snd_seq_oss_synth_make_info() didn't check the error code from
snd_seq_oss_midi_make_info(), and this leads to the call of strlcpy()
with the uninitialized string as the source, which may lead to the
access over the limit.
Add the proper error check for avoiding the failure.
Reported-by: syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20210115093428.15882-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
A collection of small fixes that came up recently for 5.11.
Majority of fixes are usual HD-audio and USB-audio quirks, while
a few PCM core fixes for addressing the information leak and yet
more UBSAN fixes in the core side.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl/i9TYOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+jBg/6Al8JBgYALZkDOFS1fdeihm7i2keRbkI16OIt
dRv1sIr3rctuLk/oCwj0pTjBNJHfhUX2UfGxcYXIz0m32O1S13t4aBKPJ7BqUi/m
x0CHYy4v8JDeJGuWm8txzdedJIA3m69m/2TZZ+pFe7p3vIl51vXekklALuLQ+JTw
tz98CaXMQxJQq+/ddlukLOKSTNI1gb/Q+T4R/ZuMYXrfn0+/WjaP3OED/a4uPvvQ
0SpLTNS1zzTbS8wK2yys90SK9uR4Y0b0lcNZ5gES1rmYR9ZLwcp0jdHFXKc1HJnJ
x3YmMHQ+qtP/tFTJz1TCEmYl0ofL6axKEb55urm3NY6Nr/xDei5teT+nuBdum4O8
tMAui110hVoD4BRz9lCLnvGARVa9MDKj4Znp7QXu1YsUmATuAN4fEzCar9ojIvOV
rv73LmotPeymeSnLkFKI4DhbesxjJa4/eQkwPGFXsbjwt/E9N4zFpSxyTcWzYK1q
wl1jyPE6TuMD6nm/Ef2G5h6XIlnZD+AeSSNkVQSsd97Ttvp6kCU5Aidc+IQpQ1b5
tWRhM8dphiiO+Y2j4pbJNDQMWarXVMp2deXIZzohVNluWM1t/0k76bWa+wATodFJ
okuZE4knHCUXJ+HO+oTt+85t/H+qgIx0I9VzyQBCwvbJ03xRHYbj0+06YDgTp272
q6zhW5g=
=Ihh7
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes that came up recently for 5.11.
The majority of fixes are usual HD-audio and USB-audio quirks, with a
few PCM core fixes for addressing the information leak and yet more
UBSAN fixes in the core side"
* tag 'sound-fix-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA/hda: apply jack fixup for the Acer Veriton N4640G/N6640G/N2510G
ALSA: hda/realtek: Apply jack fixup for Quanta NL3
ALSA: usb-audio: Add implicit feeback support for the BOSS GT-1
ALSA: usb-audio: Add alias entry for ASUS PRIME TRX40 PRO-S
ALSA: core: Remove redundant comments
ALSA: hda/realtek: Add quirk for MSI-GP73
ALSA: pcm: oss: Fix a few more UBSAN fixes
ALSA: pcm: Clear the full allocated memory at hw_params
ALSA: memalloc: Align buffer allocations in page size
ALSA: usb-audio: Disable sample read check if firmware doesn't give back
ALSA: pcm: Remove snd_pcm_lib_preallocate_dma_free()
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
ALSA: core: memalloc: add page alignment for iram
ALSA: hda/realtek - Supported Dell fixed type headset
ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate P648/P658
There are a few places that call round{up|down}_pow_of_two() with the
value zero, and this causes undefined behavior warnings. Avoid
calling those macros if such a nonsense value is passed; it's a minor
optimization as well, as we handle it as either an error or a value to
be skipped, instead.
Reported-by: syzbot+33ef0b6639a8d2d42b4c@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201218161730.26596-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The PCM hw_params core function tries to clear up the PCM buffer
before actually using for avoiding the information leak from the
previous usages or the usage before a new allocation. It performs the
memset() with runtime->dma_bytes, but this might still leave some
remaining bytes untouched; namely, the PCM buffer size is aligned in
page size for mmap, hence runtime->dma_bytes doesn't necessarily cover
all PCM buffer pages, and the remaining bytes are exposed via mmap.
This patch changes the memory clearance to cover the all buffer pages
if the stream is supposed to be mmap-ready (that guarantees that the
buffer size is aligned in page size).
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Link: https://lore.kernel.org/r/20201218145625.2045-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Currently the standard memory allocator (snd_dma_malloc_pages*())
passes the byte size to allocate as is. Most of the backends
allocates real pages, hence the actual allocations are aligned in page
size. However, the genalloc doesn't seem assuring the size alignment,
hence it may result in the access outside the buffer when the whole
memory pages are exposed via mmap.
For avoiding such inconsistencies, this patch makes the allocation
size always to be aligned in page size.
Note that, after this change, snd_dma_buffer.bytes field contains the
aligned size, not the originally requested size. This value is also
used for releasing the pages in return.
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Link: https://lore.kernel.org/r/20201218145625.2045-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Since commit d4cfb30fce ("ALSA: pcm: Set per-card upper limit of PCM
buffer allocations") snd_pcm_lib_preallocate_dma_free() is a single line
function that has one caller, which is another single line function.
Clean this up a bit and remove snd_pcm_lib_preallocate_dma_free() and
directly call do_free_pages() from snd_pcm_lib_preallocate_free(). This is
a bit less boilerplate.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Link: https://lore.kernel.org/r/20201218153400.18394-1-lars@metafoo.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Since mmap for userspace is based on page alignment, add page alignment
for iram alloc from pool, otherwise, some good data located in the same
page of dmab->area maybe touched wrongly by userspace like pulseaudio.
Signed-off-by: Robin Gong <yibin.gong@nxp.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1608221747-3474-1-git-send-email-yibin.gong@nxp.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Lots of changes (slightly more code increase than usual) at this
time, while most of code changes are ASoC driver-specific.
Here goes some highlight:
Core:
* The new auxiliary bus implementation for Intel DSP, which will
be used by other drivers as well
* Lots of ASoC core cleanups and refactoring
* UBSAN and KCSAN fixes in rawmidi, sequencer and a few others
* Compress-offload API enhancement for the pause during draining
HD- and USB-audio:
* Enhancements of the USB-audio implicit feedback support,
including better full-duplex operations
* Continued CA0132 improvements and fixes
* A few new quirk entries, HDMI audio fixes
ASoC:
* Support for boot time selection of Intel DSP firmware, which
should help distros/users testing new stuff more easily;
the kconfig was moved to boot time option, too
* Some basic DPCM support in audio graph card
* Removal of old pre-DT Freescale drivers
* Support for Allwinner H6 I2S, Analog Devices ADAU1372, Intel
Alderlake-S, GMediatek MT8192, NXP i.MX HDMI and XCVR, Realtek
RT715, Qualcomm SM8250 and simple GPIO based muxes
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl/YhGcOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8O1RAAhuRnJZXDXOPXIG9OchsYlHI3wK4eaSiyNe+i
sI5yoAdLFYBxBY3OQ4kQCvhjzlLziUvfIfv5YZZMGGAxx9rxsb73F1zH4ttFi1qA
6ipbhk7SVgK3AQk74lWB2JRYrdBko8Y3z9HKNVqaXWnTubyV4EinoC4hzNLuNDI9
JsgyrsCL5Bzl9rlD3vs5mwPwIfiD4hw1KKSQa9f1qnOtXCcbRtL3T4iZZsF5sIph
veKrS0R1MZmXpMQoyhyMnTls1GvmW5N3mhIgw9rR1PgeVof8q8klKd2WfroKKz6s
Dek3IrgPXfvTdr2ZjNxI29x4NItIayGkbe1DFLZcHQ08yn9JrP9EKQ3Gnv7S9pVT
2gIdSOZV4XYA4OF04ubNU1Ve0n5kP4pX/LvN+cuSgyfgCE+V6HsvTF5nVyrunrM/
0bdjdWrc1dkb59GuLGOxI0M68lou7J14ZjCzeevuuQm9dNN5x62LDf3+0vDTFBEs
t9DaqoqUMZKFfaMLWG8UK04kvw3rhAHap+tQ9HOpz86VK6Qy54RBSfv43p2UK1SO
TDHRYIQxQ1GfPlHEy6XFfKOPw15VPDMJWoMPzFfoB+C6dzNKKSAgivFPnERsw88X
9T81MeLhCqqTdRLlZPnGM3S6L1btZhkZcLvyusT0WGGVg8KLgSmn4OwY2wITDebM
zIUgHTM=
=j9El
-----END PGP SIGNATURE-----
Merge tag 'sound-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound updates from Takashi Iwai:
"Lots of changes (slightly more code increase than usual) at this time,
while most of code changes are ASoC driver-specific.
Here are some highlights:
Core:
- The new auxiliary bus implementation for Intel DSP, which will be
used by other drivers as well
- Lots of ASoC core cleanups and refactoring
- UBSAN and KCSAN fixes in rawmidi, sequencer and a few others
- Compress-offload API enhancement for the pause during draining
HD- and USB-audio:
- Enhancements of the USB-audio implicit feedback support, including
better full-duplex operations
- Continued CA0132 improvements and fixes
- A few new quirk entries, HDMI audio fixes
ASoC:
- Support for boot time selection of Intel DSP firmware, which should
help distros/users testing new stuff more easily; the kconfig was
moved to boot time option, too
- Some basic DPCM support in audio graph card
- Removal of old pre-DT Freescale drivers
- Support for Allwinner H6 I2S, Analog Devices ADAU1372, Intel
Alderlake-S, GMediatek MT8192, NXP i.MX HDMI and XCVR, Realtek
RT715, Qualcomm SM8250 and simple GPIO based muxes"
* tag 'sound-5.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (445 commits)
ALSA: pcm: oss: Fix potential out-of-bounds shift
ALSA: usb-audio: Fix potential out-of-bounds shift
ALSA: hda/ca0132 - Add ZxR surround DAC setup.
ALSA: hda/ca0132 - Add 8051 PLL write helper functions.
ALSA: hda/hdmi: packet buffer index must be set before reading value
ASoC: SOF: imx: update kernel-doc description
ASoC: mediatek: mt8183: delete some unreachable code
ASoC: mediatek: mt8183: add PM ops to machine drivers
ASoC: topology: Fix wrong size check
ASoC: topology: Add missing size check
ASoC: SOF: Intel: hda: fix the condition passed to sof_dev_dbg_or_err
ASoC: SOF: modify the SOF_DBG flags
ASoC: SOF: Intel: hda: remove duplicated status dump
ASoC: rt1015p: delay 300ms after SDB pulling high for calibration
ASoC: rt1015p: move SDB control from trigger to DAPM
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
ALSA: usb-audio: Fix control 'access overflow' errors from chmap
ALSA: hda/hdmi: always print pin NIDs as hexadecimal
ALSA: hda/realtek - Add supported for more Lenovo ALC285 Headset Button
ALSA: hda/ca0132 - Remove now unnecessary DSP setup functions.
...
syzbot spotted a potential out-of-bounds shift in the PCM OSS layer
where it calculates the buffer size with the arbitrary shift value
given via an ioctl.
Add a range check for avoiding the undefined behavior.
As the value can be treated by a signed integer, the max shift should
be 30.
Reported-by: syzbot+df7dc146ebdd6435eea3@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20201209084552.17109-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The snd_seq_queue struct contains various flags in the bit fields.
Those are categorized to two different use cases, both of which are
protected by different spinlocks. That implies that there are still
potential risks of the bad operations for bit fields by concurrent
accesses.
For addressing the problem, this patch rearranges those flags to be
a standard bool instead of a bit field.
Reported-by: syzbot+63cbe31877bb80ef58f5@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20201206083456.21110-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
With a stream with low bitrate, user can't pause or resume the stream
near the end of the stream because current ALSA doesn't allow it.
If the stream has very low bitrate enough to store whole stream into
the buffer, user can't do anything except stop the stream and then
restart it from the first because most of applications call draining
after sending last frame to the kernel.
If pause, resume are allowed during draining, user experience can be
enhanced.
To prevent malfunction in HW drivers which don't support pause
during draining, pause during draining will only work if HW driver
enable this feature explicitly by calling
snd_compr_use_pause_in_draining().
Signed-off-by: Gyeongtaek Lee <gt82.lee@samsung.com>
Acked-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/000101d6c3f0$89b312b0$9d193810$@samsung.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
When processing request to add/replace user-defined element set, check
of given element identifier and decision of numeric identifier is done
in "__snd_ctl_add_replace()" helper function. When the result of check
is wrong, the helper function returns error code. The error code shall
be returned to userspace application.
Current implementation includes bug to return zero to userspace application
regardless of the result. This commit fixes the bug.
Cc: <stable@vger.kernel.org>
Fixes: e1a7bfe380 ("ALSA: control: Fix race between adding and removing a user element")
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Link: https://lore.kernel.org/r/20201113092043.16148-1-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The function snd_seq_queue_client_termination() is only called from
the function seq_free_client1(). The function seq_free_client1() calls
the function snd_seq_queue_client_leave() and the function
snd_seq_queue_client_termination() together. Because the function
snd_seq_queue_client_leave() does all things, so the function
snd_seq_queue_client_termination() is a useless function.
Signed-off-by: Yu Hao <yuhaobehappy@gmail.com>
Link: https://lore.kernel.org/r/20201103223335.21831-1-yuhaobehappy@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Kernel-doc markups should use this format:
identifier - description
There is a common comment marked, instead, with kernel-doc
notation.
Some identifiers have different names between their prototypes
and the kernel-doc markup.
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/535182d6f55d7a7de293dda9676df68f5f60afc6.1603469755.git.mchehab+huawei@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Recently we applied a fix to cover the whole OSS sequencer ioctls with
the mutex for dealing with the possible races. This works fine in
general, but in theory, this may lead to unexpectedly long stall if an
ioctl like SNDCTL_SEQ_SYNC is issued and an event with the far future
timestamp was queued.
For fixing such a potential stall, this patch changes the mutex lock
applied conditionally excluding such an ioctl command. Also, change
the mutex_lock() with the interruptible version for user to allow
escaping from the big-hammer mutex.
Fixes: 80982c7e83 ("ALSA: seq: oss: Serialize ioctls")
Suggested-by: Pavel Machek <pavel@ucw.cz>
Link: https://lore.kernel.org/r/20200922083856.28572-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The recent change in lockdep for read lock caused the deadlock
warnings in ALSA control code which uses the read_lock() for
notification and else while write_lock_irqsave() is used for adding
and removing the list entry. Although a deadlock would practically
never hit in a real usage (the addition and the deletion can't happen
with the notification), it's better to fix the read_lock() usage in a
semantically correct way.
This patch replaces the read_lock() calls with read_lock_irqsave()
version for avoiding a reported deadlock. The notification code path
takes the irq disablement in anyway, and other code paths are very
short execution, hence there shouldn't be any big performance hit by
this change.
Fixes: e918188611 ("locking: More accurate annotations for read_lock()")
Reported-by: syzbot+561a74f84100162990b2@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200922084953.29018-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Using compat_alloc_user_space() tends to add complexity
to the ioctl handling, so I am trying to remove it everywhere.
The two callers in sound/core can rewritten to just call
the same code that operates on a kernel pointer as the
native handler.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200918095642.1446243-1-arnd@arndb.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The tasklet is an old API that should be deprecated, usually can be
converted to another decent API. In ALSA core timer API, the
callbacks can be offlined to a tasklet when a flag is set in the timer
backend. It can be achieved gracefully with a work queued in the
high-prio system workqueue.
This patch replaces the usage of tasklet in ALSA timer API with a
simple work. Currently the tasklet feature is used only in the system
timer and hrtimer backends, so both are patched to use the new flag
name SNDRV_TIMER_HW_WORK, too.
Link: https://lore.kernel.org/r/20200903104131.21097-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Back-merge to apply the tasklet conversion patches that are based
on the already applied tasklet API changes on 5.9-rc4.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix cppcheck warning:
sound/core/compress_offload.c:1044:6: style: Redundant initialization
for 'ret'. The initialized value is overwritten before it is
read. [redundantInitialization]
ret = snd_register_device(SNDRV_DEVICE_TYPE_COMPRESS,
^
sound/core/compress_offload.c:1034:10: note: ret is initialized
int ret = -EINVAL;
^
sound/core/compress_offload.c:1044:6: note: ret is overwritten
ret = snd_register_device(SNDRV_DEVICE_TYPE_COMPRESS,
^
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Acked-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/20200902212133.30964-8-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix cppcheck warning and only dereference once the initial checks are
done:
sound/core/compress_offload.c:516:38: warning: Either the condition
'!stream' is redundant or there is possible null pointer dereference:
stream. [nullPointerRedundantCheck]
struct snd_compr_runtime *runtime = stream->runtime;
^
sound/core/compress_offload.c:518:17: note: Assuming that condition
'!stream' is not redundant
if (snd_BUG_ON(!(stream) || !(stream)->runtime))
^
sound/core/compress_offload.c:516:38: note: Null pointer dereference
struct snd_compr_runtime *runtime = stream->runtime;
^
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Acked-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/20200902212133.30964-7-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cppcheck complains about a possible NULL pointer dereference but it
actually looks like the NULL assignment is not needed (same loop is
used in other parts of the file without it).
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20200902212133.30964-5-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix cppcheck warnings:
sound/core/pcm_memory.c:380:26: warning: Either the condition
'!substream' is redundant or there is possible null pointer
dereference: substream. [nullPointerRedundantCheck]
struct snd_card *card = substream->pcm->card;
^
sound/core/pcm_memory.c:384:6: note: Assuming that condition
'!substream' is not redundant
if (PCM_RUNTIME_CHECK(substream))
^
sound/core/pcm_memory.c:380:26: note: Null pointer dereference
struct snd_card *card = substream->pcm->card;
^
sound/core/pcm_memory.c:433:26: warning: Either the condition
'!substream' is redundant or there is possible null pointer
dereference: substream. [nullPointerRedundantCheck]
struct snd_card *card = substream->pcm->card;
^
sound/core/pcm_memory.c:436:6: note: Assuming that condition
'!substream' is not redundant
if (PCM_RUNTIME_CHECK(substream))
^
sound/core/pcm_memory.c:433:26: note: Null pointer dereference
struct snd_card *card = substream->pcm->card;
^
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20200902212133.30964-4-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix cppcheck, the fallthrough only makes sense within the conditional
block
sound/core/memalloc.c:161:3: style:inconclusive: Statements following
return, break, continue, goto or throw will never be
executed. [unreachableCode]
fallthrough;
^
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20200902212133.30964-3-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Fix sparse warning:
sound/core/pcm.c:999:9: warning: context imbalance in
'snd_pcm_detach_substream' - different lock contexts for basic block
There's no real reason to test the same thing twice, and it's simpler
have linear sequences.
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20200902212133.30964-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
In preparation for unconditionally passing the
struct tasklet_struct pointer to all tasklet
callbacks, switch to using the new tasklet_setup()
and from_tasklet() to pass the tasklet pointer explicitly.
Signed-off-by: Romain Perier <romain.perier@gmail.com>
Signed-off-by: Allen Pais <allen.lkml@gmail.com>
Link: https://lore.kernel.org/r/20200902040221.354941-2-allen.lkml@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The PCM OSS mulaw plugin has a check of the format of the counter part
whether it's a linear format. The check is with snd_BUG_ON() that
emits WARN_ON() when the debug config is set, and it confuses
syzkaller as if it were a serious issue. Let's drop snd_BUG_ON() for
avoiding that.
While we're at it, correct the error code to a more suitable, EINVAL.
Reported-by: syzbot+23b22dc2e0b81cbfcc95@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200901131802.18157-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This became wide and scattered updates all over the sound tree as
diffstat shows: lots of (still ongoing) refactoring works in ASoC,
fixes and cleanups caught by static analysis, inclusive term
conversions as well as lots of new drivers. Below are highlights:
ASoC core:
* API cleanups and conversions to the unified mute_stream() call
* Simplify I/O helper functions
* Use helper macros to retrieve RTD from substreams
ASoC drivers:
* Lots of fixes and cleanups in Intel ASoC drivers
* Lots of new stuff: Freescale MQS and i.MX6sx, Intel KeemBay I2S,
Maxim MAX98360A and MAX98373 SoundWire, various Mediatek boards,
nVidia Tegra 186 and 210, RealTek RL6231, Samsung Midas and Aries
boards, TI J721e EVM
ALSA core:
* Minor code refacotring for SG-buffer handling
HD-audio:
* Generalization of mute-LED handling with LED classdev
* Intel silent stream support for HDMI
* Device-specific fixes: CA0132, Loongson-3
Others:
* Usual USB- and HD-audio quirks for various devices
* Fixes for echoaudio DMA position handling
* Various documents and trivial fixes for sparse warnings
* Conversion to adapt inclusive terms
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl8r2C4OHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE892xAAg5LyExJUtC127P5zs5pX03FuHhZ/oftEcbO1
LUDE6VyWoLrHo7dmIvKANF2ppfu2hooyuYhFbOD/Wk2BtzmQq/cvrkzM/fjokXiu
G4jPbV6hhyV2bJ/zTAXPjr1rQNXbAAzvuyjKs+IufuWSGa3ktRd89xliqSHHVE/T
L0us45WpvfsaiCWElUvWaM1Fyex6aOBeKV19WjQYzv213CcgFhQr/0HxI8uN4Uxc
Fd89PRXFVJvPwb1L6hPw2X8Yj8BK+6xWqsHsQhqECkyprrh7o5m5XwqyEdK5NRms
f5hrisze5h6jqbY8TlvRpZkrJ495Ek1W85FndvRgOM671Y1mMPtC/2qYb1YU/jBO
yCFq26JNeM/X1W+KJqvCbMwQn5af33pIQ++P18fn0MF1agnOWNHxWa0vaEuFcFAy
Du8BQ8ovOzHAxKSWwRCakq/pRKijiBdfizOZIDMgSP0g/4oBVWDfA9eGwgQQ35J9
RlSx+1bm3v5RigPQa/y8B9/+4W50DSrA/q0eMkwE5bYh7Xh05Vapf7khh/vgEsEu
m7/tKhC26D/RcdbnHxBRH2UARCBNIcbZdsOlIVveX+/6ObyegFZOOzHbDb4huAdD
G2Q/sFmPuWM+R0J/C9RuMCjhKRQgPCuXDT0CJXrvgORV6BxpONcfcnXb89QbEWw5
E+eW+/I=
=sy7n
-----END PGP SIGNATURE-----
Merge tag 'sound-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound updates from Takashi Iwai:
"This became wide and scattered updates all over the sound tree as
diffstat shows: lots of (still ongoing) refactoring works in ASoC,
fixes and cleanups caught by static analysis, inclusive term
conversions as well as lots of new drivers. Below are highlights:
ASoC core:
- API cleanups and conversions to the unified mute_stream() call
- Simplify I/O helper functions
- Use helper macros to retrieve RTD from substreams
ASoC drivers:
- Lots of fixes and cleanups in Intel ASoC drivers
- Lots of new stuff: Freescale MQS and i.MX6sx, Intel KeemBay I2S,
Maxim MAX98360A and MAX98373 SoundWire, various Mediatek boards,
nVidia Tegra 186 and 210, RealTek RL6231, Samsung Midas and Aries
boards, TI J721e EVM
ALSA core:
- Minor code refacotring for SG-buffer handling
HD-audio:
- Generalization of mute-LED handling with LED classdev
- Intel silent stream support for HDMI
- Device-specific fixes: CA0132, Loongson-3
Others:
- Usual USB- and HD-audio quirks for various devices
- Fixes for echoaudio DMA position handling
- Various documents and trivial fixes for sparse warnings
- Conversion to adopt inclusive terms"
* tag 'sound-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (479 commits)
ALSA: pci: delete repeated words in comments
ALSA: isa: delete repeated words in comments
ALSA: hda/tegra: Add 100us dma stop delay
ALSA: hda: Add dma stop delay variable
ASoC: hda/tegra: Set buffer alignment to 128 bytes
ALSA: seq: oss: Serialize ioctls
ALSA: hda/hdmi: Add quirk to force connectivity
ALSA: usb-audio: add startech usb audio dock name
ALSA: usb-audio: Add support for Lenovo ThinkStation P620
Revert "ALSA: hda: call runtime_allow() for all hda controllers"
ALSA: hda/ca0132 - Fix AE-5 microphone selection commands.
ALSA: hda/ca0132 - Add new quirk ID for Recon3D.
ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value.
ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops
ALSA: docs: fix typo
ALSA: doc: use correct config variable name
ASoC: core: Two step component registration
ASoC: core: Simplify snd_soc_component_initialize declaration
ASoC: core: Relocate and expose snd_soc_component_initialize
ASoC: sh: Replace 'select' DMADEVICES 'with depends on'
...
Some ioctls via OSS sequencer API may race and lead to UAF when the
port create and delete are performed concurrently, as spotted by a
couple of syzkaller cases. This patch is an attempt to address it by
serializing the ioctls with the existing register_mutex.
Basically OSS sequencer API is an obsoleted interface and was designed
without much consideration of the concurrency. There are very few
applications with it, and the concurrent performance isn't asked,
hence this "big hammer" approach should be good enough.
Reported-by: syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com
Reported-by: syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com
Suggested-by: Hillf Danton <hdanton@sina.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200804185815.2453-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This PR became fairly large, containing mostly the collection of
ASoC fixes that slipped from the previous request, so I sent now
a bit earlier than usual. But all changes look small and mostly
device-specific, hence nothing to worry too much.
Majority of changes are for x86 based platforms and their CODEC
drivers, in order to address some issues hit by their recent tests
and fuzzing. The rest are other ASoC device-specific fixes (imx,
qcom, wm8974, amd, rockchip) as well as a trivial fix for a kernel
WARNING hit by syzkaller.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl8WqvQOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE8KEA/+MZ+3jkFFinrq+mPPPZOJdMe10XxT1moZrjie
H+cA6623iVhnKMB9JKMSncroSpgw7OaFlYP1tGfsQkD32rglubUhAqAs7Up3ve9O
tzVLqyaxwNmy6I38n7g2TUlEIvJyRCiC2pR97XrtqiAmsRDheYBsn8lEN2Ie6eUF
uAftr6DHJ5lHeYMWFBwN1fjbg4vMZGAFEtK4czme05b0n2gHo4AnXGfpnxYwYhfN
5WRQm12rtjDsWPC9Rk32auZBH9qnHeGALRCYWlRje4XfbaFnSgbID9/NWNodXjR7
m92Tw5bEV9SQx+0kNd3+ibGp0RLrgfMitp3hlv2as5GHTlQi2nfLWnWmWUzWFflR
TKbcpwOANwncMx/KrfEkcqEt0cozMRL3MgkSaXvbarv8ZAyzJGYYIvNXLpA+AHLu
ryj02Cc7wyTO5Axv7fqF9yNM53mfu6TEPkdtTGOjszTkkf2OknZYjiB4ci47elZm
3db303JZVmW09b3qNcrNJ273LWxIRaGbFOe1KExfHB1lsBnlufNSVY3+spDl35Cu
u5w96oCF6KO/j2f3iKUdMT88XfRxsheN9GnU7g3iso8Ewdk7szzhfE8Ynlz+Zyca
74fyNbowjBrU/FZzY4VopvqQqfNG9mYazQEH+EIBSLUIoGXaKSz+Xnrfz7BgZvCu
TEb1sB4=
=iAZG
-----END PGP SIGNATURE-----
Merge tag 'sound-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound into master
Pull sound fixes from Takashi Iwai:
"This became fairly large, containing mostly the collection of ASoC
fixes that slipped from the previous request, so I sent now a bit
earlier than usual. But all changes look small and mostly
device-specific, hence nothing to worry too much.
Majority of changes are for x86 based platforms and their CODEC
drivers, in order to address some issues hit by their recent tests and
fuzzing. The rest are other ASoC device-specific fixes (imx, qcom,
wm8974, amd, rockchip) as well as a trivial fix for a kernel WARNING
hit by syzkaller"
* tag 'sound-5.8-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (28 commits)
ALSA: hda/realtek: Fixed ALC298 sound bug by adding quirk for Samsung Notebook Pen S
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ASoC: rt5682: Report the button event in the headset type only
ASoC: Intel: bytcht_es8316: Add missed put_device()
ASoC: rt5682: Enable Vref2 under using PLL2
ASoC: rt286: fix unexpected interrupt happens
ASoC: wm8974: remove unsupported clock mode
ASoC: wm8974: fix Boost Mixer Aux Switch
ASoC: SOF: core: fix null-ptr-deref bug during device removal
ASoc: codecs: max98373: remove Idle_bias_on to let codec suspend
ASoC: codecs: max98373: Removed superfluous volume control from chip default
ASoC: topology: fix tlvs in error handling for widget_dmixer
ASoC: topology: fix kernel oops on route addition error
ASoC: SOF: imx: add min/max channels for SAI/ESAI on i.MX8/i.MX8M
ASoC: Intel: bdw-rt5677: fix non BE conversion
ASoC: soc-dai: set dai_link dpcm_ flags with a helper
MAINTAINERS: Add Shengjiu to reviewer list of sound/soc/fsl
ASoC: core: Remove only the registered component in devm functions
MAINTAINERS: Change Maintainer for some at91 drivers
ASoC: dt-bindings: simple-card: Fix 'make dt_binding_check' warnings
...
Follow the recent inclusive terminology guidelines and replace the
word "slave" in vmaster API. I chose the word "follower" at this time
since it seems fitting for the purpose.
Note that the word "master" is kept in API, since it refers rather to
audio master volume control.
Also, while we're at it, a typo in comments is corrected, too.
Link: https://lore.kernel.org/r/20200717154517.27599-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_info_get_line() has a sanity check of NULL buffer -- both buffer
itself being NULL and buffer->buffer being NULL. Basically both
checks are valid and necessary, but the problem is that it's with
snd_BUG_ON() macro that triggers WARN_ON(). The latter condition
(NULL buffer->buffer) can be met arbitrarily by user since the buffer
is allocated at the first write, so it means that user can trigger
WARN_ON() at will.
This patch addresses it by simply moving buffer->buffer NULL check out
of snd_BUG_ON() so that spurious WARNING is no longer triggered.
Reported-by: syzbot+e42d0746c3c3699b6061@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200717084023.5928-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This reverts commit 3ad796cbc3 ("ALSA: pcm: Use SG-buffer only when
direct DMA is available") also the modification commit 467fd0e82b
("ALSA: pcm: Fix build error on m68k and others").
Poking the DMA internal helper is a layer violation, so we should
avoid that. Meanwhile the actual bug has been addressed by the
Kconfig fix in commit dbed452a07 ("dma-pool: decouple DMA_REMAP from
DMA_COHERENT_POOL"), so we can live without this hack.
Link: https://lore.kernel.org/r/20200717064130.22957-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Using uninitialized_var() is dangerous as it papers over real bugs[1]
(or can in the future), and suppresses unrelated compiler warnings
(e.g. "unused variable"). If the compiler thinks it is uninitialized,
either simply initialize the variable or make compiler changes.
In preparation for removing[2] the[3] macro[4], remove all remaining
needless uses with the following script:
git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \
xargs perl -pi -e \
's/\buninitialized_var\(([^\)]+)\)/\1/g;
s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;'
drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid
pathological white-space.
No outstanding warnings were found building allmodconfig with GCC 9.3.0
for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64,
alpha, and m68k.
[1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
[2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
[3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
[4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/
Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5
Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB
Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers
Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs
Signed-off-by: Kees Cook <keescook@chromium.org>
A collection of small, mostly device-specific fixes.
The significant one is the regression fix for USB-audio implicit
feedback devices due to the incorrect frame size calculation, which
landed in 5.8 and stable trees. In addition, a few usual HD-audio
and USB-audio quirks, Intel HDMI fixes, ASoC fsl and rt5682 fixes,
as well as the fix in compress-offload partial drain operation.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl8EhgkOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9Vgg/8CsHDhio415pxnrz/KtbcHhFyjUz5Uh0VoLs2
OJzO78BP0rL5C9RhqZN0oa88bjo/fQcRBhdvnsE7OyoM+Jm+icg3k/to41S8TWQ7
3GBViwu9C9RTMfU4yQ6KeGP5vk5KfZ5xTTkBQqscVRrolMevvgc0iSHen/J5lEQ4
O+QnRKdqL0Hv2zaBKgmkGymMR7lXa9x4TQ3X0Cm69G7G5XRdaX4RqfoUmB62PjXt
09wH7V7kc6Zqn+C2M95q4uEno6I/WF+2cJ+QjbYXinnQIK3HQkAzAPthTYgP0Thl
uM6AmwAWkuE6H1vScl5a/MlXeHGJjseBrjxtfZgVEE6TPFjxYlXzWrm/gtISSvbk
bZ111cRyW3c1ouphJvHIWvBj5rr3C1VgpQ0FwWK9t1RICN6csP/eTmKPICpCOy2O
OPOhcZRKvl9dBsfqPOmXkDBUHTbLlSJ/8fHVWgK0H+F2t2IkSP6Q2lBhhb3MDQTZ
8LL4YdBBNgbiTFXp4zG3ngRhmO8PCDs0oUrIzMDFk/7w50C8CjFG+l6tpKH9g/UL
KlihbKocy0kFTUvD93WumgTvjHgmNvCn2oOECAZQ3h7Vcxu5W1L8AA0AsxufQ9xE
8j3XXBCCiECYuJ7WUUy6teqngTosmMiZFHO9aE8nsr3K3HMiQuz7cv34n1zCJPnc
FdJkgKk=
=gDdf
-----END PGP SIGNATURE-----
Merge tag 'sound-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small, mostly device-specific fixes.
The significant one is the regression fix for USB-audio implicit
feedback devices due to the incorrect frame size calculation, which
landed in 5.8 and stable trees.
In addition, a few usual HD-audio and USB-audio quirks, Intel HDMI
fixes, ASoC fsl and rt5682 fixes, as well as the fix in
compress-offload partial drain operation"
* tag 'sound-5.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: compress: fix partial_drain completion state
ALSA: usb-audio: Add implicit feedback quirk for RTX6001
ALSA: usb-audio: add quirk for MacroSilicon MS2109
ALSA: hda/realtek: Enable headset mic of Acer Veriton N4660G with ALC269VC
ALSA: hda/realtek: Enable headset mic of Acer C20-820 with ALC269VC
ALSA: hda/realtek - Enable audio jacks of Acer vCopperbox with ALC269VC
ALSA: hda/realtek - Fix Lenovo Thinkpad X1 Carbon 7th quirk subdevice id
ALSA: hda/hdmi: improve debug traces for stream lookups
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
ALSA: opl3: fix infoleak in opl3
ALSA: usb-audio: Replace s/frame/packet/ where appropriate
ALSA: usb-audio: Fix packet size calculation
AsoC: amd: add missing snd- module prefix to the acp3x-rn driver kernel module
ALSA: hda - let hs_mic be picked ahead of hp_mic
ASoC: rt5682: fix the pop noise while OMTP type headset plugin
ASoC: fsl_mqs: Fix unchecked return value for clk_prepare_enable
ASoC: fsl_mqs: Don't check clock is NULL before calling clk API
The commit 3ad796cbc3 ("ALSA: pcm: Use SG-buffer only when direct
DMA is available") introduced a check of the DMA type and this caused
a build error on m68k (and possibly some others) due to the lack of
dma_is_direct() definition. Since the check is needed only for
CONFIG_SND_DMA_SGBUF enablement (i.e. solely x86), use #ifdef instead
of IS_ENABLED() for avoiding such a build error.
Fixes: 3ad796cbc3 ("ALSA: pcm: Use SG-buffer only when direct DMA is available")
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20200707111225.26826-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
On partial_drain completion we should be in SNDRV_PCM_STATE_RUNNING
state, so set that for partially draining streams in
snd_compr_drain_notify() and use a flag for partially draining streams
While at it, add locks for stream state change in
snd_compr_drain_notify() as well.
Fixes: f44f2a5417 ("ALSA: compress: fix drain calls blocking other compress functions (v6)")
Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Tested-by: Charles Keepax <ckeepax@opensource.cirrus.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Link: https://lore.kernel.org/r/20200629134737.105993-4-vkoul@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The module argument passed to snd_card_new() must be a valid non-NULL
pointer when the module support is enabled. Since ASoC driver passes
the argument from each snd_soc_card definition, one may forget to set
the owner field and lead to a NULL module easily.
For catching such an overlook, add a WARN_ON() in snd_card_new().
Also, put the card->module assignment in the ifdef block for a very
minor optimization.
Link: https://lore.kernel.org/r/20200624160300.21703-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>