Commit 10e44239 authored by Takashi Iwai's avatar Takashi Iwai

ALSA: usb-audio: Fix mutex deadlock at disconnection

The recent change for USB-audio disconnection race fixes introduced a
mutex deadlock again.  There is a circular dependency between
chip->shutdown_rwsem and pcm->open_mutex, depicted like below, when a
device is opened during the disconnection operation:

A. snd_usb_audio_disconnect() ->
     card.c::register_mutex ->
       chip->shutdown_rwsem (write) ->
         snd_card_disconnect() ->
           pcm.c::register_mutex ->
             pcm->open_mutex

B. snd_pcm_open() ->
     pcm->open_mutex ->
       snd_usb_pcm_open() ->
         chip->shutdown_rwsem (read)

Since the chip->shutdown_rwsem protection in the case A is required
only for turning on the chip->shutdown flag and it doesn't have to be
taken for the whole operation, we can reduce its window in
snd_usb_audio_disconnect().
Reported-by: default avatarJiri Slaby <jslaby@suse.cz>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
parent effded75
...@@ -559,9 +559,11 @@ static void snd_usb_audio_disconnect(struct usb_device *dev, ...@@ -559,9 +559,11 @@ static void snd_usb_audio_disconnect(struct usb_device *dev,
return; return;
card = chip->card; card = chip->card;
mutex_lock(&register_mutex);
down_write(&chip->shutdown_rwsem); down_write(&chip->shutdown_rwsem);
chip->shutdown = 1; chip->shutdown = 1;
up_write(&chip->shutdown_rwsem);
mutex_lock(&register_mutex);
chip->num_interfaces--; chip->num_interfaces--;
if (chip->num_interfaces <= 0) { if (chip->num_interfaces <= 0) {
snd_card_disconnect(card); snd_card_disconnect(card);
...@@ -582,11 +584,9 @@ static void snd_usb_audio_disconnect(struct usb_device *dev, ...@@ -582,11 +584,9 @@ static void snd_usb_audio_disconnect(struct usb_device *dev,
snd_usb_mixer_disconnect(p); snd_usb_mixer_disconnect(p);
} }
usb_chip[chip->index] = NULL; usb_chip[chip->index] = NULL;
up_write(&chip->shutdown_rwsem);
mutex_unlock(&register_mutex); mutex_unlock(&register_mutex);
snd_card_free_when_closed(card); snd_card_free_when_closed(card);
} else { } else {
up_write(&chip->shutdown_rwsem);
mutex_unlock(&register_mutex); mutex_unlock(&register_mutex);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment