Module Name:    src
Committed By:   nat
Date:           Sat Jan 21 22:54:11 UTC 2017

Modified Files:
        src/sys/dev: audio.c

Log Message:
Don't release/reacquire thread lock during open in setup_[p/r]filters.
This can lead to panics and/or unpredictable behaviour.
Found by maya@

Addresses PR kern/51746.


To generate a diff of this commit:
cvs rdiff -u -r1.292 -r1.293 src/sys/dev/audio.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/audio.c
diff -u src/sys/dev/audio.c:1.292 src/sys/dev/audio.c:1.293
--- src/sys/dev/audio.c:1.292	Sat Jan 21 22:22:41 2017
+++ src/sys/dev/audio.c	Sat Jan 21 22:54:11 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: audio.c,v 1.292 2017/01/21 22:22:41 nat Exp $	*/
+/*	$NetBSD: audio.c,v 1.293 2017/01/21 22:54:11 nat Exp $	*/
 
 /*-
  * Copyright (c) 2016 Nathanial Sloss <nathanialsl...@yahoo.com.au>
@@ -148,7 +148,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.292 2017/01/21 22:22:41 nat Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.293 2017/01/21 22:54:11 nat Exp $");
 
 #include "audio.h"
 #if NAUDIO > 0
@@ -1186,7 +1186,6 @@ audio_setup_pfilters(struct audio_softc 
 	vc = sc->sc_vchan[m];
 
 	/* Construct new filters. */
-	mutex_exit(sc->sc_lock);
 	memset(pf, 0, sizeof(pf));
 	memset(ps, 0, sizeof(ps));
 	from_param = pp;
@@ -1210,10 +1209,8 @@ audio_setup_pfilters(struct audio_softc 
 				pf[i]->dtor(pf[i]);
 			audio_stream_dtor(&ps[i]);
 		}
-		mutex_enter(sc->sc_lock);
 		return EINVAL;
 	}
-	mutex_enter(sc->sc_lock);
 
 	/* Swap in new filters. */
 	mutex_enter(sc->sc_intr_lock);
@@ -1237,12 +1234,10 @@ audio_setup_pfilters(struct audio_softc 
 	mutex_exit(sc->sc_intr_lock);
 
 	/* Destroy old filters. */
-	mutex_exit(sc->sc_lock);
 	for (i = 0; i < onfilters; i++) {
 		of[i]->dtor(of[i]);
 		audio_stream_dtor(&os[i]);
 	}
-	mutex_enter(sc->sc_lock);
 
 #ifdef AUDIO_DEBUG
 	printf("%s: HW-buffer=%p pustream=%p\n",
@@ -1273,7 +1268,6 @@ audio_setup_rfilters(struct audio_softc 
 	vc = sc->sc_vchan[m];
 
 	/* Construct new filters. */
-	mutex_exit(sc->sc_lock);
 	memset(rf, 0, sizeof(rf));
 	memset(rs, 0, sizeof(rs));
 	for (i = 0; i < rfilters->req_size; i++) {
@@ -1302,10 +1296,8 @@ audio_setup_rfilters(struct audio_softc 
 				rf[i]->dtor(rf[i]);
 			audio_stream_dtor(&rs[i]);
 		}
-		mutex_enter(sc->sc_lock);
 		return EINVAL;
 	}
-	mutex_enter(sc->sc_lock);
 
 	/* Swap in new filters. */
 	mutex_enter(sc->sc_intr_lock);
@@ -1340,12 +1332,10 @@ audio_setup_rfilters(struct audio_softc 
 #endif /* AUDIO_DEBUG */
 
 	/* Destroy old filters. */
-	mutex_exit(sc->sc_lock);
 	for (i = 0; i < onfilters; i++) {
 		of[i]->dtor(of[i]);
 		audio_stream_dtor(&os[i]);
 	}
-	mutex_enter(sc->sc_lock);
 
 	return 0;
 }
@@ -1784,8 +1774,7 @@ audio_initbufs(struct audio_softc *sc, i
 	DPRINTF(("audio_initbufs: mode=0x%x\n", sc->sc_vchan[n]->sc_mode));
 	vc = sc->sc_vchan[0];
 	hw = sc->hw_if;
-	if ((audio_can_capture(sc) && n == 0) ||
-	    (sc->sc_vchan[n]->sc_open & AUOPEN_READ)) {
+	if (audio_can_capture(sc) || (sc->sc_vchan[n]->sc_open & AUOPEN_READ)) {
 		audio_init_ringbuffer(sc, &sc->sc_vchan[n]->sc_mrr,
 		    AUMODE_RECORD);
 		if (sc->sc_opens == 0 && hw->init_input &&
@@ -1797,8 +1786,8 @@ audio_initbufs(struct audio_softc *sc, i
 		}
 	}
 
-	if ((audio_can_playback(sc) && n == 0) ||
-	    (sc->sc_vchan[n]->sc_open & AUOPEN_WRITE)) {
+	if (audio_can_playback(sc) ||
+				 (sc->sc_vchan[n]->sc_open & AUOPEN_WRITE)) {
 		audio_init_ringbuffer(sc, &sc->sc_vchan[n]->sc_mpr,
 		    AUMODE_PLAY);
 		sc->sc_vchan[n]->sc_sil_count = 0;
@@ -1937,6 +1926,8 @@ audio_open(dev_t dev, struct audio_softc
 		return error;
 	}
 
+	audio_initbufs(sc, n);
+
 	if (sc->sc_opens == 0) {
 		if (hw->open != NULL) {
 			mutex_enter(sc->sc_intr_lock);
@@ -3204,9 +3195,7 @@ audio_mmap(struct audio_softc *sc, off_t
 		}
 	}
 
-	mutex_exit(sc->sc_lock);
 	rv = (paddr_t)(uintptr_t)(cb->s.start + off);
-	mutex_enter(sc->sc_lock);
 
 	return rv;
 }

Reply via email to