The timer loopback_jiffies_timer_function is executed under bottom-half softirq context and require a spinlock, thus other process context code requiring the same lock (i.e., loopback_trigger, loopback_pointer) can deadlock with the timer if it is preempted while holding the lock.

Deadlock scenario: loopback_trigger -> spin_lock(&cable->lock); <timer interrupt> -> loopback_jiffies_timer_function -> spin_lock_irqsave(&dpcm->cable->lock, flags);

Fix the potential deadlock by using spin_lock_irqsave.

Signed-off-by: Chengfeng Ye cyeaa@connect.ust.hk --- sound/drivers/aloop.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/sound/drivers/aloop.c b/sound/drivers/aloop.c index a38e602b4fc6..8ee93f8581b4 100644 --- a/sound/drivers/aloop.c +++ b/sound/drivers/aloop.c @@ -379,6 +379,7 @@ static int loopback_trigger(struct snd_pcm_substream *substream, int cmd) struct snd_pcm_runtime *runtime = substream->runtime; struct loopback_pcm *dpcm = runtime->private_data; struct loopback_cable *cable = dpcm->cable; + unsigned long flags; int err = 0, stream = 1 << substream->stream;

switch (cmd) { @@ -389,39 +390,39 @@ static int loopback_trigger(struct snd_pcm_substream *substream, int cmd) dpcm->last_jiffies = jiffies; dpcm->pcm_rate_shift = 0; dpcm->last_drift = 0; - spin_lock(&cable->lock); + spin_lock_irqsave(&cable->lock, flags); cable->running |= stream; cable->pause &= ~stream; err = cable->ops->start(dpcm); - spin_unlock(&cable->lock); + spin_unlock_irqrestore(&cable->lock, flags); if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) loopback_active_notify(dpcm); break; case SNDRV_PCM_TRIGGER_STOP: - spin_lock(&cable->lock); + spin_lock_irqsave(&cable->lock, flags); cable->running &= ~stream; cable->pause &= ~stream; err = cable->ops->stop(dpcm); - spin_unlock(&cable->lock); + spin_unlock_irqrestore(&cable->lock, flags); if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) loopback_active_notify(dpcm); break; case SNDRV_PCM_TRIGGER_PAUSE_PUSH: case SNDRV_PCM_TRIGGER_SUSPEND: - spin_lock(&cable->lock); + spin_lock_irqsave(&cable->lock, flags); cable->pause |= stream; err = cable->ops->stop(dpcm); - spin_unlock(&cable->lock); + spin_unlock_irqrestore(&cable->lock, flags); if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) loopback_active_notify(dpcm); break; case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: case SNDRV_PCM_TRIGGER_RESUME: - spin_lock(&cable->lock); + spin_lock_irqsave(&cable->lock, flags); dpcm->last_jiffies = jiffies; cable->pause &= ~stream; err = cable->ops->start(dpcm); - spin_unlock(&cable->lock); + spin_unlock_irqrestore(&cable->lock, flags); if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK) loopback_active_notify(dpcm); break; @@ -865,12 +866,13 @@ static snd_pcm_uframes_t loopback_pointer(struct snd_pcm_substream *substream) struct snd_pcm_runtime *runtime = substream->runtime; struct loopback_pcm *dpcm = runtime->private_data; snd_pcm_uframes_t pos; + unsigned long flags;

- spin_lock(&dpcm->cable->lock); + spin_lock_irqsave(&dpcm->cable->lock, flags); if (dpcm->cable->ops->pos_update) dpcm->cable->ops->pos_update(dpcm->cable); pos = dpcm->buf_pos; - spin_unlock(&dpcm->cable->lock); + spin_unlock_irqrestore(&dpcm->cable->lock, flags); return bytes_to_frames(runtime, pos); }