[PATCH] Fix race condition in generic bound volume/swtich controls

Serge A. Suchkov Serge.A.S at tochka.ru
Fri Feb 8 09:34:15 CET 2008

Hi all,

Attached patch fix race condition in hd_codec generic bound volume/swtich 

oops on this bug can be easy reproduced by two mixer apps on SMP system with  
PREEMPT kernel


ALSA /home/ss/ALSA/alsa-driver-1.0.16/pci/hda/../../alsa-kernel/pci/hda/hda_intel.c:596: 
hda_intel: azx_get_response timeout, switching to polling mode: las
t cmd=0x014f0900
BUG: unable to handle kernel paging request at virtual address 00070006
printing eip: f8f43e95 *pde = 00000000
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: i915 drm snd_seq_dummy snd_seq_oss snd_seq_midi_event 
snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss bnep rfcomm hidp l2cap 
bluetooth w
lan_wep acpi_cpufreq coretemp hwmon mmc_block pcspkr psmouse wlan_scan_sta 
ath_rate_sample snd_hda_intel ath_pci serio_raw wlan tg3 sdhci snd_pcm 
hci mmc_core i2c_i801 snd_timer firewire_core snd_page_alloc ath_hal(P) 
snd_hwdep snd iTCO_wdt crc_itu_t iTCO_vendor_support shpchp video output 
acer_acpi b
acklight led_class wmi_acer

Pid: 3969, comm: gkrellm Tainted: P        (2.6.24-jm #4)
EIP: 0060:[<f8f43e95>] EFLAGS: 00010292 CPU: 0
EIP is at snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel]
EAX: 00000000 EBX: f7478e00 ECX: f763e000 EDX: f764f788
ESI: 00070002 EDI: edce5e00 EBP: edc3fe64 ESP: edc3fe54
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process gkrellm (pid: 3969, ti=edc3e000 task=f1e4e000 task.ti=edc3e000)
Stack: f764f77c f7478e00 edce5e00 f6dd6000 edc3fe84 f8e590e8 edc7a239 f6d14034
       f764f34c f6c0f7e0 edc3ff30 f6d14034 edc3fea8 f8e591b7 edc3ff30 edc3ff2c
       00000000 f70aa668 f6d14034 f8e59165 bfbfadb0 edc3ff40 f8e587aa edc3ff2c
Call Trace:
 [<c0104fbb>] show_trace_log_lvl+0x1a/0x2f
 [<c010506d>] show_stack_log_lvl+0x9d/0xa5
 [<c0105119>] show_registers+0xa4/0x1bd
 [<c0105354>] die+0x122/0x206
 [<c03daccc>] do_page_fault+0x535/0x623
 [<c03d940a>] error_code+0x72/0x78
 [<f8e590e8>] snd_mixer_oss_get_volume1_vol+0x74/0xf1 [snd_mixer_oss]
 [<f8e591b7>] snd_mixer_oss_get_volume1+0x52/0xa5 [snd_mixer_oss]
 [<f8e587aa>] snd_mixer_oss_ioctl1+0x673/0x71e [snd_mixer_oss]
 [<f8e588af>] snd_mixer_oss_ioctl+0xb/0xd [snd_mixer_oss]
 [<c017af0a>] do_ioctl+0x22/0x67
 [<c017b186>] vfs_ioctl+0x237/0x24a
 [<c017b1ca>] sys_ioctl+0x31/0x4b
 [<c010402e>] syscall_call+0x7/0xb
Code: 3f 49 c7 89 f8 59 5b 5e 5f 5d c3 55 89 e5 57 89 d7 56 53 89 c3 83 ec 04 
8b 70 5c 8b 40 60 05 7c 01 00 00 89 45 f0 e8 c0 3f 49 c7 <8b> 46 04 89 fa 89 
3 5c 89 d8 8b 0e ff 11 89 73 5c 89 c7 8b 45
EIP: [<f8f43e95>] snd_hda_mixer_bind_ctls_info+0x20/0x43 [snd_hda_intel] 
SS:ESP 0068:edc3fe54
---[ end trace 0a20bc209e9397cc ]---

similar issue report present in ALSA bugtracking system

Serge A. Suchkov
