Re: kern/42113 (null pointer dereference in audio_calcwater if using hdaudio)

["Jared D. McNeill" <jmcneill%invisible.ca@localhost>]

The following reply was made to PR kern/42113; it has been noted by GNATS.

From: "Jared D. McNeill" <jmcneill%invisible.ca@localhost>
To: "List Mail User" <track%Plectere.com@localhost>,
        <gnats-bugs%NetBSD.org@localhost>,
        <jmcneill%NetBSD.org@localhost>
Cc: <track%Plectere.com@localhost>
Subject: Re: kern/42113 (null pointer dereference in audio_calcwater if using 
hdaudio)
Date: Sat, 26 Sep 2009 21:55:33 -0400

 You're right! Your audio_calcwater panic was caused by a different problem 
 which should have been resolved by the following commit:
 
 http://mail-index.netbsd.org/source-changes/2009/09/25/msg001185.html
 
 Cheers,
 Jared
 
 --------------------------------------------------
 From: "List Mail User" <track%Plectere.com@localhost>
 Sent: Saturday, September 26, 2009 7:01 PM
 To: <gnats-bugs%NetBSD.org@localhost>; <jmcneill%NetBSD.org@localhost>
 Cc: <track%Plectere.com@localhost>
 Subject: Re: kern/42113 (null pointer dereference in audio_calcwater if 
 using hdaudio)
 
 >>Synopsis: null pointer dereference in audio_calcwater if using hdaudio
 >>
 >>State-Changed-From-To: open->closed
 >>State-Changed-By: jmcneill%NetBSD.org@localhost
 >>State-Changed-When: Sat, 26 Sep 2009 17:11:15 +0000
 >>State-Changed-Why:
 >>duplicate of kern/42050
 >>
 >
 > This analysis appears to be incorrect.
 >
 > Are you sure?  In the case I provided audio_init is never reached;
 > There is a panic (not an error message) before that point.
 >
 > In 42050, there's an error message from audio_init - I my case, the
 > playback buffer is null, but the device DOES do playback - Different bug, 
 > at
 > least I believe so.
 >
 > BTW.  I _can_ reproduce 42050 on my HP HDX, which has multiple functional
 > audio codecs, _including_ an ATI HDMI one (just as mentioned in 42050).
 >
 > I would believe that the ultimate fix(es) may be the same, but the
 > actual symptoms are not even particularly similar (i.e. panic vs. warning
 > message): One is fatal, and the other "only" annoying.
 >
 > Finally, do notice that your proposed patch at:
 >
 > http://ftp.netbsd.org/pub/netbsd/misc/jmcneill/pr5=42050.patch
 >
 > does NOT prevent this panic (unlike the OPs report about 42050)
 >
 > Below is a dmesg, with your "patch" applied, but it STILL panics.
 > NOTE: The only visible change is now we're "full duplex, independant"
 > before the panic.
 >
 > Since the "patch" did "fix" the OP's problem with 42050, then
 > there STILL remains at least one allocation bug in hdaudio buffers. 
 > Please
 > reopen this (valid, not duplicate) bug.  (BTW. The "patch" does makes my
 > HP HDX w/ an HDMP output-only codec function - at least what I've tried.)
 >
 > Paul Shupak
 >
 >
 > Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
 >    2006, 2007, 2008, 2009
 >    The NetBSD Foundation, Inc.  All rights reserved.
 > Copyright (c) 1982, 1986, 1989, 1991, 1993
 >    The Regents of the University of California.  All rights reserved.
 >
 > NetBSD 5.99.18 (GENERIC) #2: Sun Sep 20 09:46:18 PDT 2009
 > root@nepal:/space/obj-dirs/sys/arch/amd64/compile/GENERIC
 > total memory = 2039 MB
 > avail memory = 1961 MB
 > timecounter: Timecounters tick every 10.000 msec
 > timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100
 > System manufacturer System Product Name (Rev 1.xx)
 > mainbus0 (root)
 > pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005800
 > pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005808
 > pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x00005810
 > pci_addr_fixup: 000:31:1 0x8086 0x27df new address 0x0000580c
 > cpu0 at mainbus0 apid 0: Intel 686-class, 1600MHz, id 0x106c2
 > cpu1 at mainbus0 apid 2: Intel 686-class, 1600MHz, id 0x106c2
 > cpu2 at mainbus0 apid 1: Intel 686-class, 1600MHz, id 0x106c2
 > cpu3 at mainbus0 apid 3: Intel 686-class, 1600MHz, id 0x106c2
 > ioapic0 at mainbus0 apid 4: pa 0xfec00000, version 20, 24 pins
 > acpi0 at mainbus0: Intel ACPICA 20090730
 > acpi0: X/RSDT: OemId <A_M_I_,OEMXSDT ,07000906>, AslId <MSFT,00000097>
 > acpi0: SCI interrupting at int 9
 > acpi0: fixed-feature power button present
 > timecounter: Timecounter "ACPI-Fast" frequency 3579545 Hz quality 1000
 > ACPI-Fast 24-bit timer
 > attimer0 at acpi0 (TMR, PNP0100): io 0x40-0x43 irq 0
 > pcppi0 at acpi0 (SPKR, PNP0800): io 0x61
 > midi0 at pcppi0: PC speaker
 > sysbeep0 at pcppi0
 > aiboost0 at acpi0 (ASOC, ATK0110-16843024)
 > aiboost0: ASUS AI Boost Hardware monitor
 > hpet0 at acpi0 (HPET, PNP0103): mem 0xfed00000-0xfed003ff
 > timecounter: Timecounter "hpet0" frequency 14318179 Hz quality 2000
 > com0 at acpi0 (UAR1, PNP0501-1): io 0x3f8-0x3ff irq 4
 > com0: ns16550a, working fifo
 > lpt1 at acpi0 (LPTE, PNP0401): io 0x378-0x37f,0x778-0x77f irq 7 drq 3
 > FWH (INT0800) [Intel FWH Random Number Generator] at acpi0 not configured
 > acpibut0 at acpi0 (PWRB, PNP0C0C-170): ACPI Power Button
 > attimer0: attached to pcppi0
 > pci0 at mainbus0 bus 0: configuration mode 1
 > pci0: i/o space, memory space enabled, rd/line, rd/mult, wr/inv ok
 > pchb0 at pci0 dev 0 function 0: Intel 82945G/P Memory Controller Hub (rev. 
 > 0x02)
 > agp0 at pchb0: detected 7932k stolen memory
 > agp0: aperture at 0xd0000000, size 0x10000000
 > vga0 at pci0 dev 2 function 0: Intel 82945G/P Integrated Graphics Device 
 > (rev. 0x02)
 > wsdisplay0 at vga0 kbdmux 1: console (80x25, vt100 emulation)
 > wsmux1: connecting to wsdisplay0
 > i915drm0 at vga0: Intel i945G
 > i915drm0: AGP at 0xd0000000 256MB
 > i915drm0: Initialized i915 1.6.0 20080730
 > hdaudio0 at pci0 dev 27 function 0: HD Audio Controller
 > hdaudio0: interrupting at ioapic0 pin 19
 > hdaudio0: High Definition Audio version 1.0
 > hdaudio0: OSS 4 ISS 4 BSS 0 SDO 0 64-bit
 > hdaudio0: using 1024 byte CORB (cap 4)
 > hdaudio0: using 2048 byte RIRB (cap 4)
 > hdaudio0: Codec00: 1106:4397 HDA 1.0 rev 0 stepping 0
 > hdafg0 at hdaudio0 vendor 0x1106 product 0x4397 nid 0x01 (firmware 
 > configuration)
 > hdafg0: parsing widgets
 > hdafg0: afg start 10 end 28 nwidgets 24
 > hdafg0: powering up widgets
 > hdafg0: afg widgets 0xffff80004856c008-0xffff80004856da48
 > hdafg0: parsing controls
 > hdafg0: disabling non-audio devices
 > hdafg0: disabling useless devices
 > hdafg0: parsing associations
 > hdafg0:   count present associations
 > hdafg0:   maxassocs 2
 > hdafg0:   allocating memory
 > hdafg0:   scan associations, skipping as=0
 > hdafg0:   all done
 > hdafg0: building tree
 > hdafg0: disabling unassociated pins
 > hdafg0: disabling unselected pins
 > hdafg0: disabling useless devices
 > hdafg0: disabling cross-associated pins
 > hdafg0: disabling useless devices
 > hdafg0: assigning mixer names to sound sources
 > hdafg0: assigning mixers to device tree
 > hdafg0: preparing pin controls
 > hdafg0: commiting settings
 > hdafg0: setup jack sensing
 > hdafg0: building mixer controls
 > hdafg0: DAC0:10, Analog Speaker: Jack (Green, 1C)
 > hdafg0: DAC0:10, Analog HP Out: Jack (Green, 1D)
 > hdafg0: ADC1:13, Analog Mic In: Jack (Pink, 1A)
 > hdafg0: ADC1:13, Analog CD: Fixed Function (Unknown, 1F)
 > hdafg0: ADC1:13, Analog Mic In: Jack (Pink, 1E)
 > hdafg0: ADC1:13, Analog Line In: Jack (Blue, 1B)
 > hdafg0: configuring encodings
 > hdafg0: 2ch/2ch 48000Hz
 > hdafg0: reserving streams
 > hdafg0: connecting streams
 > hdafg0: attaching audio device
 > audio0 at hdafg0: full duplex, independent
 > uvm_fault(0xffffffff80b57760, 0x0, 1) -> e
 > fatal page fault in supervisor mode
 > trap type 6 code 0 rip ffffffff80185449 cs 8 rflags 10287 cr2  10 cpl 8 
 > rsp ffffffff80d0be80
 >