mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-09-21 03:43:03 +00:00
b54c034e58
When a USB-audio device is disconnected while PCM is still running, we still see some race: the disconnect callback calls snd_usb_endpoint_free() that calls release_urbs() and then kfree() while a PCM stream would be closed at the same time and calls stop_endpoints() that leads to wait_clear_urbs(). That is, the EP object might be deallocated while a PCM stream is syncing with wait_clear_urbs() with the same EP. Basically calling multiple wait_clear_urbs() would work fine, also calling wait_clear_urbs() and release_urbs() would work, too, as wait_clear_urbs() just reads some fields in ep. The problem is the succeeding kfree() in snd_pcm_endpoint_free(). This patch moves out the EP deallocation into the later point, the destructor callback. At this stage, all PCMs must have been already closed, so it's safe to free the objects. Reported-by: Alan Stern <stern@rowland.harvard.edu> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de> Change-Id: Ia550e71981fcf7cb36312ca458029f34471c1d1e Git-commit: 92a586bdc06de6629dae1b357dac221253f55ff8 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git [jackp@codeaurora.org: fixed minor conflict in sound/usb/endpoint.h] Signed-off-by: Jack Pham <jackp@codeaurora.org>
35 lines
1.3 KiB
C
35 lines
1.3 KiB
C
#ifndef __USBAUDIO_ENDPOINT_H
|
|
#define __USBAUDIO_ENDPOINT_H
|
|
|
|
#define SND_USB_ENDPOINT_TYPE_DATA 0
|
|
#define SND_USB_ENDPOINT_TYPE_SYNC 1
|
|
|
|
struct snd_usb_endpoint *snd_usb_add_endpoint(struct snd_usb_audio *chip,
|
|
struct usb_host_interface *alts,
|
|
int ep_num, int direction, int type);
|
|
|
|
int snd_usb_endpoint_set_params(struct snd_usb_endpoint *ep,
|
|
snd_pcm_format_t pcm_format,
|
|
unsigned int channels,
|
|
unsigned int period_bytes,
|
|
unsigned int rate,
|
|
struct audioformat *fmt,
|
|
struct snd_usb_endpoint *sync_ep);
|
|
|
|
int snd_usb_endpoint_start(struct snd_usb_endpoint *ep, bool can_sleep);
|
|
void snd_usb_endpoint_stop(struct snd_usb_endpoint *ep);
|
|
void snd_usb_endpoint_sync_pending_stop(struct snd_usb_endpoint *ep);
|
|
int snd_usb_endpoint_activate(struct snd_usb_endpoint *ep);
|
|
int snd_usb_endpoint_deactivate(struct snd_usb_endpoint *ep);
|
|
void snd_usb_endpoint_release(struct snd_usb_endpoint *ep);
|
|
void snd_usb_endpoint_free(struct list_head *head);
|
|
|
|
int snd_usb_endpoint_implicit_feedback_sink(struct snd_usb_endpoint *ep);
|
|
int snd_usb_endpoint_next_packet_size(struct snd_usb_endpoint *ep);
|
|
|
|
void snd_usb_handle_sync_urb(struct snd_usb_endpoint *ep,
|
|
struct snd_usb_endpoint *sender,
|
|
const struct urb *urb);
|
|
|
|
#endif /* __USBAUDIO_ENDPOINT_H */
|