[kernel] Add patch from ALSA mailing list to try to fix bug #628404
Chuck Ebbert
cebbert at fedoraproject.org
Thu Sep 2 09:50:49 UTC 2010
commit 3285fcda470ebafa7879262794129c9c7ed15a08
Author: Chuck Ebbert <cebbert at redhat.com>
Date: Thu Sep 2 05:51:15 2010 -0400
Add patch from ALSA mailing list to try to fix bug #628404
alsa-fix-substream-proc-status-read.patch | 193 +++++++++++++++++++++++++++++
kernel.spec | 11 ++-
2 files changed, 201 insertions(+), 3 deletions(-)
---
diff --git a/alsa-fix-substream-proc-status-read.patch b/alsa-fix-substream-proc-status-read.patch
new file mode 100644
index 0000000..4d7ef08
--- /dev/null
+++ b/alsa-fix-substream-proc-status-read.patch
@@ -0,0 +1,193 @@
+From: Takashi Iwai <tiwai at suse.de>
+To: Chuck Ebbert <cebbert at redhat.com>
+Cc: alsa-devel at alsa-project.org, linux-kernel at vger.kernel.org
+Subject: Re: [alsa-devel] 2.6.36-rc2-git5: Oops in snd_pcm_substream_proc_status_read()
+Date: Thu, 02 Sep 2010 10:31:11 +0200
+
+At Wed, 1 Sep 2010 04:19:24 -0400,
+Chuck Ebbert wrote:
+>
+>
+> https://bugzilla.redhat.com/show_bug.cgi?id=628404
+>
+> general protection fault: 0000 [#1] SMP
+> last sysfs file:
+> /sys/devices/pci0000:00/0000:00:1b.0/sound/card0/pcmC0D0c/pcm_class
+> CPU 1
+> Modules linked in: vfat fat fuse ebtable_nat ebtables ipt_MASQUERADE
+> iptable_nat nf_nat bridge stp llc sunrpc cpufreq_ondemand acpi_cpufreq
+> freq_table mperf ip6t_REJECT nf_conntrack_ipv6 xt_physdev ip6table_filter
+> ip6_tables kvm_intel kvm uinput snd_hda_codec_conexant usblp arc4 ecb
+> snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device iwlagn snd_pcm
+> iwlcore thinkpad_acpi snd_timer snd i2c_i801 mac80211 soundcore microcode
+> iTCO_wdt iTCO_vendor_support e1000e cfg80211 wmi snd_page_alloc rfkill ipv6
+> usb_storage i915 drm_kms_helper drm i2c_algo_bit i2c_core video output [last
+> unloaded: scsi_wait_scan]
+>
+> Pid: 16071, comm: pulseaudio Not tainted 2.6.36-0.11.rc2.git5.fc15.x86_64 #1
+> 74585FU/74585FU
+> RIP: 0010:[<ffffffffa0296742>] [<ffffffffa0296742>]
+> snd_pcm_substream_proc_status_read+0x164/0x1ad [snd_pcm]
+> RSP: 0018:ffff8801178c1b58 EFLAGS: 00010292
+> RAX: 6b6b6b6b6b6b6b6b RBX: ffff88003d993bc8 RCX: 0000000000000000
+> RDX: ffffffffa02a1996 RSI: ffffffffa02a1997 RDI: ffff88003d993bc8
+> RBP: ffff8801178c1c18 R08: 0000000000000006 R09: 00000000fffffff7
+> R10: ffff8800044ea048 R11: 0000000000000000 R12: ffff8801332d31b0
+> R13: ffff88013438d488 R14: ffff88013438e050 R15: ffff880111131880
+> FS: 00007fbccba77780(0000) GS:ffff880002e00000(0000) knlGS:0000000000000000
+> CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+> CR2: 00007fbf324db008 CR3: 00000001157be000 CR4: 00000000000006e0
+> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+> DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
+> Process pulseaudio (pid: 16071, threadinfo ffff8801178c0000, task
+> ffff880130f88000)
+> Stack:
+> 0000000000000003 0000000000005e84 000000002ee6c142 0000000000005e85
+> <0> 000000001624774a 0000000000000000 00000000000064b0 00000000000064b0
+> <0> 00000000000064b0 00000000000064b0 0000000000000000 0000000000000000
+> Call Trace:
+> [<ffffffffa020ac22>] snd_info_entry_open+0x307/0x389 [snd]
+> [<ffffffff81179034>] proc_reg_open+0xfa/0x17a
+> [<ffffffffa020a91b>] ? snd_info_entry_open+0x0/0x389 [snd]
+> [<ffffffffa0209fa7>] ? snd_info_entry_release+0x0/0xd8 [snd]
+> [<ffffffff81178f3a>] ? proc_reg_open+0x0/0x17a
+> [<ffffffff81128f1f>] __dentry_open+0x1c2/0x338
+> [<ffffffff81129da0>] nameidata_to_filp+0x3f/0x50
+> [<ffffffff81136200>] do_last+0x432/0x5af
+> [<ffffffff81246a75>] ? __raw_spin_lock_init+0x31/0x50
+> [<ffffffff811365ad>] do_filp_open+0x230/0x5e1
+> [<ffffffff810fac10>] ? might_fault+0x5c/0xac
+> [<ffffffff8114040b>] ? alloc_fd+0x3b/0x17c
+> [<ffffffff8107fc2a>] ? lock_release+0x19a/0x1a6
+> [<ffffffff8114053a>] ? alloc_fd+0x16a/0x17c
+> [<ffffffff81129e11>] do_sys_open+0x60/0xfc
+> [<ffffffff8149aca2>] ? trace_hardirqs_on_thunk+0x3a/0x3f
+> [<ffffffff81129ecd>] sys_open+0x20/0x22
+> [<ffffffff81009cb2>] system_call_fastpath+0x16/0x1b
+> Code: df 31 c0 e8 e6 40 f7 ff 48 c7 c6 90 19 2a a0 48 89 df 31 c0 e8 d5 40 f7
+> ff 49 8b 84 24 f0 00 00 00 48 c7 c6 97 19 2a a0 48 89 df <48> 8b 50 08 31 c0 e8
+> b8 40 f7 ff 49 8b 84 24 f8 00 00 00 48 c7
+> RIP [<ffffffffa0296742>] snd_pcm_substream_proc_status_read+0x164/0x1ad
+> [snd_pcm]
+> RSP <ffff8801178c1b58>
+> ---[ end trace 96389f116dd90473 ]---
+>
+> Faulting insn:
+> 48 8b 50 08 mov 0x8(%rax),%rdx
+>
+> RAX: 6b6b6b6b6b6b6b6b
+>
+> sound/core/pcm.c:453:
+>
+> snd_iprintf(buffer, "hw_ptr : %ld\n", runtime->status->hw_ptr);
+>
+> runtime = 0x6b6b6b6b6b6b6b6b
+>
+> The code checks for NULL before using it, but this is a poison value.
+
+Looks like a race.
+Could you check whether the patch below fixes the problem?
+
+
+thanks,
+
+Takashi
+
+---
+diff --git a/sound/core/pcm.c b/sound/core/pcm.c
+index 204af48..ac242a3 100644
+--- a/sound/core/pcm.c
++++ b/sound/core/pcm.c
+@@ -372,14 +372,17 @@ static void snd_pcm_substream_proc_hw_params_read(struct snd_info_entry *entry,
+ struct snd_info_buffer *buffer)
+ {
+ struct snd_pcm_substream *substream = entry->private_data;
+- struct snd_pcm_runtime *runtime = substream->runtime;
++ struct snd_pcm_runtime *runtime;
++
++ mutex_lock(&substream->pcm->open_mutex);
++ runtime = substream->runtime;
+ if (!runtime) {
+ snd_iprintf(buffer, "closed\n");
+- return;
++ goto unlock;
+ }
+ if (runtime->status->state == SNDRV_PCM_STATE_OPEN) {
+ snd_iprintf(buffer, "no setup\n");
+- return;
++ goto unlock;
+ }
+ snd_iprintf(buffer, "access: %s\n", snd_pcm_access_name(runtime->access));
+ snd_iprintf(buffer, "format: %s\n", snd_pcm_format_name(runtime->format));
+@@ -398,20 +401,25 @@ static void snd_pcm_substream_proc_hw_params_read(struct snd_info_entry *entry,
+ snd_iprintf(buffer, "OSS period frames: %lu\n", (unsigned long)runtime->oss.period_frames);
+ }
+ #endif
++ unlock:
++ mutex_unlock(&substream->pcm->open_mutex);
+ }
+
+ static void snd_pcm_substream_proc_sw_params_read(struct snd_info_entry *entry,
+ struct snd_info_buffer *buffer)
+ {
+ struct snd_pcm_substream *substream = entry->private_data;
+- struct snd_pcm_runtime *runtime = substream->runtime;
++ struct snd_pcm_runtime *runtime;
++
++ mutex_lock(&substream->pcm->open_mutex);
++ runtime = substream->runtime;
+ if (!runtime) {
+ snd_iprintf(buffer, "closed\n");
+- return;
++ goto unlock;
+ }
+ if (runtime->status->state == SNDRV_PCM_STATE_OPEN) {
+ snd_iprintf(buffer, "no setup\n");
+- return;
++ goto unlock;
+ }
+ snd_iprintf(buffer, "tstamp_mode: %s\n", snd_pcm_tstamp_mode_name(runtime->tstamp_mode));
+ snd_iprintf(buffer, "period_step: %u\n", runtime->period_step);
+@@ -421,24 +429,29 @@ static void snd_pcm_substream_proc_sw_params_read(struct snd_info_entry *entry,
+ snd_iprintf(buffer, "silence_threshold: %lu\n", runtime->silence_threshold);
+ snd_iprintf(buffer, "silence_size: %lu\n", runtime->silence_size);
+ snd_iprintf(buffer, "boundary: %lu\n", runtime->boundary);
++ unlock:
++ mutex_unlock(&substream->pcm->open_mutex);
+ }
+
+ static void snd_pcm_substream_proc_status_read(struct snd_info_entry *entry,
+ struct snd_info_buffer *buffer)
+ {
+ struct snd_pcm_substream *substream = entry->private_data;
+- struct snd_pcm_runtime *runtime = substream->runtime;
++ struct snd_pcm_runtime *runtime;
+ struct snd_pcm_status status;
+ int err;
++
++ mutex_lock(&substream->pcm->open_mutex);
++ runtime = substream->runtime;
+ if (!runtime) {
+ snd_iprintf(buffer, "closed\n");
+- return;
++ goto unlock;
+ }
+ memset(&status, 0, sizeof(status));
+ err = snd_pcm_status(substream, &status);
+ if (err < 0) {
+ snd_iprintf(buffer, "error %d\n", err);
+- return;
++ goto unlock;
+ }
+ snd_iprintf(buffer, "state: %s\n", snd_pcm_state_name(status.state));
+ snd_iprintf(buffer, "owner_pid : %d\n", pid_vnr(substream->pid));
+@@ -452,6 +465,8 @@ static void snd_pcm_substream_proc_status_read(struct snd_info_entry *entry,
+ snd_iprintf(buffer, "-----\n");
+ snd_iprintf(buffer, "hw_ptr : %ld\n", runtime->status->hw_ptr);
+ snd_iprintf(buffer, "appl_ptr : %ld\n", runtime->control->appl_ptr);
++ unlock:
++ mutex_unlock(&substream->pcm->open_mutex);
+ }
+
+ #ifdef CONFIG_SND_PCM_XRUN_DEBUG
+
diff --git a/kernel.spec b/kernel.spec
index e6eb826..a99309d 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -51,7 +51,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be prepended with "0.", so
# for example a 3 here will become 0.3
#
-%global baserelease 14
+%global baserelease 15
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -683,8 +683,6 @@ Patch2917: hdpvr-ir-enable.patch
# NFSv4
-# VIA Nano / VX8xx updates
-
# patches headed upstream
Patch12016: disable-i8042-check-on-apple-mac.patch
@@ -693,6 +691,8 @@ Patch12017: prevent-runtime-conntrack-changes.patch
Patch12018: neuter_intel_microcode_load.patch
+Patch12020: alsa-fix-substream-proc-status-read.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1185,6 +1185,8 @@ ApplyPatch linux-2.6-defaults-aspm.patch
# ALSA
ApplyPatch hda_intel-prealloc-4mb-dmabuffer.patch
+# patch from alsa list to try to fix bug #628404
+ApplyPatch alsa-fix-substream-proc-status-read.patch
# Networking
@@ -1869,6 +1871,9 @@ fi
# || ||
%changelog
+* Thu Sep 02 2010 Chuck Ebbert <cebbert at redhat.com> - 2.6.36-0.15.rc3.git0
+- Add patch from ALSA mailing list to try to fix bug #628404
+
* Wed Sep 01 2010 Kyle McMartin <kyle at redhat.com> - 2.6.36-0.14.rc3.git0
- Fix icebp breakpoints, patch from Frederic Weisbecker.
(https://bugzilla.kernel.org/show_bug.cgi?id=16315#c26)
More information about the scm-commits
mailing list