- 15 1月, 2016 1 次提交
-
-
由 Takashi Iwai 提交于
A slave timer instance might be still accessible in a racy way while operating the master instance as it lacks of locking. Since the master operation is mostly protected with timer->lock, we should cope with it while changing the slave instance, too. Also, some linked lists (active_list and ack_list) of slave instances aren't unlinked immediately at stopping or closing, and this may lead to unexpected accesses. This patch tries to address these issues. It adds spin lock of timer->lock (either from master or slave, which is equivalent) in a few places. For avoiding a deadlock, we ensure that the global slave_active_lock is always locked at first before each timer lock. Also, ack and active_list of slave instances are properly unlinked at snd_timer_stop() and snd_timer_close(). Last but not least, remove the superfluous call of _snd_timer_stop() at removing slave links. This is a noop, and calling it may confuse readers wrt locking. Further cleanup will follow in a later patch. Actually we've got reports of use-after-free by syzkaller fuzzer, and this hopefully fixes these issues. Reported-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 14 1月, 2016 2 次提交
-
-
由 Takashi Iwai 提交于
ALSA timer ioctls have an open race and this may lead to a use-after-free of timer instance object. A simplistic fix is to make each ioctl exclusive. We have already tread_sem for controlling the tread, and extend this as a global mutex to be applied to each ioctl. The downside is, of course, the worse concurrency. But these ioctls aren't to be parallel accessible, in anyway, so it should be fine to serialize there. Reported-by: NDmitry Vyukov <dvyukov@google.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
ALSA timer instance object has a couple of linked lists and they are unlinked unconditionally at snd_timer_stop(). Meanwhile snd_timer_interrupt() unlinks it, but it calls list_del() which leaves the element list itself unchanged. This ends up with unlinking twice, and it was caught by syzkaller fuzzer. The fix is to use list_del_init() variant properly there, too. Reported-by: NDmitry Vyukov <dvyukov@google.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 13 1月, 2016 3 次提交
-
-
由 Heiner Kallweit 提交于
Currently the info in /proc/interrupts doesn't allow to figure out which interrupt belongs to which card (HDMI, PCH, ..). Therefore add card details to the interrupt description. With the patch the info in /proc/interrupts looks like this: PCI-MSI 442368-edge snd_hda_intel:card1 PCI-MSI 49152-edge snd_hda_intel:card0 NOTE: this patch adds the new irq_descr field snd_card struct that is filled automatically at a card object creation. This can be used generically for other drivers as well. The changes for others will follow later -- tiwai Signed-off-by: NHeiner Kallweit <hkallweit1@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
ALSA sequencer code has an open race between the timer setup ioctl and the close of the client. This was triggered by syzkaller fuzzer, and a use-after-free was caught there as a result. This patch papers over it by adding a proper queue->timer_mutex lock around the timer-related calls in the relevant code path. Reported-by: NDmitry Vyukov <dvyukov@google.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
snd_seq_ioctl_remove_events() calls snd_seq_fifo_clear() unconditionally even if there is no FIFO assigned, and this leads to an Oops due to NULL dereference. The fix is just to add a proper NULL check. Reported-by: NDmitry Vyukov <dvyukov@google.com> Tested-by: NDmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 21 12月, 2015 1 次提交
-
-
由 Nicholas Mc Guire 提交于
This is an API consolidation only. The use of kmalloc + memset to 0 is equivalent to kzalloc. Signed-off-by: NNicholas Mc Guire <hofrat@osadl.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 07 12月, 2015 1 次提交
-
-
由 Ravindra Lokhande 提交于
Compress offload does not support ioctl calls from a 32bit userspace in a 64 bit kernel. This patch adds support for ioctls from a 32bit userspace in a 64bit kernel Signed-off-by: NRavindra Lokhande <rlokhande@nvidia.com> Acked-by: NVinod Koul <vinod.koul@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 04 12月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
The ALSA PCM, mixer and sequencer OSS emulations provide the 32bit compatible ioctl, but they just call the 64bit native ioctl as is. Although this works in most cases, passing the argument value as-is isn't guaranteed to work on all architectures. We need to convert it via compat_ptr() instead. This patch addresses the missing conversions. Since all relevant ioctls in these functions take the argument as a pointer, we do the pointer conversion in each compat_ioctl and pass it as a 64bit value to the native ioctl. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 30 11月, 2015 3 次提交
-
-
由 Richard Fitzgerald 提交于
Make snd_compress_new take an id string (like snd_pcm_new). This string can be included in the procfs info. This patch also updates soc_new_compress() to create an ID based on the stream and dai name, as done for PCM streams. Signed-off-by: NRichard Fitzgerald <rf@opensource.wolfsonmicro.com> Acked-by: NVinod Koul <vinod.koul@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Richard Fitzgerald 提交于
This patch implements a procfs info file for compr nodes when SND_VERBOSE_PROCFS is enabled. This is equivalent to what the PCM core already does for pcm nodes. Signed-off-by: NRichard Fitzgerald <rf@opensource.wolfsonmicro.com> Acked-by: NVinod Koul <vinod.koul@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Julia Lawall 提交于
The action_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr> Reviewed-by: NTakashi Sakamoto <o-takashi@sakamocchi.jp> Tested-by: NTakashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 22 11月, 2015 1 次提交
-
-
由 Julia Lawall 提交于
The snd_rawmidi_global_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 28 10月, 2015 1 次提交
-
-
由 Lars-Peter Clausen 提交于
The ALSA core does not modify the constraints provided by a driver. Most constraint helper functions already take a const pointer to the constraint description, the exception at the moment being the ratden and ratnum constraints. Make those const as well, this allows a driver to declare them as const. Signed-off-by: NLars-Peter Clausen <lars@metafoo.de> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 22 10月, 2015 1 次提交
-
-
由 Lars-Peter Clausen 提交于
While there is nothing wrong with the transfer_ack_begin and transfer_ack_end callbacks per-se, the last documented user was part of the alsa-driver 0.5.12a package, which was released 14 years ago and even predates the upstream integration of the ALSA core and has subsequently been superseded by newer alsa-driver releases. This seems to indicate that there is no need for having these callbacks and they are just cruft that can be removed. Signed-off-by: NLars-Peter Clausen <lars@metafoo.de> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 16 10月, 2015 1 次提交
-
-
由 Jie Yang 提交于
PCM timer is not always used. For embedded device, we need an interface to disable it when it is not needed, to shrink the kernel size and memory footprint, here add CONFIG_SND_PCM_TIMER for it. When both CONFIG_SND_PCM_TIMER and CONFIG_SND_TIMER is unselected, about 25KB saving bonus we can get. Please be noted that when disabled, those stubs who using pcm timer (e.g. dmix, dsnoop & co) may work incorrectlly. Suggested-by: NTakashi Iwai <tiwai@suse.de> Signed-off-by: NJie Yang <yang.jie@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 15 10月, 2015 1 次提交
-
-
由 Dan Carpenter 提交于
We cap the upper bound of "idx" but not the negative side. Let's make it unsigned to fix this. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 09 10月, 2015 1 次提交
-
-
由 Kosuke Tatsukawa 提交于
snd_seq_oss_readq_put_event() seems to be missing a memory barrier which might cause the waker to not notice the waiter and miss sending a wake_up as in the following figure. snd_seq_oss_readq_put_event snd_seq_oss_readq_wait ------------------------------------------------------------------------ /* wait_event_interruptible_timeout */ /* __wait_event_interruptible_timeout */ /* ___wait_event */ for (;;) { prepare_to_wait_event(&wq, &__wait, state); spin_lock_irqsave(&q->lock, flags); if (waitqueue_active(&q->midi_sleep)) /* The CPU might reorder the test for the waitqueue up here, before prior writes complete */ if ((q->qlen>0 || q->head==q->tail) ... __ret = schedule_timeout(__ret) if (q->qlen >= q->maxlen - 1) { memcpy(&q->q[q->tail], ev, sizeof(*ev)); q->tail = (q->tail + 1) % q->maxlen; q->qlen++; ------------------------------------------------------------------------ There are two other place in sound/core/seq/oss/ which have similar code. The attached patch removes the call to waitqueue_active() leaving just wake_up() behind. This fixes the problem because the call to spin_lock_irqsave() in wake_up() will be an ACQUIRE operation. I found this issue when I was looking through the linux source code for places calling waitqueue_active() before wake_up*(), but without preceding memory barriers, after sending a patch to fix a similar issue in drivers/tty/n_tty.c (Details about the original issue can be found here: https://lkml.org/lkml/2015/9/28/849). Signed-off-by: NKosuke Tatsukawa <tatsu@ab.jp.nec.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 29 9月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
snd_pcm_release_substream() always calls hw_free op when the stream was opened. This is superfluous in most cases because it's been already released via explicit hw_free ioctl. Although this double call is usually OK as this callback should be written to be called multiple times, it's better to avoid superfluous calls. Reported-by: NVinod Koul <vinod.koul@intel.com> Tested-by: NJeeja Kp <jeeja.kp@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 24 9月, 2015 1 次提交
-
-
由 Dan Carpenter 提交于
As far as I can see, having an invalid ->tstamp_mode is harmless, but adding a check silences a static checker warning. Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 13 9月, 2015 1 次提交
-
-
由 Takashi Sakamoto 提交于
ALSA: pcm: remove structure member of 'struct snd_pcm_hwptr_log *' type because this structure had been removed This structure was added by 4d96eb25 ('ALSA: pcm_lib - add possibility to log last 10 DMA ring buffer positions') to store PCM pointers information of latest 10 pointer movements (=XRUN_LOG_CNT). When CONFIG_SND_PCM_XRUN_DEBUG is configured, 'struct snd_pcm_runtime' has 'hwptr_log' member with a pointer to the structure. When calling xrun_log() in pcm_lib.c, the structure was allocated to the pointer. When calling snd_pcm_detach_substream() in pcm.c, the allocated pointer is released. In f5914908 ('ALSA: pcm: Replace PCM hwptr tracking with tracepoints'), the pointer logging is replaced with using Linux Kernel Tracepoints. The structure was also removed, while it's just declared. The member and kfree still remains. This commit removes the member and related codes. I think this was overlooked because it brings no errors/warnings to C compilers. Fixes: f5914908 ('ALSA: pcm: Replace PCM hwptr tracking with tracepoints') Signed-off-by: NTakashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 17 7月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
With the nonatomic PCM ops, the system may spew lockdep warnings like: ============================================= [ INFO: possible recursive locking detected ] 4.2.0-rc1-jeejaval3 #12 Not tainted --------------------------------------------- aplay/4029 is trying to acquire lock: (snd_pcm_link_rwsem){.+.+.+}, at: [<ffffffff816fd473>] snd_pcm_stream_lock+0x43/0x60 but task is already holding lock: (snd_pcm_link_rwsem){.+.+.+}, at: [<ffffffff816fcf29>] snd_pcm_action_nonatomic+0x29/0x80 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(snd_pcm_link_rwsem); lock(snd_pcm_link_rwsem); Although this is false-positive as the rwsem is taken always as read-only for these code paths, it's certainly annoying to see this at any occasion. A simple fix is to use down_read_nested() in snd_pcm_stream_lock() that can be called inside another lock. Reported-by: NVinod Koul <vinod.koul@intel.com> Reported-by: NJeeja Kp <jeeja.kp@intel.com> Tested-by: NJeeja Kp <jeeja.kp@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 01 7月, 2015 1 次提交
-
-
由 Vladimir Zapolskiy 提交于
To be consistent with other kernel interface namings, rename of_get_named_gen_pool() to of_gen_pool_get(). In the original function name "_named" suffix references to a device tree property, which contains a phandle to a device and the corresponding device driver is assumed to register a gen_pool object. Due to a weak relation and to avoid any confusion (e.g. in future possible scenario if gen_pool objects are named) the suffix is removed. [sfr@canb.auug.org.au: crypto/marvell/cesa - fix up for of_get_named_gen_pool() rename] Signed-off-by: NVladimir Zapolskiy <vladimir_zapolskiy@mentor.com> Cc: Nicolas Ferre <nicolas.ferre@atmel.com> Cc: Philipp Zabel <p.zabel@pengutronix.de> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Sascha Hauer <kernel@pengutronix.de> Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com> Cc: Russell King <linux@arm.linux.org.uk> Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Cc: Vinod Koul <vinod.koul@intel.com> Cc: Takashi Iwai <tiwai@suse.de> Cc: Jaroslav Kysela <perex@perex.cz> Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: Boris BREZILLON <boris.brezillon@free-electrons.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 30 6月, 2015 1 次提交
-
-
由 Colin Ian King 提交于
Static analysis with cppcheck found the following error: [sound/core/init.c:118]: (error) Uninitialized variable: err ..this was introduced by commit 2471b6c8 ("ALSA: info: Register proc entries recursively, too") where the call to snd_info_card_register was removed and no longer setting the error return in err. When snd_info_create_card_entry fails to allocate a an entry, the error path exits with garbage in err. Fix is to return -ENOMEM if entry fails to be allocated. Fixes: 2471b6c8 ("ALSA: info: Register proc entries recursively, too") Signed-off-by: NColin Ian King <colin.king@canonical.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 26 6月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
While the commit [d0a601c2: ALSA: jack: Fix the id uniqueness check] fixes the wrong string check, it leads to a worse result -- the loop in get_available_index() goes into an endless loop. The cause is that snd_ctl_find_id() returns the object assigned to the numid if it's set. Thus it points to the previous entry again. This patch clears the numid field for the next call properly. Reported-and-tested-by: NTomáš Pružina <pruzinat@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 23 6月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
The pcm_class sysfs of each PCM substream gives only "none" since the recent code change to embed the struct device. Fix the code to point directly to the embedded device object properly. Fixes: ef46c7af ('ALSA: pcm: Embed struct device') Cc: <stable@vger.kernel.org> # v4.0+ Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 29 5月, 2015 2 次提交
-
-
由 Takashi Iwai 提交于
snd_kctl_jack_new() tries to assign a unique index number when a name string that has been already registered is passed. However, it checks with the base string without "Jack" suffix, so it never hits. Fix the call with the properly processed name string instead. Fixes: b8dd0866 'ALSA: Jack: handle jack embedded kcontrol creating within ctljack') Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
There are a few leftover CONFIG_PROC_FS forgotten to replace with CONFIG_SND_PROC_FS. Fixes: cd6a6503 ('ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS') Reported-by: NJim Davis <jim.epost@gmail.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 28 5月, 2015 2 次提交
-
-
由 Jie Yang 提交于
We may disable proc fs only for sound part, to reduce ALSA memory footprint. So add CONFIG_SND_PROC_FS and replace the old CONFIG_PROC_FSs in alsa code. With sound proc fs disabled, we can save about 9KB memory size on X86_64 platform. Signed-off-by: NJie Yang <yang.jie@intel.com> Reviewed-by: NMark Brown <broonie@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Jie Yang 提交于
For some embedded devices, we need reduce code size and data footprint as much as possible, e.g. disabling procfs, hw/sw params refinement, mmap, dpcm, dapm, compressed API... Here add SND_PROC_FS item for expert, we can unselect it to disable sound proc FS and reduce memory footprint. Signed-off-by: NJie Yang <yang.jie@intel.com> Reviewed-by: NMark Brown <broonie@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 22 5月, 2015 2 次提交
-
-
由 Russell King 提交于
Add a helper to create the IEC958 channel status from an ALSA snd_pcm_runtime structure, taking account of the sample rate and sample size. Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk> Reviwed-by: NMark Brown <broonie@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Russell King 提交于
Add a helper for the EDID like data structure, which is typically passed from a HDMI adapter to its associated audio driver. This informs the audio driver of the capabilities of the attached HDMI sink. Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk> Reviewed-by: NMark Brown <broonie@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 21 5月, 2015 1 次提交
-
-
由 Takashi Iwai 提交于
The jack interface is statically included in sound core. Having doubly module information is rather confusing. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 19 5月, 2015 1 次提交
-
-
由 Koro Chen 提交于
Currently in snd_pcm_update_hw_ptr0 during interrupt, we consider there were double acknowledged interrupts when: 1. HW reported pointer is smaller than expected, and 2. Time from last update time (hdelta) is over half a buffer time. However, when HW reported pointer is only a few bytes smaller than expected, and when hdelta is just a little larger than half a buffer time (e.g. ping-pong buffer), it wrongly treats this IRQ as double acknowledged. The condition #2 uses jiffies, but jiffies is not high resolution since it is integer. We should consider jiffies inaccuracy. Signed-off-by: NKoro Chen <koro.chen@mediatek.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 18 5月, 2015 4 次提交
-
-
由 Takashi Iwai 提交于
It's no longer a part of API but merely a local function. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
Just a minor refactoring, no functional changes. Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
The commit [c560a679: ALSA: core: Remove child proc file elements recursively] converted snd_card_proc_new() with the normal snd_info_*() call and removed snd_device chain for such info entries. However, it misses one point: the creation of the proc entry was managed by snd_device chain in the former code, and now it's also gone, which results in no proc files creation at all. Mea culpa. This patch makes snd_info_card_register() creating the all pending child proc entries in a shot. Also, since snd_card_register() might be called multiple times, this function is also changed to be callable multiple times. Along with the changes above, now the linked list of snd_info_entry is added at creation time instead of snd_info_register() for keeping eyes of pending info entries. Fixes: c560a679 ('ALSA: core: Remove child proc file elements recursively') Reported-by: N"Lu, Han" <han.lu@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
snd_info_free_entry() releases the all children nodes as well, but due to the wrong timing of releasing the link, the children nodes may be disconnected but left unreleased. This patch fixes it by moving the link free at the right position. Also it eases list_for_each_entry() without _safe option in snd_info_disconnect() because it no longer frees the children nodes there. Fixes: c560a679 ('ALSA: core: Remove child proc file elements recursively') Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
- 30 4月, 2015 2 次提交
-
-
由 Takashi Iwai 提交于
Another fixes for NULL jack->input_dev in some places in jack.c. Fixes: 2ba2dfa1 ('ALSA: hda - Update to use the new jack kctls method') Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Jie Yang 提交于
There is no input_dev for phantom jack, we should not report input event for it, otherwise, NULL pointer dereference error will occur. Fixes: 2ba2dfa1 ('ALSA: hda - Update to use the new jack kctls method') Signed-off-by: NJie Yang <yang.jie@intel.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-