857 /* called with spin lock held */
858 static int
859 trident_write_voice_regs(struct trident_state *state)
But the function is called with lock held in some cases but not always.
One violating call chain is:
2699 trident_open ->
2784 trident_set_dac_rate(state, 8000);
One example that follows the comment is:
2289 spin_lock_irqsave(&state->card->lock, flags);
2290 trident_set_dac_rate(state, val);
trident_set_dac_rate calls trident_write_voice_regs
Looking into it.
I noticed that trident_open is called by function pointers. Maybe a lock is
acquired before it is called via the function pointer?
Ok, I'm pretty sure that it's indeed a bug, but its been a (long...) while since
I've looked at trident.c in depth.
Basically, we allocate a new virtual channel in open, and then we frob some
hardware registers (in write_voice_regs) for that channel. But the hardware
registers are shared with other channels, which may be trying to frob the some
registers (albeit for another channel) via ioctl(SNDCTL_DSP_SPEED). Not very
likely to happen, but a bug is a bug.
I'll whip up a patch and run it through its paces and then send it to mainline.
Thanks for the bug report!
Thank you very much for the confirmation!
trident_open also calls
2802 trident_set_adc_rate(state, 8000);
which needs the same lock. So you may want to fix both places.
Created attachment 11489 [details]
fix locking around write_voice_regs
Finally got around to it. Patch attached, will test and send it out to akpm
This is commit 3b20b9b4e985fcc48b4eea401cb289a856422c93 right?
I suppose the bug can be closed now.