[ALSA] hda-codec - Fix race condition in generic bound volume/swtich controls
Attached patch fix race condition in hd_codec generic bound volume/swtich
controls
oops on this bug can be easy reproduced by two mixer apps on SMP system with
PREEMPT kernel
dmesg:
ALSA /home/ss/ALSA/alsa-driver-1.0.16/pci/hda/../../alsa-kernel/pci/hda/hda_intel.c:596:
hda_intel: azx_get_response timeout, switching to polling mode: las
t cmd=0x014f0900
BUG: unable to handle kernel paging request at virtual address 00070006
printing eip: f8f43e95 *pde = 00000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: i915 drm snd_seq_dummy snd_seq_oss snd_seq_midi_event
snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss bnep rfcomm hidp l2cap
bluetooth w
lan_wep acpi_cpufreq coretemp hwmon mmc_block pcspkr psmouse wlan_scan_sta
ath_rate_sample snd_hda_intel ath_pci serio_raw wlan tg3 sdhci snd_pcm
firewire_o
hci mmc_core i2c_i801 snd_timer firewire_core snd_page_alloc ath_hal(P)
snd_hwdep snd iTCO_wdt crc_itu_t iTCO_vendor_support shpchp video output
acer_acpi b
acklight led_class wmi_acer
Pid: 3969, comm: gkrellm Tainted: P (2.6.24-jm #4)
EIP: 0060:[<f8f43e95>] EFLAGS: 00010292 CPU: 0
EIP is at snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel]
EAX: 00000000 EBX: f7478e00 ECX: f763e000 EDX: f764f788
ESI: 00070002 EDI: edce5e00 EBP: edc3fe64 ESP: edc3fe54
DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process gkrellm (pid: 3969, ti=edc3e000 task=f1e4e000 task.ti=edc3e000)
Stack: f764f77c f7478e00 edce5e00 f6dd6000 edc3fe84 f8e590e8 edc7a239 f6d14034
f764f34c f6c0f7e0 edc3ff30 f6d14034 edc3fea8 f8e591b7 edc3ff30 edc3ff2c
00000000 f70aa668 f6d14034 f8e59165 bfbfadb0 edc3ff40 f8e587aa edc3ff2c
Call Trace:
[<c0104fbb>] show_trace_log_lvl+0x1a/0x2f
[<c010506d>] show_stack_log_lvl+0x9d/0xa5
[<c0105119>] show_registers+0xa4/0x1bd
[<c0105354>] die+0x122/0x206
[<c03daccc>] do_page_fault+0x535/0x623
[<c03d940a>] error_code+0x72/0x78
[<f8e590e8>] snd_mixer_oss_get_volume1_vol+0x74/0xf1 [snd_mixer_oss]
[<f8e591b7>] snd_mixer_oss_get_volume1+0x52/0xa5 [snd_mixer_oss]
[<f8e587aa>] snd_mixer_oss_ioctl1+0x673/0x71e [snd_mixer_oss]
[<f8e588af>] snd_mixer_oss_ioctl+0xb/0xd [snd_mixer_oss]
[<c017af0a>] do_ioctl+0x22/0x67
[<c017b186>] vfs_ioctl+0x237/0x24a
[<c017b1ca>] sys_ioctl+0x31/0x4b
[<c010402e>] syscall_call+0x7/0xb
=======================
Code: 3f 49 c7 89 f8 59 5b 5e 5f 5d c3 55 89 e5 57 89 d7 56 53 89 c3 83 ec 04
8b 70 5c 8b 40 60 05 7c 01 00 00 89 45 f0 e8 c0 3f 49 c7 <8b> 46 04 89 fa 89
4
3 5c 89 d8 8b 0e ff 11 89 73 5c 89 c7 8b 45
EIP: [<f8f43e95>] snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel]
SS:ESP 0068:edc3fe54
---[ end trace 0a20bc209e9397cc ]---
similar issue report present in ALSA bugtracking system
https://bugtrack.alsa-project.org/alsa-bug/view.php?id=3652
Signed-off-by: Serge A. Suchkov <Serge.A.S@tochka.ru>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
index 26812dc..5c6419e 100644
--- a/sound/pci/hda/hda_codec.c
+++ b/sound/pci/hda/hda_codec.c
@@ -1197,8 +1197,8 @@
struct hda_bind_ctls *c;
int err;
- c = (struct hda_bind_ctls *)kcontrol->private_value;
mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */
+ c = (struct hda_bind_ctls *)kcontrol->private_value;
kcontrol->private_value = *c->values;
err = c->ops->info(kcontrol, uinfo);
kcontrol->private_value = (long)c;
@@ -1213,8 +1213,8 @@
struct hda_bind_ctls *c;
int err;
- c = (struct hda_bind_ctls *)kcontrol->private_value;
mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */
+ c = (struct hda_bind_ctls *)kcontrol->private_value;
kcontrol->private_value = *c->values;
err = c->ops->get(kcontrol, ucontrol);
kcontrol->private_value = (long)c;
@@ -1230,8 +1230,8 @@
unsigned long *vals;
int err = 0, change = 0;
- c = (struct hda_bind_ctls *)kcontrol->private_value;
mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */
+ c = (struct hda_bind_ctls *)kcontrol->private_value;
for (vals = c->values; *vals; vals++) {
kcontrol->private_value = *vals;
err = c->ops->put(kcontrol, ucontrol);
@@ -1251,8 +1251,8 @@
struct hda_bind_ctls *c;
int err;
- c = (struct hda_bind_ctls *)kcontrol->private_value;
mutex_lock(&codec->spdif_mutex); /* reuse spdif_mutex */
+ c = (struct hda_bind_ctls *)kcontrol->private_value;
kcontrol->private_value = *c->values;
err = c->ops->tlv(kcontrol, op_flag, size, tlv);
kcontrol->private_value = (long)c;