Re: [alsa-devel] unload Audio drivers while playback stream is active case kernel crash

From: Takashi Iwai
Date: Wed Jan 14 2015 - 03:47:33 EST

Next message: Qais Yousef: "[PATCH v4] ALSA: ASoC: soc-compress.c: fix NULL dereference"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 032/150] Bluetooth: 6lowpan: fix skb_unshare behaviour"
In reply to: Lars-Peter Clausen: "Re: [alsa-devel] unload Audio drivers while playback stream is active case kernel crash"
Next in thread: Lars-Peter Clausen: "Re: [alsa-devel] unload Audio drivers while playback stream is active case kernel crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At Wed, 14 Jan 2015 09:15:36 +0100,
Lars-Peter Clausen wrote:
>
> On 01/14/2015 08:43 AM, Takashi Iwai wrote:
> > At Tue, 13 Jan 2015 21:54:12 +0000,
> > Mark Brown wrote:
> >>
> >> On Tue, Jan 13, 2015 at 06:24:44PM +0100, Takashi Iwai wrote:
> >>> Wang, Jiada (ESD) wrote:
> >>
> >>>> I am using i.MX6Q sabreSD board, which have imx_wm892 machine driver, wm8962 codec and SSI CPU DAI,
> >>
> >>>> I got Kernel crash when unloading audio drivers (playback stream is active)
> >>>> modprobe -r snd_soc_imx_wm8962
> >>>> modprobe -r snd_soc_fsl_ssi
> >>>> modprobe -r snd_soc_wm8962
> >>
> >>> The root problem is that you can unload the module while playing.
> >>> The corresponding module refcounts should have been increased during
> >>> used.
> >>
> >>> Do we miss [try_]module_get() somewhere in ASoC?
> >>
> >> That doesn't help, users can still forcibly unbind the driver at runtime
> >> without loading the module - and there's always the potential for
> >> actually hotpluggable hardware. The teardown paths should be able to
> >> cope somewhat gracefully.
> >
> > The module refcount has to be handled while being used for stopping
> > module unload. That's irrelevant from the dynamic unbinding support
> > itself. Of course, the module refcount doesn't save the world, but
> > it's the right fix for this particular scenario.
>
> Refcounting won't help in this case. The issue is caused by a delayed work
> item that gets launched when the PCM stream is stopped. So if you decrease
> the refcount when the stream is stopped you still have a window where it is
> possible to remove the module while the work is still being scheduled.

OK, so it's not about active stream. From the reporter's description,
I supposed that the module gets unloaded while playing a stream, which
shouldn't be allowed.

> And while we do flush the scheduled work when we remove the ASoC card this
> is done before snd_card_free() is called. So when snd_card_free() is called
> it gets re-scheduled again. I think the correct fix is to add a
> snd_card_disconnect() at the very top of soc_cleanup_card_resources().

Or move the most code of soc_cleanup_card_resources() to
card->private_free or such to be called from snd_card_free(), and
snd_soc_unregister_card() just needs to call snd_card_free().
This will trigger the disconnection, settle down the device usages
then release the soc resources gracefully.

Takashi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Qais Yousef: "[PATCH v4] ALSA: ASoC: soc-compress.c: fix NULL dereference"
Previous message: Greg Kroah-Hartman: "[PATCH 3.18 032/150] Bluetooth: 6lowpan: fix skb_unshare behaviour"
In reply to: Lars-Peter Clausen: "Re: [alsa-devel] unload Audio drivers while playback stream is active case kernel crash"
Next in thread: Lars-Peter Clausen: "Re: [alsa-devel] unload Audio drivers while playback stream is active case kernel crash"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]