diff options
| author | Jarkko Nikula <jarkko.nikula@linux.intel.com> | 2014-04-24 03:34:36 -0400 |
|---|---|---|
| committer | Mark Brown <broonie@linaro.org> | 2014-04-24 06:32:23 -0400 |
| commit | de30a2ccb20d9baf5dac8a9c8ba8f0d9d5f4361e (patch) | |
| tree | 1cc24f2b3e6bbd1727f7cc758fa126c3cab9cc39 | |
| parent | d132cb0a162fa55c82e06b771fcaa871d30c9398 (diff) | |
ASoC: Intel: Cancel hsw_notification_work before freeing the stream
I suppose there is a possibility that hsw_notification_work() may run after
sst_hsw_stream_free() which can lead to a kernel crash since struct
sst_hsw_stream is freed at that point and
stream = container_of(work, struct sst_hsw_stream, notify_work) is not valid
when hsw_notification_work() is run.
Reported-by: Derek Basehore <dbasehore@chromium.org>
Reported-by: Wenkai Du <wenkai.du@intel.com>
Signed-off-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
| -rw-r--r-- | sound/soc/intel/sst-haswell-ipc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sound/soc/intel/sst-haswell-ipc.c b/sound/soc/intel/sst-haswell-ipc.c index 6c0b4f247a86..5bcf5963a0ba 100644 --- a/sound/soc/intel/sst-haswell-ipc.c +++ b/sound/soc/intel/sst-haswell-ipc.c | |||
| @@ -1207,6 +1207,7 @@ int sst_hsw_stream_free(struct sst_hsw *hsw, struct sst_hsw_stream *stream) | |||
| 1207 | trace_hsw_stream_free_req(stream, &stream->free_req); | 1207 | trace_hsw_stream_free_req(stream, &stream->free_req); |
| 1208 | 1208 | ||
| 1209 | out: | 1209 | out: |
| 1210 | cancel_work_sync(&stream->notify_work); | ||
| 1210 | spin_lock_irqsave(&sst->spinlock, flags); | 1211 | spin_lock_irqsave(&sst->spinlock, flags); |
| 1211 | list_del(&stream->node); | 1212 | list_del(&stream->node); |
| 1212 | kfree(stream); | 1213 | kfree(stream); |