857 /* called with spin lock held */ 858 static int 859 trident_write_voice_regs(struct trident_state *state) But the function is called with lock held in some cases but not always. One violating call chain is: 2699 trident_open -> 2784 trident_set_dac_rate(state, 8000); -> trident_write_voice_regs ====================================== One example that follows the comment is: 2289 spin_lock_irqsave(&state->card->lock, flags); 2290 trident_set_dac_rate(state, val); 2291 spin_unlock_irqrestore(&state->card->lock, flags); trident_set_dac_rate calls trident_write_voice_regs
Looking into it.
I noticed that trident_open is called by function pointers. Maybe a lock is acquired before it is called via the function pointer?
Ok, I'm pretty sure that it's indeed a bug, but its been a (long...) while since I've looked at trident.c in depth. Basically, we allocate a new virtual channel in open, and then we frob some hardware registers (in write_voice_regs) for that channel. But the hardware registers are shared with other channels, which may be trying to frob the some registers (albeit for another channel) via ioctl(SNDCTL_DSP_SPEED). Not very likely to happen, but a bug is a bug. I'll whip up a patch and run it through its paces and then send it to mainline. Thanks for the bug report!
Thank you very much for the confirmation!
trident_open also calls 2802 trident_set_adc_rate(state, 8000); which needs the same lock. So you may want to fix both places.
Created attachment 11489 [details] fix locking around write_voice_regs Finally got around to it. Patch attached, will test and send it out to akpm later today.
Muli, This is commit 3b20b9b4e985fcc48b4eea401cb289a856422c93 right? I suppose the bug can be closed now.