From: Eldad Zack <eldad@fogrefinery.com>
To: Takashi Iwai <tiwai@suse.de>,
Clemens Ladisch <clemens@ladisch.de>,
Daniel Mack <zonque@gmail.com>,
Nikolay Martynov <mar.kolya@gmail.com>
Cc: alsa-devel@alsa-project.org, Eldad Zack <eldad@fogrefinery.com>
Subject: [PATCH v4 03/15] ALSA: usb-audio: prevent NULL dereference on stop trigger
Date: Sun, 6 Oct 2013 22:31:08 +0200 [thread overview]
Message-ID: <1381091480-23636-4-git-send-email-eldad@fogrefinery.com> (raw)
In-Reply-To: <1381091480-23636-1-git-send-email-eldad@fogrefinery.com>
If an endpoint uses another endpoint for synchronization, and the
other endpoint is stopped, an oops will occur on NULL dereference.
Clearing the prepare/retire callbacks solves this issue.
v2: Thanks to Daniel Mack, fixed (an ironic) NULL dereference when
the pcm substream is opened and closed immediately.
Signed-off-by: Eldad Zack <eldad@fogrefinery.com>
---
sound/usb/pcm.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c
index 1a9a018..525bc8c 100644
--- a/sound/usb/pcm.c
+++ b/sound/usb/pcm.c
@@ -1205,6 +1205,11 @@ static int snd_usb_pcm_close(struct snd_pcm_substream *substream, int direction)
subs->interface = -1;
}
+ if (subs->data_endpoint) {
+ subs->data_endpoint->prepare_data_urb = NULL;
+ subs->data_endpoint->retire_data_urb = NULL;
+ }
+
subs->pcm_substream = NULL;
snd_usb_autosuspend(subs->stream->chip);
@@ -1535,6 +1540,8 @@ static int snd_usb_substream_playback_trigger(struct snd_pcm_substream *substrea
subs->running = 1;
return 0;
case SNDRV_PCM_TRIGGER_STOP:
+ subs->data_endpoint->prepare_data_urb = NULL;
+ subs->data_endpoint->retire_data_urb = NULL;
stop_endpoints(subs, false);
subs->running = 0;
return 0;
@@ -1565,6 +1572,7 @@ static int snd_usb_substream_capture_trigger(struct snd_pcm_substream *substream
subs->running = 1;
return 0;
case SNDRV_PCM_TRIGGER_STOP:
+ subs->data_endpoint->retire_data_urb = NULL;
stop_endpoints(subs, false);
subs->running = 0;
return 0;
--
1.8.1.5
next prev parent reply other threads:[~2013-10-06 20:31 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-06 20:31 [PATCH v4 00/15] ALSA: usb-audio: fix playback/capture concurrent usage Eldad Zack
2013-10-06 20:31 ` [PATCH v4 01/15] ALSA: usb-audio: remove unused parameter from sync_ep_set_params Eldad Zack
2013-10-06 20:31 ` [PATCH v4 02/15] ALSA: usb-audio: remove deactivate_endpoints() Eldad Zack
2013-10-06 20:31 ` Eldad Zack [this message]
2013-10-07 8:57 ` [PATCH v4 03/15] ALSA: usb-audio: prevent NULL dereference on stop trigger Takashi Iwai
2013-10-06 20:31 ` [PATCH v4 04/15] ALSA: usb-audio: don't deactivate URBs on in-use EP Eldad Zack
2013-10-06 20:31 ` [PATCH v4 05/15] ALSA: usb-audio: void return type of snd_usb_endpoint_deactivate() Eldad Zack
2013-10-06 20:31 ` [PATCH v4 06/15] ALSA: usb-audio: clear SUBSTREAM_FLAG_SYNC_EP_STARTED on error Eldad Zack
2013-10-06 20:31 ` [PATCH v4 07/15] ALSA: usb-audio: correct ep use_count semantics (add set_param flag) Eldad Zack
2013-10-07 9:21 ` Takashi Iwai
2013-10-07 19:31 ` Eldad Zack
2013-10-08 7:01 ` Takashi Iwai
2013-10-06 20:31 ` [PATCH v4 08/15] ALSA: usb-audio: rename alt_idx to altsetting Eldad Zack
2013-10-06 20:31 ` [PATCH v4 09/15] ALSA: usb-audio: conditional interface altsetting Eldad Zack
2013-10-07 10:34 ` Takashi Iwai
2013-10-07 18:00 ` Eldad Zack
2013-10-07 18:23 ` Clemens Ladisch
2013-10-07 19:31 ` Takashi Iwai
2013-10-06 20:31 ` [PATCH v4 10/15] ALSA: usb-audio: conditional concurrent usage of endpoint Eldad Zack
2013-10-06 20:31 ` [PATCH v4 11/15] ALSA: usb-audio: remove altset_idx from snd_usb_substream Eldad Zack
2013-10-06 20:31 ` [PATCH v4 12/15] ALSA: usb-audio: remove unused endpoint flag EP_FLAG_ACTIVATED Eldad Zack
2013-10-06 20:31 ` [PATCH v4 13/15] ALSA: usb-audio: clear sync subs hw_params Eldad Zack
2013-10-06 20:31 ` [PATCH v4 14/15] ALSA: usb-audio: always wait in start_endpoints Eldad Zack
2013-10-07 9:26 ` Takashi Iwai
2013-10-07 19:26 ` Eldad Zack
2013-10-08 7:05 ` Takashi Iwai
2013-10-08 19:25 ` Eldad Zack
2013-10-06 20:31 ` [PATCH v4 15/15] ALSA: usb-audio: improve logging messages Eldad Zack
2013-10-07 9:23 ` Takashi Iwai
2013-10-07 9:30 ` [PATCH v4 00/15] ALSA: usb-audio: fix playback/capture concurrent usage Takashi Iwai
2013-10-07 17:20 ` Eldad Zack
2013-10-28 17:45 ` Nikolay Martynov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381091480-23636-4-git-send-email-eldad@fogrefinery.com \
--to=eldad@fogrefinery.com \
--cc=alsa-devel@alsa-project.org \
--cc=clemens@ladisch.de \
--cc=mar.kolya@gmail.com \
--cc=tiwai@suse.de \
--cc=zonque@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.