From f6714f0e5ab64ebfb32fee00c84e058ca19103f8 Mon Sep 17 00:00:00 2001 From: Daniel Baluta <daniel.baluta@nxp.com> Date: Wed, 27 Mar 2019 10:25:22 +0200 Subject: [PATCH] MLK-21144 ASoC: fsl: Fix crash with multiple open/close Because we are re-initializing the proxy at close it might happen that work is still pending which causes the following crash: [ 94.699835] Unable to handle kernel NULL pointer dereference at virtual address 00000008 [ 94.707923] Mem abort info: [ 94.710722] Exception class = DABT (current EL), IL = 32 bits [ 94.716637] SET = 0, FnV = 0 [ 94.719686] EA = 0, S1PTW = 0 [ 94.722822] Data abort info: [ 94.725698] ISV = 0, ISS = 0x00000005 [ 94.729530] CM = 0, WnR = 0 [ 94.732504] user pgtable: 4k pages, 48-bit VAs, pgd = ffff8008d9ba3000 [ 94.739035] [0000000000000008] *pgd=0000000938419003, *pud=0000000000000000 [ 94.746015] Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 94.751589] Modules linked in: [ 94.754652] CPU: 0 PID: 2068 Comm: kworker/0:2 Not tainted 4.14.98-dirty #75 [ 94.761700] Hardware name: Freescale i.MX8QM MEK (DT) [ 94.766768] task: ffff8008f23ae200 task.stack: ffff000014378000 [ 94.772705] PC is at process_one_work+0x34/0x414 [ 94.777325] LR is at process_one_work+0x1e0/0x414 In order to fix this, we make sure that no work is pending before starting the re-initialization. Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com> Reviewed-by: Shengjiu Wang <shengjiu.wang@nxp.com> (cherry picked from commit 2c00c24be5f8b63636e3f9005e15a3de42058438) --- sound/soc/fsl/fsl_dsp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/soc/fsl/fsl_dsp.c b/sound/soc/fsl/fsl_dsp.c index f5f1dbb..3573384 100644 --- a/sound/soc/fsl/fsl_dsp.c +++ b/sound/soc/fsl/fsl_dsp.c @@ -431,8 +431,12 @@ int fsl_dsp_close_func(struct xf_client *client) /* If device is free, reinitialize the resource of * dsp driver and framework */ - if (atomic_long_read(&dsp_priv->refcnt) <= 0) + if (atomic_long_read(&dsp_priv->refcnt) <= 0) { + /* we are closing up, wait for proxy processing + * function to finish */ + cancel_work_sync(&dsp_priv->proxy.work); resource_release(dsp_priv); + } mutex_unlock(&dsp_priv->dsp_mutex); -- 1.9.1