Date: Thu, 17 Apr 1997 09:55:59 +0200 (MET DST) From: hans@brandinnovators.com (Hans Zuidam) To: dwhite@resnet.uoregon.edu Cc: hackers@freebsd.org Subject: Re: Apparent bug in /dev/spkr driver (fwd) Message-ID: <199704170755.JAA12959@truk.brandinnovators.com> In-Reply-To: <Pine.BSF.3.96.970416215937.10694B-100000@localhost> from Doug White at "Apr 16, 97 10:00:00 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Doug White wrote: > ---------- Forwarded message ---------- > Date: Wed, 16 Apr 1997 14:25:30 -0600 > From: Brett Glass <brett@lariat.org> > To: questions@freebsd.org > Subject: Apparent bug in /dev/spkr driver > > The problem seems to have to do with a race condition and/or with kernel > memory allocation. I'm not terribly familiar with BSD kernel programming, > and there's no documentation on the full implications of some items in the > driver code, so I'm not sure how to pinpoint the problem. > > Can someone help to identify the source of the problem and a fix for it? Maybe this helps... In the speaker driver it does: n = uio->uio_resid; cp = spkr_inbuf->b_un.b_addr; if (!(error = uiomove(cp, n, uio))) playstring(cp, n); According to a discussion I had with Bruce Evans because of a similar problem in a home grown driver, it seems that uiomove() can sleep and that therefore another uiomove() may mess up the driver's buffers. The speaker driver should lock its buffer before doing the uiomove(). Actually, many drivers do not lock their private I/O buffers before uiomove()-ing. Hope this helps a bit. Regards, Hans -- H. Zuidam E-Mail: hans@brandinnovators.com Brand Innovators B.V. P-Mail: P.O. Box 1377 de Pinckart 54 5602 BJ Eindhoven, The Netherlands 5674 CC Nuenen Tel. +31 40 2631134, Fax. +31 40 2831138
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704170755.JAA12959>