From owner-freebsd-current@FreeBSD.ORG Wed Jan 14 04:13:06 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F0B516A4CE for ; Wed, 14 Jan 2004 04:13:06 -0800 (PST) Received: from email05.aon.at (WARSL402PIP4.highway.telekom.at [195.3.96.79]) by mx1.FreeBSD.org (Postfix) with SMTP id C50CE43D39 for ; Wed, 14 Jan 2004 04:13:03 -0800 (PST) (envelope-from shoesoft@gmx.net) Received: (qmail 280808 invoked from network); 14 Jan 2004 12:13:01 -0000 Received: from m124p020.dipool.highway.telekom.at (HELO ?62.46.5.116?) ([62.46.5.116]) (envelope-sender ) by qmail5rs.highway.telekom.at (qmail-ldap-1.03) with SMTP for ; 14 Jan 2004 12:13:01 -0000 From: Stefan Ehmann To: Don Lewis In-Reply-To: <200401140616.i0E6G17E038163@gw.catspoiler.org> References: <200401140616.i0E6G17E038163@gw.catspoiler.org> Content-Type: text/plain Message-Id: <1074082382.914.11.camel@shoeserv.freebsd> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 14 Jan 2004 13:13:03 +0100 Content-Transfer-Encoding: 7bit cc: current@FreeBSD.org Subject: Re: sound/pcm/* bugs (was: Re: page fault panic tracked down (selwakeuppri()) - really sound/pcm/*) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2004 12:13:06 -0000 On Wed, 2004-01-14 at 07:16, Don Lewis wrote: > I stared at the code some more and cranked out another patch. I think > the problem is in chn_setblocksize(). In the case of the csa driver, > blksz is hardwired to 2048. If the client of one of the vchans attempts > to set blksz to something smaller than that, the vchan will notify its > parent, which will call chn_setblocksize() with smaller requested value. > chn_setblocksize() will resize its bufsoft to the smaller size, but > bufhard will stay at 2048. This will trigger the buffer overflow in > feed_vchan_s16(). > > The following patch changes chn_setblocksize() to resize bufsoft after > bufhard so that their bufsz values match. It would also be possible to > modify the code to resize bufsoft to the larger of the the bufhard bufsz > or the requested value, but I don't see any advantage to this. I don't > think that the code will do the right thing if a vchan is configured > with a smaller bufsz than its parent since the vchan won't be able to > fill the parent buffer each time it is polled, but at least this should > get rid of the buffer overflow. > > I'm tempted to go ahead and commit the CHN_LOCKASSERT() and KASSERT() -> > panic() changes so that I don't have to carry them around anymore. No luck - again... panic: mutex pcm0:fake not owned at /usr/src/sys/dev/sound/pcm/channel.c:834 at boottime