Re: sound/pcm/* bugs (was: Re: page fault panic tracked down (selwakeuppri()) - really sound/pcm/*)

From: Stefan Ehmann <shoesoft_at_gmx.net>
Date: Wed, 14 Jan 2004 13:13:03 +0100
On Wed, 2004-01-14 at 07:16, Don Lewis wrote:
> I stared at the code some more and cranked out another patch.  I think
> the problem is in chn_setblocksize().  In the case of the csa driver,
> blksz is hardwired to 2048.  If the client of one of the vchans attempts
> to set blksz to something smaller than that, the vchan will notify its
> parent, which will call chn_setblocksize() with smaller requested value.
> chn_setblocksize() will resize its bufsoft to the smaller size, but
> bufhard will stay at 2048.  This will trigger the buffer overflow in
> feed_vchan_s16().
> 
> The following patch changes chn_setblocksize() to resize bufsoft after
> bufhard so that their bufsz values match.  It would also be possible to
> modify the code to resize bufsoft to the larger of the the bufhard bufsz
> or the requested value, but I don't see any advantage to this.  I don't
> think that the code will do the right thing if a vchan is configured
> with a smaller bufsz than its parent since the vchan won't be able to
> fill the parent buffer each time it is polled, but at least this should
> get rid of the buffer overflow.
> 
> I'm tempted to go ahead and commit the CHN_LOCKASSERT() and KASSERT() ->
> panic() changes so that I don't have to carry them around anymore.

No luck - again...

panic: mutex pcm0:fake not owned at
/usr/src/sys/dev/sound/pcm/channel.c:834

at boottime
Received on Wed Jan 14 2004 - 03:13:06 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:38 UTC