Use of copy_to_user in fireworks_hwdep.c while holding a spin_lock

From: Vaishali Thakkar
Date: Fri Aug 19 2016 - 02:09:51 EST


Hello,

I was wondering about the call to copy_to_user in function hwdep_read_locked and
hwdep_read_resp_buf for driver sound/firewire/fireworks/fireworks_hwdep.c.
The function hwdep_read calls both of these functions while holding a spinlock[1],
which is not normally allowed due to the possibility of a deadlock.

This seems to be coming from the commit 555e8a8f7f149544eb7d4aa3a6420bc4c3055638
while adding a command/response functionality into hwdep interface. Is there some
reason that I am overlooking, why it is OK in this case? Is there some code in the
same file which ensures that page fault will not occur when we are calling these
functions while holding a spin_lock_irq?

The same issue is there with the driver sound/firewire/tascam/tascam-hwdep.c for
obvious reasons.

Coccinelle script is used to detect this issue.

Thank you.

[1] http://lxr.free-electrons.com/source/sound/firewire/fireworks/fireworks_hwdep.c#L114

--
Vaishali