[PATCH] fix AB-BA deadlock inversion at cs46xx_dsp_remove_scb

There is a code sequence where the locking is substream->self_group.lock
-> ins->scbs[index].lock

substream->self_group.lock is interrupt safe, and taken from irq context
as well (trace is snipped for brevity)

so what can happen is

   cpu 0                   	cpu 1
   user context			user context

				take ins->scbs[index].lock without disabling interrupts

   get substream->self_group.lock (irqsafe)
   try to get ins->scbs[index].lock (spins)

				interrupt happens
				try to get substream->self_group.lock (spins)

which is an obvious AB-BA deadlock

fix is to just take the lock with _irqsafe

Signed-off-by: Arjan van de Ven <[email protected]>
Cc: Jaroslav Kysela <[email protected]>
Acked-by: Takashi Iwai <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/sound/pci/cs46xx/dsp_spos_scb_lib.c b/sound/pci/cs46xx/dsp_spos_scb_lib.c
index 3844d18af19ca00eae8aedf9314b6054f7c8b909..232b337852fff33f6cacba606a2a5b05136d7fe9 100644 (file)
--- a/sound/pci/cs46xx/dsp_spos_scb_lib.c
+++ b/sound/pci/cs46xx/dsp_spos_scb_lib.c
@@ -180,6 +180,7 @@ static void _dsp_clear_sample_buffer (struct snd_cs46xx *chip, u32 sample_buffer
 void cs46xx_dsp_remove_scb (struct snd_cs46xx *chip, struct dsp_scb_descriptor * scb)
 {
        struct dsp_spos_instance * ins = chip->dsp_spos_instance;
+       unsigned long flags;
 
        /* check integrety */
        snd_assert ( (scb->index >= 0 && 
@@ -194,9 +195,9 @@ void cs46xx_dsp_remove_scb (struct snd_cs46xx *chip, struct dsp_scb_descriptor *
                     goto _end);
 #endif
 
-       spin_lock(&scb->lock);
+       spin_lock_irqsave(&scb->lock, flags);
        _dsp_unlink_scb (chip,scb);
-       spin_unlock(&scb->lock);
+       spin_unlock_irqrestore(&scb->lock, flags);
 
        cs46xx_dsp_proc_free_scb_desc(scb);
        snd_assert (scb->scb_symbol != NULL, return );