ALSA: pcm: use lock to protect substream runtime resource
Use a spinlock to protect runtime resource in substream
against race conditions which may lead to use-after-free.
CRs-fixed: 2112713
Change-Id: I37dee68cad5eae05b21cfade3dabc0c2b79be6b8
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
diff --git a/sound/core/pcm.c b/sound/core/pcm.c
index a2c2f06..4fc68b1 100644
--- a/sound/core/pcm.c
+++ b/sound/core/pcm.c
@@ -742,6 +742,7 @@
}
substream->group = &substream->self_group;
spin_lock_init(&substream->self_group.lock);
+ spin_lock_init(&substream->runtime_lock);
mutex_init(&substream->self_group.mutex);
INIT_LIST_HEAD(&substream->self_group.substreams);
list_add_tail(&substream->link_list, &substream->self_group.substreams);
@@ -1020,9 +1021,11 @@
void snd_pcm_detach_substream(struct snd_pcm_substream *substream)
{
struct snd_pcm_runtime *runtime;
+ unsigned long flags = 0;
if (PCM_RUNTIME_CHECK(substream))
return;
+ spin_lock_irqsave(&substream->runtime_lock, flags);
runtime = substream->runtime;
if (runtime->private_free != NULL)
runtime->private_free(runtime);
@@ -1036,6 +1039,7 @@
put_pid(substream->pid);
substream->pid = NULL;
substream->pstr->substream_opened--;
+ spin_unlock_irqrestore(&substream->runtime_lock, flags);
}
static ssize_t show_pcm_class(struct device *dev,