ASoC: Intel: Fix race condition in IPC rx list
authorGustaw Lewandowski <gustaw.lewandowski@intel.com>
Thu, 13 Jun 2019 19:04:33 +0000 (21:04 +0200)
committerMark Brown <broonie@kernel.org>
Tue, 25 Jun 2019 14:33:43 +0000 (15:33 +0100)
Since there are multiple IPCs being sent in a short span of time, there
is a possibility of more than one message being on the Rx list after
receiving response from firmware. In such cases, when the first
notification of interrupt from firmware is received, driver retrieves
the message from the Rx list but does not delete it from the list till
the next lock. In the meantime, when another interrupt is received from
the firmware, driver is reading the previous message again since the
previous message has not been removed from the list.

Signed-off-by: Gustaw Lewandowski <gustaw.lewandowski@intel.com>
Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/intel/skylake/skl-sst-ipc.c

index 5c9206dc793288a96f949b724681680b52acfb8e..5094205a243f5bcbc15999ef6e5fce579e6a29b9 100644 (file)
@@ -344,6 +344,7 @@ static struct ipc_message *skl_ipc_reply_get_msg(struct sst_generic_ipc *ipc,
 
        msg = list_first_entry(&ipc->rx_list, struct ipc_message, list);
 
+       list_del(&msg->list);
 out:
        return msg;
 
@@ -488,7 +489,6 @@ void skl_ipc_process_reply(struct sst_generic_ipc *ipc,
        }
 
        spin_lock_irqsave(&ipc->dsp->spinlock, flags);
-       list_del(&msg->list);
        sst_ipc_tx_msg_reply_complete(ipc, msg);
        spin_unlock_irqrestore(&ipc->dsp->spinlock, flags);
 }