kern/74305: bktr msp sound chip code doesn't hold Giant on a sleeping kthread

Anish Mistry amistry at am-productions.biz
Tue Nov 23 22:50:01 GMT 2004 

>Number:         74305
>Category:       kern
>Synopsis:       bktr msp sound chip code doesn't hold Giant on a sleeping kthread
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 23 22:50:01 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Anish Mistry
>Release:        FreeBSD 5.3-STABLE i386
>Organization:
AM Productions
>Environment:
System: FreeBSD bigguy.am-productions.biz 5.3-STABLE FreeBSD 5.3-STABLE #6: Tue Nov 23 17:13:38 EST 2004     amistry at bigguy.am-productions.biz:/usr/src/sys/i386/compile/BIGGUY  i386


	
>Description:
	Giant is not held when tsleep is called in the msp kernel thread.  This causes a panic when INVARIANTS are enabled.
>How-To-Repeat:
	Compile your kernel with "options BKTR_NEW_MSP34XX_DRIVER" and have an msp chip bktr card.  ie. ATI TV Wonder (not VE)
>Fix:
	The following patch fixes the problem by aquiring Giant.  Attached also.
	http://am-productions.biz/docs/msp34xx-giant-locking.c.diff
	

--- msp34xx-giant-locking.c.diff begins here ---
--- msp34xx.c.orig	Mon Nov 22 22:57:42 2004
+++ msp34xx.c	Tue Nov 23 17:10:16 2004
@@ -702,6 +702,7 @@
 	
 	dprintk("msp3400: thread started\n");
 	
+	mtx_lock(&Giant);
 	for (;;) {
 		if (msp->rmmod)
 			goto done;
@@ -892,6 +893,7 @@
 
 	msp->kthread = NULL;
 	wakeup(&msp->kthread);
+	mtx_unlock(&Giant);
 
 	kthread_exit(0);
 }
@@ -936,6 +938,7 @@
     
 	dprintk("msp3410: thread started\n");
 		
+	mtx_lock(&Giant);
 	for (;;) {
 		if (msp->rmmod)
 			goto done;
@@ -1114,9 +1117,10 @@
 done:
 	dprintk("msp3410: thread: exit\n");
 	msp->active = 0;
-
+	
 	msp->kthread = NULL;
 	wakeup(&msp->kthread);
+	mtx_unlock(&Giant);
 
 	kthread_exit(0);
 }
@@ -1213,12 +1217,14 @@
 	if (msp->kthread) 
 	{
 		/* XXX mutex lock required */
+		mtx_lock(&Giant);
 		msp->rmmod = 1;
 		msp->watch_stereo = 0;
 		wakeup(msp->kthread);
 
 		while (msp->kthread)
 			tsleep(&msp->kthread, PRIBIO, "wait for kthread", hz/10);
+		mtx_unlock(&Giant);
 	}
 
 	if (client->msp3400c_info != NULL) {
--- msp34xx-giant-locking.c.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list