On 14 Jan, Stefan Ehmann wrote: > On Wed, 2004-01-14 at 07:16, Don Lewis wrote: >> I stared at the code some more and cranked out another patch. I think >> the problem is in chn_setblocksize(). In the case of the csa driver, >> blksz is hardwired to 2048. If the client of one of the vchans attempts >> to set blksz to something smaller than that, the vchan will notify its >> parent, which will call chn_setblocksize() with smaller requested value. >> chn_setblocksize() will resize its bufsoft to the smaller size, but >> bufhard will stay at 2048. This will trigger the buffer overflow in >> feed_vchan_s16(). >> >> The following patch changes chn_setblocksize() to resize bufsoft after >> bufhard so that their bufsz values match. It would also be possible to >> modify the code to resize bufsoft to the larger of the the bufhard bufsz >> or the requested value, but I don't see any advantage to this. I don't >> think that the code will do the right thing if a vchan is configured >> with a smaller bufsz than its parent since the vchan won't be able to >> fill the parent buffer each time it is polled, but at least this should >> get rid of the buffer overflow. >> >> I'm tempted to go ahead and commit the CHN_LOCKASSERT() and KASSERT() -> >> panic() changes so that I don't have to carry them around anymore. > > No luck - again... > > panic: mutex pcm0:fake not owned at > /usr/src/sys/dev/sound/pcm/channel.c:834 > > at boottime I suspect something new got built with INVARIANTS and a working CHN_LOCKASSERT() for the first time. Try adding a call to CHN_LOCK() after the call to chn_lockinit() in chn_init() and a call to CHN_UNLOCK() just after the out: label. These got deleted in rev 1.85, though the CHN_UNLOCK() call was in the wrong place in 1.84.Received on Wed Jan 14 2004 - 03:45:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:38 UTC