netbsd-bugs: kern/24066: [PATCH] uaudio bug fix

Subject: kern/24066: [PATCH] uaudio bug fix
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <naoki@fukaumi.org>
List: netbsd-bugs
Date: 01/12/2004 17:34:47
>Number:         24066
>Category:       kern
>Synopsis:       [PATCH] uaudio bug fix
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 12 08:36:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     FUKAUMI Naoki
>Release:        NetBSD 1.6ZH
>Organization:
	FUKAUMI Naoki
>Environment:
System: NetBSD 164lx.naobsd.org 1.6ZH NetBSD 1.6ZH (164LX) #1: Mon Jan 12 16:54:57 JST 2004 root@164lx.naobsd.org:/usr/obj/alpha/sys/arch/alpha/compile/164LX alpha
Architecture: alpha
Machine: alpha
>Description:
	uaudio.c::uaudio_set_params() (called by audio.c::audiosetinfo())
	can't handle "setmode = 0" case correctly.

	  UGETW(sc->sc_alts[raltidx].edesc->wMaxPacketSize)
	cause invalid memory access.
>How-To-Repeat:
	attach uaudio(4) device, and run
	  % audiorecord
	then kernel is crashed very soon.

	CPU 0: fatal kernel trap:
	
	CPU 0    trap entry = 0x2 (memory management fault)
	CPU 0    a0         = 0x5
	CPU 0    a1         = 0x1
	CPU 0    a2         = 0x0
	CPU 0    pc         = 0xfffffc000067497c
	CPU 0    ra         = 0xfffffc00005001e4
	CPU 0    pv         = 0xfffffc0000674760
	CPU 0    curlwp    = 0xfffffc0001627500
	CPU 0        pid = 8041, comm = audiorecord
>Fix:
Index: uaudio.c
===================================================================
RCS file: /home/fun/cvsroot/NetBSD/src/sys/dev/usb/uaudio.c,v
retrieving revision 1.69
diff -u -r1.69 uaudio.c
--- uaudio.c	14 Oct 2003 13:12:19 -0000	1.69
+++ uaudio.c	12 Jan 2004 07:54:09 -0000
@@ -2517,16 +2517,16 @@
 				sc->sc_alts[i].sc_busy = 1;
 			}
 		}
-	}
 
-	if ((usemode & AUMODE_PLAY) /*&& paltidx != sc->sc_playchan.altidx*/) {
-		/* XXX abort transfer if currently happening? */
-		uaudio_chan_init(&sc->sc_playchan, paltidx, play, 0);
-	}
-	if ((usemode & AUMODE_RECORD) /*&& raltidx != sc->sc_recchan.altidx*/) {
-		/* XXX abort transfer if currently happening? */
-		uaudio_chan_init(&sc->sc_recchan, raltidx, rec,
-		    UGETW(sc->sc_alts[raltidx].edesc->wMaxPacketSize));
+		if ((usemode & AUMODE_PLAY) /*&& paltidx != sc->sc_playchan.altidx*/) {
+			/* XXX abort transfer if currently happening? */
+			uaudio_chan_init(&sc->sc_playchan, paltidx, play, 0);
+		}
+		if ((usemode & AUMODE_RECORD) /*&& raltidx != sc->sc_recchan.altidx*/) {
+			/* XXX abort transfer if currently happening? */
+			uaudio_chan_init(&sc->sc_recchan, raltidx, rec,
+			    UGETW(sc->sc_alts[raltidx].edesc->wMaxPacketSize));
+		}
 	}
 
 	DPRINTF(("uaudio_set_params: use altidx=p%d/r%d, altno=p%d/r%d\n",
>Release-Note:
>Audit-Trail:
>Unformatted: