From 3b14c6f9141ed8dd3c53806932d72c24e1e98ba9 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati Date: Thu, 28 Sep 2023 12:12:05 +0530 Subject: [PATCH] sound: usb: qmi: Prevent Null pointer deference due to connect/disconnect Currently the sound driver uses qmi workqueues for any qmi request sequences to execute, however while doing fast disconnect/connect there is a possbility that the worker thread race between each other which might lead to a scenario where in between the connect sequence the disconnect might interfere and the endpoint might get freed. This might lead to a null pointer deferences in the process used by the hcd. Fix this by making use of the chip-s usage_count to serialize these processes. The disconnect in card drvier will wait for the usage_count to be decreased to 0 in order to execute the disconnect sequences which woudl make sure that the connect runs completely before disconnect. Change-Id: I2a996a5bd6a451fdffdd3d09ba62770e3779f3f4 Signed-off-by: Udipto Goswami Signed-off-by: Krishna Kurapati --- sound/usb/usb_audio_qmi_svc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sound/usb/usb_audio_qmi_svc.c b/sound/usb/usb_audio_qmi_svc.c index 851d12865779..e323d9ea304a 100644 --- a/sound/usb/usb_audio_qmi_svc.c +++ b/sound/usb/usb_audio_qmi_svc.c @@ -1558,7 +1558,7 @@ static void handle_uaudio_stream_req(struct qmi_handle *handle, } uadev[pcm_card_num].ctrl_intf = chip->ctrl_intf; - + atomic_inc(&chip->usage_count); if (req_msg->enable) { ret = enable_audio_stream(subs, map_pcm_format(req_msg->audio_format), @@ -1594,6 +1594,8 @@ static void handle_uaudio_stream_req(struct qmi_handle *handle, disable_audio_stream(subs); } + atomic_dec(&chip->usage_count); + response: if (!req_msg->enable && ret != -EINVAL && ret != -ENODEV) { if (info_idx >= 0) {