ALSA: sb: Fix potential ABBA deadlock in CSP driver

SB16 CSP driver may hit potentially a typical ABBA deadlock in two
code paths:

 In snd_sb_csp_stop():
     spin_lock_irqsave(&p->chip->mixer_lock, flags);
     spin_lock(&p->chip->reg_lock);

 In snd_sb_csp_load():
     spin_lock_irqsave(&p->chip->reg_lock, flags);
     spin_lock(&p->chip->mixer_lock);

Also the similar pattern is seen in snd_sb_csp_start().

Although the practical impact is very small (those states aren't
triggered in the same running state and this happens only on a real
hardware, decades old ISA sound boards -- which must be very difficult
to find nowadays), it's a real scenario and has to be fixed.

This patch addresses those deadlocks by splitting the locks in
snd_sb_csp_start() and snd_sb_csp_stop() for avoiding the nested
locks.

Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/7b0fcdaf-cd4f-4728-2eae-48c151a92e10@gmail.com
Link: https://lore.kernel.org/r/20210716132723.13216-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/isa/sb/sb16_csp.c b/sound/isa/sb/sb16_csp.c
index 5bbe669..7ad8c5f 100644 (file)
--- a/sound/isa/sb/sb16_csp.c
+++ b/sound/isa/sb/sb16_csp.c
@@ -816,6 +816,7 @@ static int snd_sb_csp_start(struct snd_sb_csp * p, int sample_width, int channel
        mixR = snd_sbmixer_read(p->chip, SB_DSP4_PCM_DEV + 1);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL & 0x7);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR & 0x7);
+       spin_unlock_irqrestore(&p->chip->mixer_lock, flags);
 
        spin_lock(&p->chip->reg_lock);
        set_mode_register(p->chip, 0xc0);       /* c0 = STOP */
@@ -855,6 +856,7 @@ static int snd_sb_csp_start(struct snd_sb_csp * p, int sample_width, int channel
        spin_unlock(&p->chip->reg_lock);
 
        /* restore PCM volume */
+       spin_lock_irqsave(&p->chip->mixer_lock, flags);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR);
        spin_unlock_irqrestore(&p->chip->mixer_lock, flags);
@@ -880,6 +882,7 @@ static int snd_sb_csp_stop(struct snd_sb_csp * p)
        mixR = snd_sbmixer_read(p->chip, SB_DSP4_PCM_DEV + 1);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL & 0x7);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR & 0x7);
+       spin_unlock_irqrestore(&p->chip->mixer_lock, flags);
 
        spin_lock(&p->chip->reg_lock);
        if (p->running & SNDRV_SB_CSP_ST_QSOUND) {
@@ -894,6 +897,7 @@ static int snd_sb_csp_stop(struct snd_sb_csp * p)
        spin_unlock(&p->chip->reg_lock);
 
        /* restore PCM volume */
+       spin_lock_irqsave(&p->chip->mixer_lock, flags);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV, mixL);
        snd_sbmixer_write(p->chip, SB_DSP4_PCM_DEV + 1, mixR);
        spin_unlock_irqrestore(&p->chip->mixer_lock, flags);