From 14c65f98bfea9324cf334793305dd262d0095850 Mon Sep 17 00:00:00 2001 From: "Serge A. Suchkov" Date: Fri, 22 Feb 2008 18:43:16 +0100 Subject: [PATCH] [ALSA] hda-codec - Fix race condition in generic bound volume/swtich controls Attached patch fix race condition in hd_codec generic bound volume/swtich controls oops on this bug can be easy reproduced by two mixer apps on SMP system with PREEMPT kernel dmesg: ALSA /home/ss/ALSA/alsa-driver-1.0.16/pci/hda/../../alsa-kernel/pci/hda/hda_intel.c:596: hda_intel: azx_get_response timeout, switching to polling mode: las t cmd=0x014f0900 BUG: unable to handle kernel paging request at virtual address 00070006 printing eip: f8f43e95 *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: i915 drm snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss bnep rfcomm hidp l2cap bluetooth w lan_wep acpi_cpufreq coretemp hwmon mmc_block pcspkr psmouse wlan_scan_sta ath_rate_sample snd_hda_intel ath_pci serio_raw wlan tg3 sdhci snd_pcm firewire_o hci mmc_core i2c_i801 snd_timer firewire_core snd_page_alloc ath_hal(P) snd_hwdep snd iTCO_wdt crc_itu_t iTCO_vendor_support shpchp video output acer_acpi b acklight led_class wmi_acer Pid: 3969, comm: gkrellm Tainted: P (2.6.24-jm #4) EIP: 0060:[] EFLAGS: 00010292 CPU: 0 EIP is at snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel] EAX: 00000000 EBX: f7478e00 ECX: f763e000 EDX: f764f788 ESI: 00070002 EDI: edce5e00 EBP: edc3fe64 ESP: edc3fe54 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process gkrellm (pid: 3969, ti=edc3e000 task=f1e4e000 task.ti=edc3e000) Stack: f764f77c f7478e00 edce5e00 f6dd6000 edc3fe84 f8e590e8 edc7a239 f6d14034 f764f34c f6c0f7e0 edc3ff30 f6d14034 edc3fea8 f8e591b7 edc3ff30 edc3ff2c 00000000 f70aa668 f6d14034 f8e59165 bfbfadb0 edc3ff40 f8e587aa edc3ff2c Call Trace: [] show_trace_log_lvl+0x1a/0x2f [] show_stack_log_lvl+0x9d/0xa5 [] show_registers+0xa4/0x1bd [] die+0x122/0x206 [] do_page_fault+0x535/0x623 [] error_code+0x72/0x78 [] snd_mixer_oss_get_volume1_vol+0x74/0xf1 [snd_mixer_oss] [] snd_mixer_oss_get_volume1+0x52/0xa5 [snd_mixer_oss] [] snd_mixer_oss_ioctl1+0x673/0x71e [snd_mixer_oss] [] snd_mixer_oss_ioctl+0xb/0xd [snd_mixer_oss] [] do_ioctl+0x22/0x67 [] vfs_ioctl+0x237/0x24a [] sys_ioctl+0x31/0x4b [] syscall_call+0x7/0xb ======================= Code: 3f 49 c7 89 f8 59 5b 5e 5f 5d c3 55 89 e5 57 89 d7 56 53 89 c3 83 ec 04 8b 70 5c 8b 40 60 05 7c 01 00 00 89 45 f0 e8 c0 3f 49 c7 <8b> 46 04 89 fa 89 4 3 5c 89 d8 8b 0e ff 11 89 73 5c 89 c7 8b 45 EIP: [] snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel] SS:ESP 0068:edc3fe54 ---[ end trace 0a20bc209e9397cc ]--- similar issue report present in ALSA bugtracking system https://bugtrack.alsa-project.org/alsa-bug/view.php?id=3652 Signed-off-by: Serge A. Suchkov Signed-off-by: Takashi Iwai Signed-off-by: Linus Torvalds --- sound/pci/hda/hda_codec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c index 26812dc2b7f2..5c6419ead015 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -1197,8 +1197,8 @@ int snd_hda_mixer_bind_ctls_info(struct snd_kcontrol *kcontrol, struct hda_bind_ctls *c; int err; - c = (struct hda_bind_ctls *)kcontrol->private_value; mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */ + c = (struct hda_bind_ctls *)kcontrol->private_value; kcontrol->private_value = *c->values; err = c->ops->info(kcontrol, uinfo); kcontrol->private_value = (long)c; @@ -1213,8 +1213,8 @@ int snd_hda_mixer_bind_ctls_get(struct snd_kcontrol *kcontrol, struct hda_bind_ctls *c; int err; - c = (struct hda_bind_ctls *)kcontrol->private_value; mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */ + c = (struct hda_bind_ctls *)kcontrol->private_value; kcontrol->private_value = *c->values; err = c->ops->get(kcontrol, ucontrol); kcontrol->private_value = (long)c; @@ -1230,8 +1230,8 @@ int snd_hda_mixer_bind_ctls_put(struct snd_kcontrol *kcontrol, unsigned long *vals; int err = 0, change = 0; - c = (struct hda_bind_ctls *)kcontrol->private_value; mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */ + c = (struct hda_bind_ctls *)kcontrol->private_value; for (vals = c->values; *vals; vals++) { kcontrol->private_value = *vals; err = c->ops->put(kcontrol, ucontrol); @@ -1251,8 +1251,8 @@ int snd_hda_mixer_bind_tlv(struct snd_kcontrol *kcontrol, int op_flag, struct hda_bind_ctls *c; int err; - c = (struct hda_bind_ctls *)kcontrol->private_value; mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */ + c = (struct hda_bind_ctls *)kcontrol->private_value; kcontrol->private_value = *c->values; err = c->ops->tlv(kcontrol, op_flag, size, tlv); kcontrol->private_value = (long)c; -- 2.30.2