Module Name: src
Committed By: isaki
Date: Sat Mar 26 06:27:32 UTC 2022
Modified Files:
src/sys/dev/audio: audio.c
Log Message:
Fix conditions that audio_read() calls audio_track_record().
audio_track_record() must be called when usrbuf has at least one free block.
I hope that this will fix the panic reported in PR kern/56644.
When an user process specifies the hardware format as its recording format
(i.e., there is no track conversions), if the user process read(2) a small
amount of data and the rmixer_process then runs, depending on the conditions,
the panic may happen. I have never reproduced it because it's difficult to
do intentionally.
Thanks Y.Sugahara and riastradh@ for help and comments.
To generate a diff of this commit:
cvs rdiff -u -r1.115 -r1.116 src/sys/dev/audio/audio.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/dev/audio/audio.c
diff -u src/sys/dev/audio/audio.c:1.115 src/sys/dev/audio/audio.c:1.116
--- src/sys/dev/audio/audio.c:1.115 Mon Mar 14 21:38:04 2022
+++ src/sys/dev/audio/audio.c Sat Mar 26 06:27:32 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: audio.c,v 1.115 2022/03/14 21:38:04 riastradh Exp $ */
+/* $NetBSD: audio.c,v 1.116 2022/03/26 06:27:32 isaki Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -138,7 +138,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.115 2022/03/14 21:38:04 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.116 2022/03/26 06:27:32 isaki Exp $");
#ifdef _KERNEL_OPT
#include "audio.h"
@@ -2760,7 +2760,12 @@ audio_read(struct audio_softc *sc, struc
mutex_exit(sc->sc_lock);
audio_track_lock_enter(track);
- audio_track_record(track);
+ /* Convert as many blocks as possible. */
+ while (usrbuf->used <=
+ track->usrbuf_usedhigh - track->usrbuf_blksize &&
+ input->used > 0) {
+ audio_track_record(track);
+ }
/* uiomove from usrbuf as much as possible. */
bytes = uimin(usrbuf->used, uio->uio_resid);
@@ -4938,6 +4943,8 @@ audio_track_record(audio_track_t *track)
/* Copy outbuf to usrbuf */
outbuf = &track->outbuf;
usrbuf = &track->usrbuf;
+ /* usrbuf must have at least one free block. */
+ KASSERT(usrbuf->used <= track->usrbuf_usedhigh - track->usrbuf_blksize);
/*
* framesize is always 1 byte or more since all formats supported
* as usrfmt(=output) have 8bit or more stride.
@@ -4949,8 +4956,7 @@ audio_track_record(audio_track_t *track)
* bytes is the number of bytes to copy to usrbuf.
*/
count = outbuf->used;
- count = uimin(count,
- (track->usrbuf_usedhigh - usrbuf->used) / framesize);
+ count = uimin(count, track->usrbuf_blksize / framesize);
bytes = count * framesize;
if (auring_tail(usrbuf) + bytes < usrbuf->capacity) {
memcpy((uint8_t *)usrbuf->mem + auring_tail(usrbuf),
