From: Mark Brown <broonie@opensource.wolfsonmicro.com>
To: Daniel Mack <daniel@caiaq.de>
Cc: alsa-devel@alsa-project.org,
Sven Neumann <s.neumann@raumfeld.com>,
Liam Girdwood <lrg@slimlogic.co.uk>
Subject: Re: Memory corruption in ASoC
Date: Thu, 18 Mar 2010 16:43:06 +0000 [thread overview]
Message-ID: <20100318164305.GB6142@rakim.wolfsonmicro.main> (raw)
In-Reply-To: <20100318161755.GJ30801@buzzloop.caiaq.de>
On Thu, Mar 18, 2010 at 05:17:55PM +0100, Daniel Mack wrote:
> So the first stream (PLAYBACK) already exported its dma_data which is
> now freed by the code initializing the second stream (CAPTURE).
> This corrupts all existing users of course, and in this particular case,
> the cleanup in __pxa2xx_pcm_hw_free() dereferences a pointer which is
> bogus.
> What I really don't understand is why this didn't crash a lot earlier
> for many more users.
> So how is this supposed to be fixed? Should dma_data become a member of
> some per-stream instance? I believe that also other platforms than PXA
> are actually affected - am I right?
It should really be per-substream, yes.
It's relatively hard to trigger problems on a lot of platform since the
DAI data pointer is often only really used at stream setup, meaning that
triggering a problem requires that a system not only does simultaneous
playback and capture but also has overlapping startup of the two. PXA
is also very rare in doing dynamic allocation here, most drivers use
statically allocated resources which would make any problems much less
obvious.
There's some more generic issues there to do with imposing constraints
but that's a separate thing.
next prev parent reply other threads:[~2010-03-18 16:43 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-18 16:17 Memory corruption in ASoC Daniel Mack
2010-03-18 16:43 ` Mark Brown [this message]
2010-03-18 16:48 ` Daniel Mack
2010-03-18 17:07 ` Mark Brown
2010-03-18 17:35 ` Liam Girdwood
2010-03-18 18:08 ` [PATCH] ALSA: ASoC: move dma_data from snd_soc_dai to snd_soc_pcm_stream Daniel Mack
2010-03-18 18:11 ` Daniel Mack
2010-03-18 18:22 ` Mark Brown
2010-03-18 18:28 ` Daniel Mack
2010-03-18 19:23 ` Daniel Mack
2010-03-19 6:56 ` Peter Ujfalusi
2010-03-19 7:08 ` Daniel Mack
2010-03-19 15:14 ` Mark Brown
2010-03-19 18:39 ` Daniel Mack
2010-03-19 19:54 ` Mark Brown
2010-03-20 14:54 ` Daniel Mack
2010-03-20 15:30 ` Mark Brown
2010-03-20 15:39 ` Daniel Mack
2010-03-20 16:14 ` Mark Brown
2010-03-22 9:10 ` Daniel Mack
2010-03-22 9:11 ` Daniel Mack
2010-04-01 17:18 ` Daniel Mack
2010-03-20 15:43 ` Daniel Mack
2010-03-19 9:14 ` Jarkko Nikula
2010-03-19 8:50 ` Liam Girdwood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100318164305.GB6142@rakim.wolfsonmicro.main \
--to=broonie@opensource.wolfsonmicro.com \
--cc=alsa-devel@alsa-project.org \
--cc=daniel@caiaq.de \
--cc=lrg@slimlogic.co.uk \
--cc=s.neumann@raumfeld.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).