kernel-fxtec-pro1x/include/sound
KaiChieh Chuang cae336fb06 From bbfaa7d36c1eb465f120f2a3dfe25c1fe022195d Mon Sep 17 00:00:00 2001
From: KaiChieh Chuang <kaichieh.chuang@mediatek.com>
Date: Thu, 7 Mar 2019 07:51:09 +0800
Subject: [PATCH] ASoC: dpcm: prevent snd_soc_dpcm use after free

The dpcm get from fe_clients/be_clients
may be free before use

Add a spin lock at snd_soc_card level,
to protect the dpcm instance.
The lock may be used in atomic context, so use spin lock.

possible race condition between
void dpcm_be_disconnect(
	...
	list_del(&dpcm->list_be);
	list_del(&dpcm->list_fe);
	kfree(dpcm);
	...

and
	for_each_dpcm_fe()
	for_each_dpcm_be*()

race condition example
Thread 1:
    snd_soc_dapm_mixer_update_power()
        -> soc_dpcm_runtime_update()
            -> dpcm_be_disconnect()
                -> kfree(dpcm);
Thread 2:
    dpcm_fe_dai_trigger()
        -> dpcm_be_dai_trigger()
            -> snd_soc_dpcm_can_be_free_stop()
                -> if (dpcm->fe == fe)

Excpetion Scenario:
	two FE link to same BE
	FE1 -> BE
	FE2 ->

	Thread 1: switch of mixer between FE2 -> BE
	Thread 2: pcm_stop FE1

Exception:

Unable to handle kernel paging request at virtual address dead0000000000e0

pc=<> [<ffffff8960e2cd10>] dpcm_be_dai_trigger+0x29c/0x47c
	sound/soc/soc-pcm.c:3226
		if (dpcm->fe == fe)
lr=<> [<ffffff8960e2f694>] dpcm_fe_dai_do_trigger+0x94/0x26c

Backtrace:
[<ffffff89602dba80>] notify_die+0x68/0xb8
[<ffffff896028c7dc>] die+0x118/0x2a8
[<ffffff89602a2f84>] __do_kernel_fault+0x13c/0x14c
[<ffffff89602a27f4>] do_translation_fault+0x64/0xa0
[<ffffff8960280cf8>] do_mem_abort+0x4c/0xd0
[<ffffff8960282ad0>] el1_da+0x24/0x40
[<ffffff8960e2cd10>] dpcm_be_dai_trigger+0x29c/0x47c
[<ffffff8960e2f694>] dpcm_fe_dai_do_trigger+0x94/0x26c
[<ffffff8960e2edec>] dpcm_fe_dai_trigger+0x3c/0x44
[<ffffff8960de5588>] snd_pcm_do_stop+0x50/0x5c
[<ffffff8960dded24>] snd_pcm_action+0xb4/0x13c
[<ffffff8960ddfdb4>] snd_pcm_drop+0xa0/0x128
[<ffffff8960de69bc>] snd_pcm_common_ioctl+0x9d8/0x30f0
[<ffffff8960de1cac>] snd_pcm_ioctl_compat+0x29c/0x2f14
[<ffffff89604c9d60>] compat_SyS_ioctl+0x128/0x244
[<ffffff8960283740>] el0_svc_naked+0x34/0x38
[<ffffffffffffffff>] 0xffffffffffffffff.

Change-Id: Ia3df59e2881f7242d3d618c33d4fdf7e51b31859
Signed-off-by: KaiChieh Chuang <kaichieh.chuang@mediatek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Git-commit: bbfaa7d36c1eb465f120f2a3dfe25c1fe022195d
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
2021-07-06 10:08:25 +05:30
..
ac97 ASoC: ac97: convert to SPDX identifiers 2018-07-02 10:56:09 +01:00
ac97_codec.h ASoC: ac97: convert to SPDX identifiers 2018-07-02 10:56:09 +01:00
aci.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ad1816a.h ALSA: ad1816a: Remove always NULL parameters 2015-01-02 16:26:20 +01:00
ad1843.h
adau1373.h
aess.h
ak4xxx-adda.h
ak4113.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4114.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4117.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4531_codec.h
ak4641.h
alc5623.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
asequencer.h
asound.h
asoundef.h
compress_driver.h Revert "ALSA: compress: fix partial_drain completion state" 2020-07-17 07:54:52 +02:00
control.h ALSA: control: Hardening for potential Spectre v1 2018-04-25 10:37:46 +02:00
core.h ANDROID: GKI: ALSA: core: Add snd_soc_card_change_online_state() API 2020-03-23 12:21:04 -07:00
cs35l33.h ASoC: cs35l33: Initial commit of the cs35l33 CODEC driver. 2016-06-27 17:39:06 +01:00
cs35l34.h ASoC: cs35l34: Initial commit of the cs35l34 CODEC driver. 2016-10-21 12:02:44 +01:00
cs35l35.h ASoC: cs35l35: Add Boost Inductor Calculation 2017-05-19 17:31:34 +01:00
cs42l52.h
cs42l56.h
cs42l73.h
cs4231-regs.h
cs4271.h
cs8403.h
cs8427.h
da7213.h ASoC: da7213: Add support to handle mclk data provided to driver 2015-10-07 15:11:34 +01:00
da7218.h ASoC: da7218: Add da7218 codec driver 2015-11-30 12:24:12 +00:00
da7219-aad.h ASoC: codecs: Add da7219 codec driver 2015-10-02 18:11:27 +01:00
da7219.h ASoC: da7219: Add common clock usage for providing DAI clks 2018-03-09 17:40:41 +00:00
da9055.h
designware_i2s.h ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc driver 2017-06-28 19:01:12 +01:00
dmaengine_pcm.h ASoC: soc-generic-dmaengine-pcm: convert to SPDX identifiers 2018-07-02 10:55:52 +01:00
emu10k1.h ALSA: emu10k1: Reduce GFP_ATOMIC allocation 2018-04-16 14:01:53 +02:00
emu10k1_synth.h
emu8000.h
emu8000_reg.h
emux_legacy.h
emux_synth.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
es1688.h ALSA: es1688: Remove almost always NULL parameter 2015-01-02 16:27:03 +01:00
gus.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
hda_chmap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_component.h ALSA: hda: Make audio component support more generic 2018-07-17 22:25:48 +02:00
hda_hwdep.h
hda_i915.h ALSA: hda: Make audio component support more generic 2018-07-17 22:25:48 +02:00
hda_register.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_regmap.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hda_verbs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hdaudio.h ASoC: Fixes for v4.19 2018-09-17 18:59:21 +02:00
hdaudio_ext.h ALSA: hdac: add extended ops in the hdac_bus 2018-06-28 07:33:29 +02:00
hdmi-codec.h ASoC: hdmi-codec: add .get_dai_id support 2017-05-24 18:45:29 +01:00
hwdep.h ->poll() methods should return __poll_t 2017-11-27 16:19:52 -05:00
i2c.h ALSA: i2c: constify snd_i2c_ops structures 2015-11-30 11:40:08 +01:00
info.h ANDROID: GKI: ALSA: core: modify, rename and export create_subdir API 2020-04-09 12:47:53 -07:00
initval.h
jack.h ANDROID: GKI: ASoC: jack: Fix buttons enum value 2020-04-17 00:42:38 +00:00
l3.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
max9768.h
max98088.h
max98090.h
max98095.h
memalloc.h ALSA: memalloc: Fix missing PAGE_SIZE definition 2018-07-30 12:02:24 +01:00
minors.h
mixer_oss.h ALSA: Use IS_ENABLED() in common headers 2017-05-17 07:13:04 +02:00
mpu401.h
omap-hdmi-audio.h drm: omapdrm: hdmi: Pass HDMI core version as integer to HDMI audio 2017-08-16 12:52:41 +03:00
opl3.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
opl4.h
pcm-indirect.h ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers 2017-05-25 23:34:45 +02:00
pcm.h ANDROID: GKI: ALSA: pcm: add locks for accessing runtime resource 2020-04-17 20:04:53 -07:00
pcm_drm_eld.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_iec958.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_oss.h ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams 2018-03-23 22:18:05 +01:00
pcm_params.h Merge remote-tracking branch 'origin_4.19/tmp-0567d2f' into msm-4.19 2018-12-20 17:43:16 -08:00
pt2258.h
pxa2xx-lib.h ASoC: pxa: move some functions to pxa2xx-lib 2018-06-29 12:05:04 +01:00
rawmidi.h ALSA: rawmidi: Fix racy buffer resize under concurrent accesses 2020-05-20 08:18:47 +02:00
rt286.h
rt298.h ASoC: add rt298 codec driver 2015-07-09 12:00:11 +01:00
rt5514.h ASoC: rt5514: The DSP clock can be calibrated by the other clock source 2017-11-07 11:23:36 +01:00
rt5645.h ASoC: rt5645: Set card long_name for GPD win / pocket 2017-12-12 10:41:56 +00:00
rt5659.h ASoC: rt5659: Add the support of Intel HDA Header 2018-02-12 09:31:26 +00:00
rt5660.h ASoC: rt5660: add rt5660 codec driver 2016-09-24 19:51:57 +01:00
rt5663.h ASoC: rt5663: Add the function of impedance sensing 2017-09-19 12:57:59 +01:00
rt5665.h treewide: Remove remaining executable attributes from source files 2017-02-25 12:12:50 -08:00
rt5668.h ASoC: rt5668: add rt5668B codec driver 2018-04-16 19:24:32 +01:00
rt5670.h ASoC: rt5670: Add new gpio1_is_ext_spk_en quirk and enable it on the Lenovo Miix 2 10 2020-07-29 10:16:58 +02:00
rt5682.h ASoC: rt5682: add rt5682 codec driver 2018-06-18 12:54:38 +01:00
s3c24xx_uda134x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sb.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
sb16_csp.h ALSA: sb: Fix sparse warning wrt PCM format type 2018-07-27 09:05:33 +02:00
seq_device.h ALSA: seq: Define driver object in each driver 2015-02-12 14:15:54 +01:00
seq_kernel.h ALSA: seq: Avoid invalid lockdep class warning 2017-11-06 20:25:31 +01:00
seq_midi_emul.h
seq_midi_event.h ALSA: seq: Minor cleanup of MIDI event parser helpers 2018-08-01 22:54:35 +02:00
seq_oss.h
seq_oss_legacy.h
seq_virmidi.h ALSA: seq: virmidi: Use READ_ONCE/WRITE_ONCE() macros 2018-07-30 14:52:30 +02:00
sh_dac_audio.h
sh_fsi.h ASoC: fsi: convert to SPDX identifiers 2018-08-02 10:56:59 +01:00
simple_card.h ASoC: simple-card: convert to SPDX identifiers 2018-07-02 10:52:47 +01:00
simple_card_utils.h ASoC: simple-card-utils: convert to SPDX identifiers 2018-07-02 10:52:52 +01:00
snd_wavefront.h ASoC: Updates for v4.15 2017-11-13 15:45:57 +01:00
soc-acpi-intel-match.h ASoC: soc-acpi: convert to SPDX identifiers 2018-07-02 10:55:27 +01:00
soc-acpi.h ASoC: soc-acpi: convert to SPDX identifiers 2018-07-02 10:55:27 +01:00
soc-dai.h ASoC: core: add support to snd_soc_dai_get_channel_map() 2018-07-24 12:06:43 +01:00
soc-dapm.h Merge android-4.19-q.79 (40321f2) into msm-4.19 2019-10-21 05:07:30 -07:00
soc-dpcm.h ASoC: Cold start latency reduction 2018-09-22 05:56:22 -07:00
soc-topology.h ASoC: soc-topology: convert to SPDX identifiers 2018-07-02 10:55:42 +01:00
soc.h From bbfaa7d36c1eb465f120f2a3dfe25c1fe022195d Mon Sep 17 00:00:00 2001 2021-07-06 10:08:25 +05:30
soundfont.h
spear_dma.h ASoC: Update email-id of Rajeev Kumar 2015-04-28 16:31:01 +01:00
spear_spdif.h
sta32x.h ASoC: sta32x: add device tree binding. 2015-01-27 17:13:25 +00:00
sta350.h
tas2552-plat.h
tas5086.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tea6330t.h
timer.h ALSA: timer: Limit max instances per timer 2017-11-06 10:41:24 +01:00
tlv.h ALSA: control: cage TLV_DB_RANGE_HEAD in kernel land because it was obsoleted 2016-09-25 22:16:49 +02:00
tlv320aic3x.h
tlv320aic32x4.h ASoC: tlv320aic32x4: Add gpio configuration to the codec 2017-07-17 16:22:28 +01:00
tlv320dac33-plat.h
tpa6130a2-plat.h
uda134x.h ASoC: uda134x: Remove is_powered_on_standby from platform data 2014-11-24 18:04:49 +00:00
uda1380.h
util_mem.h
vx_core.h ALSA: vx: Use nonatomic PCM ops 2014-09-15 15:52:03 +02:00
wavefront.h
wcd-dsp-mgr.h spdx: Modify spdx tag from GPL-2.0 to GPL-2.0-only 2018-12-10 11:09:45 -08:00
wcd-spi.h spdx: Modify spdx tag from GPL-2.0 to GPL-2.0-only 2018-12-10 11:09:45 -08:00
wm0010.h
wm1250-ev1.h
wm2000.h
wm2200.h
wm5100.h
wm8903.h
wm8904.h ASoC: wm8904: Correct number of EQ registers 2015-10-20 15:46:09 +01:00
wm8955.h
wm8960.h
wm8962.h
wm8993.h
wm8996.h
wm9081.h
wm9090.h
wss.h ALSA: wss: Remove (almost) always NULL parameters 2015-01-02 16:30:08 +01:00