Hi,
On Aug 19 2016 15:24, Vaishali Thakkar wrote:
I was wondering about the call to copy_to_user in function hwdep_read_locked and hwdep_read_resp_buf for driver sound/firewire/fireworks/fireworks_hwdep.c. The function hwdep_read calls both of these functions while holding a spinlock[1], which is not normally allowed due to the possibility of a deadlock.
This seems to be coming from the commit 555e8a8f7f149544eb7d4aa3a6420bc4c3055638 while adding a command/response functionality into hwdep interface. Is there some reason that I am overlooking, why it is OK in this case? Is there some code in the same file which ensures that page fault will not occur when we are calling these functions while holding a spin_lock_irq?
The same issue is there with the driver sound/firewire/tascam/tascam-hwdep.c for obvious reasons.
Coccinelle script is used to detect this issue.
Thank you.
[1] http://lxr.free-electrons.com/source/sound/firewire/fireworks/fireworks_hwde...
Indeed, I was unaware of the situation in which deadlock occurs; i.e. page fault.
I'm on short summer vacation, so will post patches for them in next week.
Thanks
Takashi Sakamoto