diff options
| author | Jia-Ju Bai <baijiaju1990@163.com> | 2017-06-01 10:17:51 +0300 |
|---|---|---|
| committer | Mauro Carvalho Chehab <mchehab@s-opensource.com> | 2017-06-07 18:28:50 +0300 |
| commit | a3dbff6eecad72333bae656681331aab27adee4d (patch) | |
| tree | 8d45015d2cc3f36ca0f76e68571e3f831aa132cf | |
| parent | d989dc20c508cd82e2a95ff5d6c4bb091803f1c8 (diff) | |
| download | linux-a3dbff6eecad72333bae656681331aab27adee4d.tar.xz | |
[media] cx18: Fix a sleep-in-atomic bug in snd_cx18_pcm_hw_free
The driver may sleep under a spin lock, and the function call path is:
snd_cx18_pcm_hw_free (acquire the lock by spin_lock_irqsave)
vfree --> may sleep
To fix it, the "substream->runtime->dma_area" is passed to a temporary
value, and mark it NULL when holding the lock. The memory is freed by
vfree through the temporary value outside the lock holding.
Signed-off-by: Jia-Ju Bai <baijiaju1990@163.com>
[hans.verkuil@cisco.com: removed unnecessary 'if (dma_area)']
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
| -rw-r--r-- | drivers/media/pci/cx18/cx18-alsa-pcm.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/media/pci/cx18/cx18-alsa-pcm.c b/drivers/media/pci/cx18/cx18-alsa-pcm.c index 205a98da877c..f68ee57a9ae2 100644 --- a/drivers/media/pci/cx18/cx18-alsa-pcm.c +++ b/drivers/media/pci/cx18/cx18-alsa-pcm.c @@ -257,14 +257,16 @@ static int snd_cx18_pcm_hw_free(struct snd_pcm_substream *substream) { struct snd_cx18_card *cxsc = snd_pcm_substream_chip(substream); unsigned long flags; + unsigned char *dma_area = NULL; spin_lock_irqsave(&cxsc->slock, flags); if (substream->runtime->dma_area) { dprintk("freeing pcm capture region\n"); - vfree(substream->runtime->dma_area); + dma_area = substream->runtime->dma_area; substream->runtime->dma_area = NULL; } spin_unlock_irqrestore(&cxsc->slock, flags); + vfree(dma_area); return 0; } |