: Jia-Ju Bai 
---
 drivers/media/pci/cx18/cx18-alsa-pcm.c |5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/media/pci/cx18/cx18-alsa-pcm.c 
b/drivers/media/pci/cx18/cx18-alsa-pcm.c
index 205a98d..8c51e4c 100644
--- a/drivers/media/pci/cx18/cx18-alsa-pcm.c
+++ b/drivers/media/pci/cx18/cx18-alsa-pcm.c
@@ -257,14 +257,17 @@ static int snd_cx18_pcm_hw_free(struct snd_pcm_substream 
*substream)
 {
struct snd_cx18_card *cxsc = snd_pcm_substream_chip(substream);
unsigned long flags;
+   unsigned char *dma_area = NULL;
 
spin_lock_irqsave(>slock, flags);
if (substream->runtime->dma_area) {
dprintk("freeing pcm capture region\n");
-   vfree(substream->runtime->dma_area);
+   dma_area = substream->runtime->dma_area;
substream->runtime->dma_area = NULL;
}
spin_unlock_irqrestore(>slock, flags);
+   if (dma_area)
+   vfree(dma_area);
 
return 0;
 }
-- 
1.7.9.5

Re: [PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

2017-05-31 Thread kbuild test robot

Hi Jia-Ju,

[auto build test WARNING on linuxtv-media/master]
[also build test WARNING on v4.12-rc3 next-20170531]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Jia-Ju-Bai/cx18-Fix-a-sleep-in-atomic-bug-in-snd_cx18_pcm_hw_free/20170601-131553
base:   git://linuxtv.org/media_tree.git master
config: xtensa-allmodconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 4.9.0
reproduce:
wget 
https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=xtensa 

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   drivers/media//pci/cx18/cx18-alsa-pcm.c: In function 'snd_cx18_pcm_hw_free':
>> drivers/media//pci/cx18/cx18-alsa-pcm.c:269:2: warning: 'dma_area' may be 
>> used uninitialized in this function [-Wmaybe-uninitialized]
 vfree(dma_area);
 ^

vim +/dma_area +269 drivers/media//pci/cx18/cx18-alsa-pcm.c

   253 params_buffer_bytes(params));
   254  }
   255  
   256  static int snd_cx18_pcm_hw_free(struct snd_pcm_substream *substream)
   257  {
   258  struct snd_cx18_card *cxsc = snd_pcm_substream_chip(substream);
   259  unsigned long flags;
   260  unsigned char *dma_area;
   261  
   262  spin_lock_irqsave(>slock, flags);
   263  if (substream->runtime->dma_area) {
   264  dprintk("freeing pcm capture region\n");
   265  dma_area = substream->runtime->dma_area;
   266  substream->runtime->dma_area = NULL;
   267  }
   268  spin_unlock_irqrestore(>slock, flags);
 > 269  vfree(dma_area);
   270  
   271  return 0;
   272  }
   273  
   274  static int snd_cx18_pcm_prepare(struct snd_pcm_substream *substream)
   275  {
   276  struct snd_cx18_card *cxsc = snd_pcm_substream_chip(substream);
   277  

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: application/gzip

[PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

2017-05-31 Thread Jia-Ju Bai

The driver may sleep under a spin lock, and the function call path is:
snd_cx18_pcm_hw_free (acquire the lock by spin_lock_irqsave)
  vfree --> may sleep

To fix it, the "substream->runtime->dma_area" is passed to a temporary 
value, and mark it NULL when holding the lock. The memory is freed by 
vfree through the temporary value outside the lock holding.

Signed-off-by: Jia-Ju Bai 
---
 drivers/media/pci/cx18/cx18-alsa-pcm.c |4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/media/pci/cx18/cx18-alsa-pcm.c 
b/drivers/media/pci/cx18/cx18-alsa-pcm.c
index 205a98d..ba83147 100644
--- a/drivers/media/pci/cx18/cx18-alsa-pcm.c
+++ b/drivers/media/pci/cx18/cx18-alsa-pcm.c
@@ -257,14 +257,16 @@ static int snd_cx18_pcm_hw_free(struct snd_pcm_substream 
*substream)
 {
struct snd_cx18_card *cxsc = snd_pcm_substream_chip(substream);
unsigned long flags;
+   unsigned char *dma_area;
 
spin_lock_irqsave(>slock, flags);
if (substream->runtime->dma_area) {
dprintk("freeing pcm capture region\n");
-   vfree(substream->runtime->dma_area);
+   dma_area = substream->runtime->dma_area;
substream->runtime->dma_area = NULL;
}
spin_unlock_irqrestore(>slock, flags);
+   vfree(dma_area);
 
return 0;
 }
-- 
1.7.9.5

[PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

Re: [PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

[PATCH] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free

3 matches

Site Navigation

Mail list logo

Footer information