Bug 251445

Summary: Plug in/out microphone will make system crash
Product: Red Hat Enterprise Linux 5 Reporter: Jane Lv <jane.lv>
Component: kernelAssignee: Brian Maly <bmaly>
Status: CLOSED DUPLICATE QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: low    
Version: 5.1CC: grgustaf, peterm
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-13 17:35:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The patch for bug fix none

Description Jane Lv 2007-08-09 05:04:16 UTC 
Description of problem:
I tested Intel ICH9 audio driver on Intel Weybridge SDV platform w/ RHEL5.1 beta
x86_64 version. 
System always got crash in the interrupt handler when plugging in or plugging
out mic from the front jack.

The codec is SigmaTel STAC9274D.

Version-Release number of selected component (if applicable):


How reproducible:
Boot up the kernel, try to plug in or plug out mic from the from jack.

Steps to Reproduce:
1.
2.
3.
  
Actual results:
System crashed in interrupt handler.

Here is the log,

Call Trace:
 [<ffffffff8004b22c>] run_workqueue+0x94/0xe5
 [<ffffffff80047b8b>] worker_thread+0x0/0x122
 [<ffffffff80047c7b>] worker_thread+0xf0/0x122
 [<ffffffff800884c6>] default_wake_function+0x0/0xe
 [<ffffffff80032161>] kthread+0xfe/0x132
 [<ffffffff8005bfb1>] child_rip+0xa/0x11
 [<ffffffff80032063>] kthread+0x0/0x132
 [<ffffffff8005bfa7>] child_rip+0x0/0x11


Code: 48 8b 7c c5 48 48 85 ff 74 0b 48 8b 47 58 48 85 c0 74 02 ff
RIP  [<ffffffff8829e034>] :snd_hda_codec:process_unsol_events+0x34/0x5b
 RSP <ffff8107d5ebe20>
 <0>Kernel panic - not syncing: Fatal exception


Expected results:
System is alive and running well.

Additional info:

RHEL5.1-Beta merged the latest ALSA driver into old 2.6.18 kernel.
Sound driver use the work queue to process the jack-sensing interrupt.
However, the work queue interface changes.

In latest kernel, the run_workqueue() looks like:
{
	struct work_struct *work = ***;
	work_func_t f = work->func;
	f(work);
}

In 2.6.18 kernel, the run_workqueue() looks like:
{
	struct work_struct *work = ***;
	work_func_t f = work->func;
	f(work->data);
}

We can see that the argument for the callback function f is different.
The latest ALSA driver uses the latest kernel's work queue interface.
When Redhat merged them to linux2.6.18, they ignored the difference and
the callback function got wrong argument.

Here is patch for bug fix,

--- sound/pci/hda/hda_codec.c.orig      2007-08-08 13:35:35.000000000 +0800
+++ sound/pci/hda/hda_codec.c   2007-08-09 08:50:16.000000000 +0800
@@ -274,10 +274,9 @@
 /*
  * process queueud unsolicited events
  */
-static void process_unsol_events(struct work_struct *work)
+static void process_unsol_events(void *data)
 {
-       struct hda_bus_unsolicited *unsol =
-               container_of(work, struct hda_bus_unsolicited, work);
+       struct hda_bus_unsolicited *unsol = (struct hda_bus_unsolicited *)data;
        struct hda_bus *bus = unsol->bus;
        struct hda_codec *codec;
        unsigned int rp, caddr, res;
@@ -311,7 +310,7 @@
                snd_printk(KERN_ERR "hda_codec: can't allocate unsolicited
queue\n");
                return -ENOMEM;
        }
-       INIT_WORK(&unsol->work, process_unsol_events, &unsol);
+       INIT_WORK(&unsol->work, process_unsol_events, unsol);
        unsol->bus = bus;
        bus->unsol = unsol;
        return 0;
~
Comment 1 Geoff Gustafson 2007-08-13 16:27:01 UTC 
Jane, please include the patch as an attachment... BZ screws up the tabs/spaces
in the patch when you post inline.
Comment 5 Jane Lv 2007-08-14 01:29:54 UTC 
Created attachment 161238 [details]
The patch for bug fix

Here is the patch for bug fix.	Posted here as attachement.