On Wed, 2004-01-14 at 07:16, Don Lewis wrote: > I stared at the code some more and cranked out another patch. I think > the problem is in chn_setblocksize(). In the case of the csa driver, > blksz is hardwired to 2048. If the client of one of the vchans attempts > to set blksz to something smaller than that, the vchan will notify its > parent, which will call chn_setblocksize() with smaller requested value. > chn_setblocksize() will resize its bufsoft to the smaller size, but > bufhard will stay at 2048. This will trigger the buffer overflow in > feed_vchan_s16(). > > The following patch changes chn_setblocksize() to resize bufsoft after > bufhard so that their bufsz values match. It would also be possible to > modify the code to resize bufsoft to the larger of the the bufhard bufsz > or the requested value, but I don't see any advantage to this. I don't > think that the code will do the right thing if a vchan is configured > with a smaller bufsz than its parent since the vchan won't be able to > fill the parent buffer each time it is polled, but at least this should > get rid of the buffer overflow. > > I'm tempted to go ahead and commit the CHN_LOCKASSERT() and KASSERT() -> > panic() changes so that I don't have to carry them around anymore. No luck - again... panic: mutex pcm0:fake not owned at /usr/src/sys/dev/sound/pcm/channel.c:834 at boottimeReceived on Wed Jan 14 2004 - 03:13:06 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:38 UTC