[PATCH] ALSA: aloop: Fix &cable->lock deadlock issues

* [PATCH] ALSA: aloop: Fix &cable->lock deadlock issues
@ 2023-06-25 16:22 YE Chengfeng
  2023-06-25 18:14 ` Takashi Iwai
  0 siblings, 1 reply; 2+ messages in thread
From: YE Chengfeng @ 2023-06-25 16:22 UTC (permalink / raw)
  To: perex, tiwai, pteerapong; +Cc: alsa-devel, linux-kernel

The timer loopback_jiffies_timer_function is executed under
bottom-half softirq context and require a spinlock, thus
other process context code requiring the same lock (i.e.,
loopback_trigger, loopback_pointer) can deadlock with the
timer if it is preempted while holding the lock.

Deadlock scenario:
loopback_trigger
    -> spin_lock(&cable->lock);
        <timer interrupt>
        -> loopback_jiffies_timer_function
        -> spin_lock_irqsave(&dpcm->cable->lock, flags);

Fix the potential deadlock by using spin_lock_irqsave.

Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk>
---
 sound/drivers/aloop.c | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/sound/drivers/aloop.c b/sound/drivers/aloop.c
index a38e602b4fc6..8ee93f8581b4 100644
--- a/sound/drivers/aloop.c
+++ b/sound/drivers/aloop.c
@@ -379,6 +379,7 @@ static int loopback_trigger(struct snd_pcm_substream *substream, int cmd)
 	struct snd_pcm_runtime *runtime = substream->runtime;
 	struct loopback_pcm *dpcm = runtime->private_data;
 	struct loopback_cable *cable = dpcm->cable;
+	unsigned long flags;
 	int err = 0, stream = 1 << substream->stream;
 
 	switch (cmd) {
@@ -389,39 +390,39 @@ static int loopback_trigger(struct snd_pcm_substream *substream, int cmd)
 		dpcm->last_jiffies = jiffies;
 		dpcm->pcm_rate_shift = 0;
 		dpcm->last_drift = 0;
-		spin_lock(&cable->lock);	
+		spin_lock_irqsave(&cable->lock, flags);
 		cable->running |= stream;
 		cable->pause &= ~stream;
 		err = cable->ops->start(dpcm);
-		spin_unlock(&cable->lock);
+		spin_unlock_irqrestore(&cable->lock, flags);
 		if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
 			loopback_active_notify(dpcm);
 		break;
 	case SNDRV_PCM_TRIGGER_STOP:
-		spin_lock(&cable->lock);	
+		spin_lock_irqsave(&cable->lock, flags);
 		cable->running &= ~stream;
 		cable->pause &= ~stream;
 		err = cable->ops->stop(dpcm);
-		spin_unlock(&cable->lock);
+		spin_unlock_irqrestore(&cable->lock, flags);
 		if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
 			loopback_active_notify(dpcm);
 		break;
 	case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
 	case SNDRV_PCM_TRIGGER_SUSPEND:
-		spin_lock(&cable->lock);	
+		spin_lock_irqsave(&cable->lock, flags);
 		cable->pause |= stream;
 		err = cable->ops->stop(dpcm);
-		spin_unlock(&cable->lock);
+		spin_unlock_irqrestore(&cable->lock, flags);
 		if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
 			loopback_active_notify(dpcm);
 		break;
 	case SNDRV_PCM_TRIGGER_PAUSE_RELEASE:
 	case SNDRV_PCM_TRIGGER_RESUME:
-		spin_lock(&cable->lock);
+		spin_lock_irqsave(&cable->lock, flags);
 		dpcm->last_jiffies = jiffies;
 		cable->pause &= ~stream;
 		err = cable->ops->start(dpcm);
-		spin_unlock(&cable->lock);
+		spin_unlock_irqrestore(&cable->lock, flags);
 		if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)
 			loopback_active_notify(dpcm);
 		break;
@@ -865,12 +866,13 @@ static snd_pcm_uframes_t loopback_pointer(struct snd_pcm_substream *substream)
 	struct snd_pcm_runtime *runtime = substream->runtime;
 	struct loopback_pcm *dpcm = runtime->private_data;
 	snd_pcm_uframes_t pos;
+	unsigned long flags;
 
-	spin_lock(&dpcm->cable->lock);
+	spin_lock_irqsave(&dpcm->cable->lock, flags);
 	if (dpcm->cable->ops->pos_update)
 		dpcm->cable->ops->pos_update(dpcm->cable);
 	pos = dpcm->buf_pos;
-	spin_unlock(&dpcm->cable->lock);
+	spin_unlock_irqrestore(&dpcm->cable->lock, flags);
 	return bytes_to_frames(runtime, pos);
 }
 
-- 
2.17.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread