From: Takashi Iwai <tiwai@suse.de>
To: Cezary Rojewski <cezary.rojewski@intel.com>
Cc: alsa-devel@alsa-project.org,
pierre-louis.bossart@linux.intel.com, tiwai@suse.com,
hdegoede@redhat.com, broonie@kernel.org,
amadeuszx.slawinski@linux.intel.com
Subject: Re: [PATCH] ALSA: hda: Do not unset preset when cleaning up codec
Date: Tue, 17 Jan 2023 17:01:48 +0100 [thread overview]
Message-ID: <87edrt6tg3.wl-tiwai@suse.de> (raw)
In-Reply-To: <20230117154734.950487-1-cezary.rojewski@intel.com>
On Tue, 17 Jan 2023 16:47:34 +0100,
Cezary Rojewski wrote:
>
> Several functions that take part in codec's initialization and removal
> are re-used by ASoC codec drivers implementations. Drivers mimic the
> behavior of hda_codec_driver_probe/remove() found in
> sound/pci/hda/hda_bind.c with their component->probe/remove() instead.
>
> One of the reasons for that is the expectation of
> snd_hda_codec_device_new() to receive a valid struct snd_card pointer
> what cannot be fulfilled on ASoC side until a card is attempted to be
> bound and its component probing is triggered.
>
> As ASoC sound card may be unbound without codec device being actually
> removed from the system, unsetting ->preset in
> snd_hda_codec_cleanup_for_unbind() interferes with module unload -> load
> scenario causing null-ptr-deref. Preset is assigned only once, during
> device/driver matching whereas ASoC codec driver's module reloading may
> occur several times throughout the lifetime of an audio stack.
>
> Signed-off-by: Cezary Rojewski <cezary.rojewski@intel.com>
> ---
>
> This is a continuation of a discussion that begun in the middle of 2022
> [1] and was part of a larger series addressing several HDAudio topics.
>
> Single rmmod on ASoC's codec driver module is enough to cause a panic.
> Given our results, no regression shows up with modprobe/rmmod on
> snd_hda_intel side with this patch applied.
I think one possible regression by this change would be the case you
reload another codec driver. With keeping codec->preset, it's still
thought as if already matched, and a wrong one could be used.
And, this would be nothing but a leak of the possibly freed address.
After hda_codec_driver_remove(), card->preset may point to an already
freed address.
So, just removing isn't right. It has to be cleared somewhere
instead, e.g. in hda_bind.c.
But, one thing I'm still concerned is that your comment about the call
without the card binding. Do you mean that the
snd_hda_codec_cleanup_for_unbind() may be called even if codec->card
isn't set?
thanks,
Takashi
next prev parent reply other threads:[~2023-01-17 16:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 15:47 [PATCH] ALSA: hda: Do not unset preset when cleaning up codec Cezary Rojewski
2023-01-17 15:48 ` Pierre-Louis Bossart
2023-01-18 11:38 ` Cezary Rojewski
2023-01-18 11:47 ` Cezary Rojewski
2023-01-17 16:01 ` Takashi Iwai [this message]
2023-01-18 12:04 ` Cezary Rojewski
2023-01-18 12:32 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87edrt6tg3.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=amadeuszx.slawinski@linux.intel.com \
--cc=broonie@kernel.org \
--cc=cezary.rojewski@intel.com \
--cc=hdegoede@redhat.com \
--cc=pierre-louis.bossart@linux.intel.com \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.