From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754044AbcHSGJm (ORCPT ); Fri, 19 Aug 2016 02:09:42 -0400 Received: from aserp1050.oracle.com ([141.146.126.70]:44091 "EHLO aserp1050.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750991AbcHSGJl (ORCPT ); Fri, 19 Aug 2016 02:09:41 -0400 To: Clemens Ladisch , Jaroslav Kysela , Takashi Iwai , alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, Takashi Sakamoto , Julia Lawall From: Vaishali Thakkar Subject: Use of copy_to_user in fireworks_hwdep.c while holding a spin_lock Message-ID: <57B6A1D4.2080501@oracle.com> Date: Fri, 19 Aug 2016 11:36:12 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Source-IP: aserp1040.oracle.com [141.146.126.69] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, I was wondering about the call to copy_to_user in function hwdep_read_locked and hwdep_read_resp_buf for driver sound/firewire/fireworks/fireworks_hwdep.c. The function hwdep_read calls both of these functions while holding a spinlock[1], which is not normally allowed due to the possibility of a deadlock. This seems to be coming from the commit 555e8a8f7f149544eb7d4aa3a6420bc4c3055638 while adding a command/response functionality into hwdep interface. Is there some reason that I am overlooking, why it is OK in this case? Is there some code in the same file which ensures that page fault will not occur when we are calling these functions while holding a spin_lock_irq? The same issue is there with the driver sound/firewire/tascam/tascam-hwdep.c for obvious reasons. Coccinelle script is used to detect this issue. Thank you. [1] http://lxr.free-electrons.com/source/sound/firewire/fireworks/fireworks_hwdep.c#L114 -- Vaishali