Skip to content

cloud-kernel
cloud-kernel

openanolis / cloud-kernel
1 年多 前同步成功

通知 161
Star 36
Fork 7
cloud-kernel
cloud-kernel
切换分支/标签
  1. 05 2月, 2016 1 次提交
    • T
      ALSA: timer: Fix leftover link at closing · 094fd3be
      Takashi Iwai 提交于 
      In ALSA timer core, the active timer instance is managed in
active_list linked list.  Each element is added / removed dynamically
at timer start, stop and in timer interrupt.  The problem is that
snd_timer_interrupt() has a thinko and leaves the element in
active_list when it's the last opened element.  This eventually leads
to list corruption or use-after-free error.

This hasn't been revealed because we used to delete the list forcibly
in snd_timer_stop() in the past.  However, the recent fix avoids the
double-stop behavior (in commit [f784beb7: ALSA: timer: Fix link
corruption due to double start or stop]), and this leak hits reality.

This patch fixes the link management in snd_timer_interrupt().  Now it
simply unlinks no matter which stream is.

BugLink: http://lkml.kernel.org/r/CACT4Y+Yy2aukHP-EDp8-ziNqNNmb-NTf=jDWXMP7jB8HDa2vng@mail.gmail.comReported-by: NDmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      094fd3be
  3. 03 2月, 2016 1 次提交
    • T
      ALSA: timer: Sync timer deletion at closing the system timer · f146357f
      Takashi Iwai 提交于 
      ALSA timer core framework has no sync point at stopping because it's
called inside the spinlock.  Thus we need a sync point at close for
avoiding the stray timer task.  This is simply done by implementing
the close callback just calling del_timer_sync().  (It's harmless to
call it unconditionally, as the core timer itself cares of the already
deleted timer instance.)
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      f146357f
  5. 01 2月, 2016 1 次提交
  7. 22 1月, 2016 2 次提交
    • T
      ALSA: timer: Introduce disconnect op to snd_timer_instance · 40ed9444
      Takashi Iwai 提交于 
      Instead of the previous ugly hack, introduce a new op, disconnect, to
snd_timer_instance object for handling the wake up of pending tasks
more cleanly.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109431Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      40ed9444
    • T
      ALSA: timer: Handle disconnection more safely · 230323da
      Takashi Iwai 提交于 
      Currently ALSA timer device doesn't take the disconnection into
account very well; it merely unlinks the timer device at disconnection
callback but does nothing else.  Because of this, when an application
accessing the timer device is disconnected, it may release the
resource before actually closed.  In most cases, it results in a
warning message indicating a leftover timer instance like:
   ALSA: timer xxxx is busy?
But basically this is an open race.

This patch tries to address it.  The strategy is like other ALSA
devices: namely,
- Manage card's refcount at each open/close
- Wake up the pending tasks at disconnection
- Check the shutdown flag appropriately at each possible call

Note that this patch has one ugly hack to handle the wakeup of pending
tasks.  It'd be cleaner to introduce a new disconnect op to
snd_timer_instance ops.  But since it would lead to internal ABI
breakage and it eventually increase my own work when backporting to
stable kernels, I took a different path to implement locally in
timer.c.  A cleanup patch will follow at next for 4.5 kernel.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109431
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      230323da
  9. 15 1月, 2016 2 次提交
    • T
      ALSA: timer: Code cleanup · c3b16813
      Takashi Iwai 提交于 
      This is a minor code cleanup without any functional changes:
- Kill keep_flag argument from _snd_timer_stop(), as all callers pass
  only it false.
- Remove redundant NULL check in _snd_timer_stop().
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      c3b16813
    • T
      ALSA: timer: Harden slave timer list handling · b5a663aa
      Takashi Iwai 提交于 
      A slave timer instance might be still accessible in a racy way while
operating the master instance as it lacks of locking.  Since the
master operation is mostly protected with timer->lock, we should cope
with it while changing the slave instance, too.  Also, some linked
lists (active_list and ack_list) of slave instances aren't unlinked
immediately at stopping or closing, and this may lead to unexpected
accesses.

This patch tries to address these issues.  It adds spin lock of
timer->lock (either from master or slave, which is equivalent) in a
few places.  For avoiding a deadlock, we ensure that the global
slave_active_lock is always locked at first before each timer lock.

Also, ack and active_list of slave instances are properly unlinked at
snd_timer_stop() and snd_timer_close().

Last but not least, remove the superfluous call of _snd_timer_stop()
at removing slave links.  This is a noop, and calling it may confuse
readers wrt locking.  Further cleanup will follow in a later patch.

Actually we've got reports of use-after-free by syzkaller fuzzer, and
this hopefully fixes these issues.
Reported-by: NDmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      b5a663aa
  11. 14 1月, 2016 2 次提交
  13. 28 5月, 2015 1 次提交
  15. 10 3月, 2015 1 次提交
  17. 03 2月, 2015 1 次提交
    • T
      ALSA: Simplify snd_device_register() variants · 40a4b263
      Takashi Iwai 提交于 
      Now that all callers have been replaced with
snd_device_register_for_dev(), let's drop the obsolete device
registration code and concentrate only on the code handling struct
device directly.  That said,

- remove the old snd_device_register(),
- rename snd_device_register_for_dev() with snd_device_register(),
- drop superfluous arguments from snd_device_register(),
- change snd_unregister_device() to pass the device pointer directly
Reviewed-by: NJaroslav Kysela <perex@perex.cz>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      40a4b263
  19. 02 2月, 2015 2 次提交
  21. 19 1月, 2015 1 次提交
  23. 12 6月, 2014 1 次提交
  25. 14 2月, 2014 1 次提交
  27. 10 2月, 2014 1 次提交
    • T
      ALSA: Replace with IS_ENABLED() · 8eeaa2f9
      Takashi Iwai 提交于 
      Replace the lengthy #if defined(XXX) || defined(XXX_MODULE) with the
new IS_ENABLED() macro.

The patch still doesn't cover all ifdefs.  For example, the dependency
on CONFIG_GAMEPORT is still open-coded because this also has an extra
dependency on MODULE.  Similarly, an open-coded ifdef in pcm_oss.c and
some sequencer-related stuff are left untouched.
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      8eeaa2f9
  29. 12 3月, 2012 1 次提交
    • P
      device.h: cleanup users outside of linux/include (C files) · 51990e82
      Paul Gortmaker 提交于 
      For files that are actively using linux/device.h, make sure
that they call it out.  This will allow us to clean up some
of the implicit uses of linux/device.h within include/*
without introducing build regressions.

Yes, this was created by "cheating" -- i.e. the headers were
cleaned up, and then the fallout was found and fixed, and then
the two commits were reordered.  This ensures we don't introduce
build regressions into the git history.
Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      51990e82
  31. 01 11月, 2011 1 次提交
  33. 08 8月, 2011 2 次提交
  35. 17 3月, 2011 1 次提交
  37. 24 11月, 2010 1 次提交
    • K
      ALSA: support module on-demand loading for seq and timer · 03cfe6f5
      Kay Sievers 提交于 
      If CONFIG_SND_DYNAMIC_MINORS is used, assign /dev/snd/seq and
/dev/snd/timer the usual static minors, and export specific
module aliases to generate udev module on-demand loading
instructions:

  $ cat /lib/modules/2.6.33.4-smp/modules.devname
  # Device nodes to trigger on-demand module loading.
  microcode cpu/microcode c10:184
  fuse fuse c10:229
  ppp_generic ppp c108:0
  tun net/tun c10:200
  uinput uinput c10:223
  dm_mod mapper/control c10:236
  snd_timer snd/timer c116:33
  snd_seq snd/seq c116:1

The last two lines instruct udev to create device nodes, even
when the modules are not loaded at that time.

As soon as userspace accesses any of these nodes, the in-kernel
module-loader will load the module, and the device can be used.

The header file minor calculation needed to be simplified to
make __stringify() (supports only two indirections) in
the MODULE_ALIAS macro work.

This is part of systemd's effort to get rid of unconditional
module load instructions and needless init scripts.

Cc: Lennart Poettering <lennart@poettering.net>
Signed-off-by: NKay Sievers <kay.sievers@vrfy.org>
Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      03cfe6f5
  39. 22 11月, 2010 1 次提交
  41. 05 5月, 2010 1 次提交
    • D
      ALSA: take tu->qlock with irqs disabled · bfe70783
      Dan Carpenter 提交于 
      We should disable irqs when we take the tu->qlock because it is used in
the irq handler.  The only place that doesn't is
snd_timer_user_ccallback().  Most of the time snd_timer_user_ccallback()
is called with interrupts disabled but the the first ti->ccallback()
call in snd_timer_notify1() has interrupts enabled.

This was caught by lockdep which generates the following message:

> =================================
> [ INFO: inconsistent lock state ]
> 2.6.34-rc5 #5
> ---------------------------------
> inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
> dolphin/4003 [HC1[1]:SC0[0]:HE0:SE1] takes:
> (&(&tu->qlock)->rlock){?.+...}, at: [<f84ec472>] snd_timer_user_tinterrupt+0x28/0x132 [snd_timer]
> {HARDIRQ-ON-W} state was registered at:
>   [<c1048de9>] __lock_acquire+0x654/0x1482
>   [<c1049c73>] lock_acquire+0x5c/0x73
>   [<c125ac3e>] _raw_spin_lock+0x25/0x34
>   [<f84ec370>] snd_timer_user_ccallback+0x55/0x95 [snd_timer]
>   [<f84ecc4b>] snd_timer_notify1+0x53/0xca [snd_timer]
Reported-by: NStefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: NDan Carpenter <error27@gmail.com>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      bfe70783
  43. 13 4月, 2010 1 次提交
    • T
      ALSA: core - Define llseek fops · 02f4865f
      Takashi Iwai 提交于 
      Set no_llseek to llseek file ops of each sound component (but for hwdep).
This avoids the implicit BKL invocation via generic_file_llseek() used
as default when fops.llseek is NULL.

Also call nonseekable_open() at each open ops to ensure the file flags
have no seek bit.
Signed-off-by: NTakashi Iwai <tiwai@suse.de>
      02f4865f
  45. 04 3月, 2010 1 次提交
  47. 14 4月, 2009 1 次提交
  49. 16 3月, 2009 1 次提交
    • J
      Rationalize fasync return values · 60aa4924
      Jonathan Corbet 提交于 
      Most fasync implementations do something like:

     return fasync_helper(...);

But fasync_helper() will return a positive value at times - a feature used
in at least one place.  Thus, a number of other drivers do:

     err = fasync_helper(...);
     if (err < 0)
             return err;
     return 0;

In the interests of consistency and more concise code, it makes sense to
map positive return values onto zero where ->fasync() is called.

Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: NJonathan Corbet <corbet@lwn.net>
      60aa4924
  51. 18 12月, 2008 1 次提交
  53. 02 11月, 2008 1 次提交
    • A
      saner FASYNC handling on file close · 233e70f4
      Al Viro 提交于 
      As it is, all instances of ->release() for files that have ->fasync()
need to remember to evict file from fasync lists; forgetting that
creates a hole and we actually have a bunch that *does* forget.

So let's keep our lives simple - let __fput() check FASYNC in
file->f_flags and call ->fasync() there if it's been set.  And lose that
crap in ->release() instances - leaving it there is still valid, but we
don't have to bother anymore.
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      233e70f4
  55. 15 8月, 2008 1 次提交
  57. 13 8月, 2008 1 次提交
  59. 10 7月, 2008 1 次提交
  61. 15 2月, 2008 1 次提交
  63. 01 2月, 2008 2 次提交
  65. 16 10月, 2007 1 次提交
  67. 20 7月, 2007 1 次提交