From owner-freebsd-current@FreeBSD.ORG Wed Jan 14 04:45:34 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 56ABC16A4CE for ; Wed, 14 Jan 2004 04:45:34 -0800 (PST) Received: from gw.catspoiler.org (217-ip-163.nccn.net [209.79.217.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09CD343D48 for ; Wed, 14 Jan 2004 04:45:33 -0800 (PST) (envelope-from truckman@FreeBSD.org) Received: from FreeBSD.org (mousie.catspoiler.org [192.168.101.2]) by gw.catspoiler.org (8.12.9p2/8.12.9) with ESMTP id i0ECjQ7E039104; Wed, 14 Jan 2004 04:45:29 -0800 (PST) (envelope-from truckman@FreeBSD.org) Message-Id: <200401141245.i0ECjQ7E039104@gw.catspoiler.org> Date: Wed, 14 Jan 2004 04:45:26 -0800 (PST) From: Don Lewis To: shoesoft@gmx.net In-Reply-To: <1074082382.914.11.camel@shoeserv.freebsd> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii cc: current@FreeBSD.org Subject: Re: sound/pcm/* bugs (was: Re: page fault panic tracked down (selwakeuppri()) - really sound/pcm/*) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 12:45:34 -0000 On 14 Jan, Stefan Ehmann wrote: > On Wed, 2004-01-14 at 07:16, Don Lewis wrote: >> I stared at the code some more and cranked out another patch. I think >> the problem is in chn_setblocksize(). In the case of the csa driver, >> blksz is hardwired to 2048. If the client of one of the vchans attempts >> to set blksz to something smaller than that, the vchan will notify its >> parent, which will call chn_setblocksize() with smaller requested value. >> chn_setblocksize() will resize its bufsoft to the smaller size, but >> bufhard will stay at 2048. This will trigger the buffer overflow in >> feed_vchan_s16(). >> >> The following patch changes chn_setblocksize() to resize bufsoft after >> bufhard so that their bufsz values match. It would also be possible to >> modify the code to resize bufsoft to the larger of the the bufhard bufsz >> or the requested value, but I don't see any advantage to this. I don't >> think that the code will do the right thing if a vchan is configured >> with a smaller bufsz than its parent since the vchan won't be able to >> fill the parent buffer each time it is polled, but at least this should >> get rid of the buffer overflow. >> >> I'm tempted to go ahead and commit the CHN_LOCKASSERT() and KASSERT() -> >> panic() changes so that I don't have to carry them around anymore. > > No luck - again... > > panic: mutex pcm0:fake not owned at > /usr/src/sys/dev/sound/pcm/channel.c:834 > > at boottime I suspect something new got built with INVARIANTS and a working CHN_LOCKASSERT() for the first time. Try adding a call to CHN_LOCK() after the call to chn_lockinit() in chn_init() and a call to CHN_UNLOCK() just after the out: label. These got deleted in rev 1.85, though the CHN_UNLOCK() call was in the wrong place in 1.84.