From owner-freebsd-current@FreeBSD.ORG  Wed Jan  7 00:15:58 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 33ACB16A4CE; Wed,  7 Jan 2004 00:15:58 -0800 (PST)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E29DC43D46; Wed,  7 Jan 2004 00:15:55 -0800 (PST)
	(envelope-from bde@zeta.org.au)
Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246])
	by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id TAA10518;
	Wed, 7 Jan 2004 19:15:52 +1100
Date: Wed, 7 Jan 2004 19:15:51 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Don Lewis <truckman@freebsd.org>
In-Reply-To: <200401070501.i0751a7E015620@gw.catspoiler.org>
Message-ID: <20040107184629.H7587@gamplex.bde.org>
References: <200401070501.i0751a7E015620@gw.catspoiler.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: matk@freebsd.org
cc: cg@freebsd.org
cc: current@freebsd.org
cc: shoesoft@gmx.net
Subject: Re: sound/pcm/* bugs (was: Re: page fault panic tracked down
 (selwakeuppri()) - really sound/pcm/*)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jan 2004 08:15:58 -0000

On Tue, 6 Jan 2004, Don Lewis wrote:

> [... lots of good stuff]
> I found another bug, though.  Holding a mutex across a malloc() call is
> not allowed because malloc() can sleep, and sleeping while holding a
> mutex is not allowed.  sndbuf_resize() sndbuf_remalloc() both call
> malloc() to allocate buffers, and sndbuf_alloc() and sndbuf_setup() call
> sndbuf_resize().  The problem is that chn_setblocksize() calls
> sndbuf_remalloc() while the channel mutex is held.  We can't just unlock
> the mutex around the sndbuf_remalloc() call because the channel
> interrupt service routine could run while the buffer is being
> re-allocated.  It would be best if the channel were to be shut down when
> re-allocating the buffer.  This is likely to be messy since
> chn_setblocksize() is called from lots of different places.

Er, its an M_NOWAIT malloc(), so it can't sleep.  M_WAITOK malloc()s
in interrupt handlers would also be bugs, but that is not a problem
here for the same reason.

There should be more checks for potential sleeps while holding a mutex.

Bruce