Commit Graph

64 Commits

Author SHA1 Message Date
Takashi Iwai 816f318b23 ALSA: rawmidi: Fix possible deadlock with virmidi registration
When a seq-virmidi driver is initialized, it registers a rawmidi
instance with its callback to create an associated seq kernel client.
Currently it's done throughly in rawmidi's register_mutex context.
Recently it was found that this may lead to a deadlock another rawmidi
device that is being attached with the sequencer is accessed, as both
open with the same register_mutex.  This was actually triggered by
syzkaller, as Dmitry Vyukov reported:

======================================================
 [ INFO: possible circular locking dependency detected ]
 4.8.0-rc1+ #11 Not tainted
 -------------------------------------------------------
 syz-executor/7154 is trying to acquire lock:
  (register_mutex#5){+.+.+.}, at: [<ffffffff84fd6d4b>] snd_rawmidi_kernel_open+0x4b/0x260 sound/core/rawmidi.c:341

 but task is already holding lock:
  (&grp->list_mutex){++++.+}, at: [<ffffffff850138bb>] check_and_subscribe_port+0x5b/0x5c0 sound/core/seq/seq_ports.c:495

 which lock already depends on the new lock.

 the existing dependency chain (in reverse order) is:

 -> #1 (&grp->list_mutex){++++.+}:
    [<ffffffff8147a3a8>] lock_acquire+0x208/0x430 kernel/locking/lockdep.c:3746
    [<ffffffff863f6199>] down_read+0x49/0xc0 kernel/locking/rwsem.c:22
    [<     inline     >] deliver_to_subscribers sound/core/seq/seq_clientmgr.c:681
    [<ffffffff85005c5e>] snd_seq_deliver_event+0x35e/0x890 sound/core/seq/seq_clientmgr.c:822
    [<ffffffff85006e96>] > snd_seq_kernel_client_dispatch+0x126/0x170 sound/core/seq/seq_clientmgr.c:2418
    [<ffffffff85012c52>] snd_seq_system_broadcast+0xb2/0xf0 sound/core/seq/seq_system.c:101
    [<ffffffff84fff70a>] snd_seq_create_kernel_client+0x24a/0x330 sound/core/seq/seq_clientmgr.c:2297
    [<     inline     >] snd_virmidi_dev_attach_seq sound/core/seq/seq_virmidi.c:383
    [<ffffffff8502d29f>] snd_virmidi_dev_register+0x29f/0x750 sound/core/seq/seq_virmidi.c:450
    [<ffffffff84fd208c>] snd_rawmidi_dev_register+0x30c/0xd40 sound/core/rawmidi.c:1645
    [<ffffffff84f816d3>] __snd_device_register.part.0+0x63/0xc0 sound/core/device.c:164
    [<     inline     >] __snd_device_register sound/core/device.c:162
    [<ffffffff84f8235d>] snd_device_register_all+0xad/0x110 sound/core/device.c:212
    [<ffffffff84f7546f>] snd_card_register+0xef/0x6c0 sound/core/init.c:749
    [<ffffffff85040b7f>] snd_virmidi_probe+0x3ef/0x590 sound/drivers/virmidi.c:123
    [<ffffffff833ebf7b>] platform_drv_probe+0x8b/0x170 drivers/base/platform.c:564
    ......

 -> #0 (register_mutex#5){+.+.+.}:
    [<     inline     >] check_prev_add kernel/locking/lockdep.c:1829
    [<     inline     >] check_prevs_add kernel/locking/lockdep.c:1939
    [<     inline     >] validate_chain kernel/locking/lockdep.c:2266
    [<ffffffff814791f4>] __lock_acquire+0x4d44/0x4d80 kernel/locking/lockdep.c:3335
    [<ffffffff8147a3a8>] lock_acquire+0x208/0x430 kernel/locking/lockdep.c:3746
    [<     inline     >] __mutex_lock_common kernel/locking/mutex.c:521
    [<ffffffff863f0ef1>] mutex_lock_nested+0xb1/0xa20 kernel/locking/mutex.c:621
    [<ffffffff84fd6d4b>] snd_rawmidi_kernel_open+0x4b/0x260 sound/core/rawmidi.c:341
    [<ffffffff8502e7c7>] midisynth_subscribe+0xf7/0x350 sound/core/seq/seq_midi.c:188
    [<     inline     >] subscribe_port sound/core/seq/seq_ports.c:427
    [<ffffffff85013cc7>] check_and_subscribe_port+0x467/0x5c0 sound/core/seq/seq_ports.c:510
    [<ffffffff85015da9>] snd_seq_port_connect+0x2c9/0x500 sound/core/seq/seq_ports.c:579
    [<ffffffff850079b8>] snd_seq_ioctl_subscribe_port+0x1d8/0x2b0 sound/core/seq/seq_clientmgr.c:1480
    [<ffffffff84ffe9e4>] snd_seq_do_ioctl+0x184/0x1e0 sound/core/seq/seq_clientmgr.c:2225
    [<ffffffff84ffeae8>] snd_seq_kernel_client_ctl+0xa8/0x110 sound/core/seq/seq_clientmgr.c:2440
    [<ffffffff85027664>] snd_seq_oss_midi_open+0x3b4/0x610 sound/core/seq/oss/seq_oss_midi.c:375
    [<ffffffff85023d67>] snd_seq_oss_synth_setup_midi+0x107/0x4c0 sound/core/seq/oss/seq_oss_synth.c:281
    [<ffffffff8501b0a8>] snd_seq_oss_open+0x748/0x8d0 sound/core/seq/oss/seq_oss_init.c:274
    [<ffffffff85019d8a>] odev_open+0x6a/0x90 sound/core/seq/oss/seq_oss.c:138
    [<ffffffff84f7040f>] soundcore_open+0x30f/0x640 sound/sound_core.c:639
    ......

 other info that might help us debug this:

 Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(&grp->list_mutex);
                                lock(register_mutex#5);
                                lock(&grp->list_mutex);
   lock(register_mutex#5);

 *** DEADLOCK ***
======================================================

The fix is to simply move the registration parts in
snd_rawmidi_dev_register() to the outside of the register_mutex lock.
The lock is needed only to manage the linked list, and it's not
necessarily to cover the whole initialization process.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-09-08 10:45:20 +02:00
Takashi Iwai 81f577542a ALSA: rawmidi: Fix race at copying & updating the position
The rawmidi read and write functions manage runtime stream status
such as runtime->appl_ptr and runtime->avail.  These point where to
copy the new data and how many bytes have been copied (or to be
read).  The problem is that rawmidi read/write call copy_from_user()
or copy_to_user(), and the runtime spinlock is temporarily unlocked
and relocked while copying user-space.  Since the current code
advances and updates the runtime status after the spin unlock/relock,
the copy and the update may be asynchronous, and eventually
runtime->avail might go to a negative value when many concurrent
accesses are done.  This may lead to memory corruption in the end.

For fixing this race, in this patch, the status update code is
performed in the same lock before the temporary unlock.  Also, the
spinlock is now taken more widely in snd_rawmidi_kernel_read1() for
protecting more properly during the whole operation.

BugLink: http://lkml.kernel.org/r/CACT4Y+b-dCmNf1GpgPKfDO0ih+uZCL2JV4__j-r1kdhPLSgQCQ@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-03 14:51:42 +01:00
Takashi Iwai 06ab30034e ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
A kernel WARNING in snd_rawmidi_transmit_ack() is triggered by
syzkaller fuzzer:
  WARNING: CPU: 1 PID: 20739 at sound/core/rawmidi.c:1136
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff82999e2d>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [<ffffffff81352089>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [<ffffffff813522b9>] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [<ffffffff84f80bd5>] snd_rawmidi_transmit_ack+0x275/0x400 sound/core/rawmidi.c:1136
 [<ffffffff84fdb3c1>] snd_virmidi_output_trigger+0x4b1/0x5a0 sound/core/seq/seq_virmidi.c:163
 [<     inline     >] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [<ffffffff84f87ed9>] snd_rawmidi_kernel_write1+0x549/0x780 sound/core/rawmidi.c:1223
 [<ffffffff84f89fd3>] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1273
 [<ffffffff817b0323>] __vfs_write+0x113/0x480 fs/read_write.c:528
 [<ffffffff817b1db7>] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [<     inline     >] SYSC_write fs/read_write.c:624
 [<ffffffff817b50a1>] SyS_write+0x111/0x220 fs/read_write.c:616
 [<ffffffff86336c36>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

Also a similar warning is found but in another path:
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff82be2c0d>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
 [<ffffffff81355139>] warn_slowpath_common+0xd9/0x140 kernel/panic.c:482
 [<ffffffff81355369>] warn_slowpath_null+0x29/0x30 kernel/panic.c:515
 [<ffffffff8527e69a>] rawmidi_transmit_ack+0x24a/0x3b0 sound/core/rawmidi.c:1133
 [<ffffffff8527e851>] snd_rawmidi_transmit_ack+0x51/0x80 sound/core/rawmidi.c:1163
 [<ffffffff852d9046>] snd_virmidi_output_trigger+0x2b6/0x570 sound/core/seq/seq_virmidi.c:185
 [<     inline     >] snd_rawmidi_output_trigger sound/core/rawmidi.c:150
 [<ffffffff85285a0b>] snd_rawmidi_kernel_write1+0x4bb/0x760 sound/core/rawmidi.c:1252
 [<ffffffff85287b73>] snd_rawmidi_write+0x543/0xb30 sound/core/rawmidi.c:1302
 [<ffffffff817ba5f3>] __vfs_write+0x113/0x480 fs/read_write.c:528
 [<ffffffff817bc087>] vfs_write+0x167/0x4a0 fs/read_write.c:577
 [<     inline     >] SYSC_write fs/read_write.c:624
 [<ffffffff817bf371>] SyS_write+0x111/0x220 fs/read_write.c:616
 [<ffffffff86660276>] entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

In the former case, the reason is that virmidi has an open code
calling snd_rawmidi_transmit_ack() with the value calculated outside
the spinlock.   We may use snd_rawmidi_transmit() in a loop just for
consuming the input data, but even there, there is a race between
snd_rawmidi_transmit_peek() and snd_rawmidi_tranmit_ack().

Similarly in the latter case, it calls snd_rawmidi_transmit_peek() and
snd_rawmidi_tranmit_ack() separately without protection, so they are
racy as well.

The patch tries to address these issues by the following ways:
- Introduce the unlocked versions of snd_rawmidi_transmit_peek() and
  snd_rawmidi_transmit_ack() to be called inside the explicit lock.
- Rewrite snd_rawmidi_transmit() to be race-free (the former case).
- Make the split calls (the latter case) protected in the rawmidi spin
  lock.

BugLink: http://lkml.kernel.org/r/CACT4Y+YPq1+cYLkadwjWa5XjzF1_Vki1eHnVn-Lm0hzhSpu5PA@mail.gmail.com
BugLink: http://lkml.kernel.org/r/CACT4Y+acG4iyphdOZx47Nyq_VHGbpJQK-6xNpiqUjaZYqsXOGw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-03 14:51:28 +01:00
Takashi Iwai cc85f7a634 ALSA: rawmidi: Remove kernel WARNING for NULL user-space buffer check
NULL user-space buffer can be passed even in a normal path, thus it's
not good to spew a kernel warning with stack trace at each time.
Just drop snd_BUG_ON() macro usage there.

BugLink: http://lkml.kernel.org/r/CACT4Y+YfVJ3L+q0i-4vyQVyyPD7V=OMX0PWPi29x9Bo3QaBLdw@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-01 12:22:59 +01:00
Takashi Iwai ec0e9937aa ALSA: core: Drop superfluous error/debug messages after malloc failures
The kernel memory allocators already report the errors when the
requested allocation fails, thus we don't need to warn it again in
each caller side.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-10 15:42:14 +01:00
Takashi Iwai 40a4b26385 ALSA: Simplify snd_device_register() variants
Now that all callers have been replaced with
snd_device_register_for_dev(), let's drop the obsolete device
registration code and concentrate only on the code handling struct
device directly.  That said,

- remove the old snd_device_register(),
- rename snd_device_register_for_dev() with snd_device_register(),
- drop superfluous arguments from snd_device_register(),
- change snd_unregister_device() to pass the device pointer directly

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 17:01:26 +01:00
Takashi Iwai 07cc3e8bd5 ALSA: rawmidi: Use rawmidi device file for kernel messages
... instead of card's device.  This will be helpful to distinguish
errors from multiple rawmidi devices on a single card.

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 14:42:43 +01:00
Takashi Iwai aee5012fbb ALSA: rawmidi: Embed struct device
Like previous patches, this changes the device management for rawmidi,
embedding the struct device into struct snd_rawmidi.  The required
change is more or less same as hwdep device.

The currently unused dev field is reused as the new embedded struct
field now.

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 14:42:43 +01:00
Takashi Iwai 23c18d4bfd ALSA: control: Provide a helper to look for the preferred subdevice
Instead of open-coding the search over the control file loop, provide
a helper function for the preferred subdevice assigned to the current
process.

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 14:21:21 +01:00
Takashi Iwai 6776a5d712 ALSA: Move EXPORT_SYMBOL() in appropriate places
Just a cleanup to follow the standard coding style.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-27 16:00:51 +01:00
Takashi Iwai ca20d29275 ALSA: rawmidi: Use standard printk helpers
Use dev_err() & co as much as possible.  If not available (no device
assigned at the calling point), use pr_xxx() helpers instead.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-14 08:14:16 +01:00
Takashi Iwai 80d7d771ae ALSA: Drop unused name argument in snd_register_oss_device()
The last argument, name, of snd_oss_register_device() is nowhere
referred in the function in the current code.  Let's drop it.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-12 10:58:19 +01:00
Masanari Iida 0a11458cbb ALSA: Fix typos in alsa-driver-api.xml
This patch fixed 2 typos in DocBook/alsa-driver-api.xml.
It is because this file is generated by make xmldocs,
I have to fix typos within source files.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-10 09:47:08 +01:00
Yacine Belkadi eb7c06e8e9 ALSA: add/change some comments describing function return values
script/kernel-doc reports the following type of warnings (when run in verbose
mode):

Warning(sound/core/init.c:152): No description found for return value of
'snd_card_create'

To fix that:
- add missing descriptions of function return values
- use "Return:" sections to describe those return values

Along the way:
- complete some descriptions
- fix some typos

Signed-off-by: Yacine Belkadi <yacine.belkadi.1@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-03-12 08:32:53 +01:00
Takashi Iwai 0914f7961b ALSA: Avoid endless sleep after disconnect
When disconnect callback is called, each component should wake up
sleepers and check card->shutdown flag for avoiding the endless sleep
blocking the proper resource release.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-10-30 11:07:15 +01:00
Takashi Iwai a0830dbd4e ALSA: Add a reference counter to card instance
For more strict protection for wild disconnections, a refcount is
introduced to the card instance, and let it up/down when an object is
referred via snd_lookup_*() in the open ops.

The free-after-last-close check is also changed to check this refcount
instead of the empty list, too.

Reported-by: Matthieu CASTET <matthieu.castet@parrot.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-10-30 11:07:10 +01:00
Paul Gortmaker 65a772172b sound: fix drivers needing module.h not moduleparam.h
The implicit presence of module.h lured several users into
incorrectly thinking that they only needed/used modparam.h
but once we clean up the module.h presence, these will show
up as build failures, so fix 'em now.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-10-31 19:31:19 -04:00
Takashi Iwai 3101ba035c ALSA: Use krealloc() in possible places
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-07-12 08:05:16 +02:00
Takashi Iwai b3c705aa9e ALSA: rawmidi - Use workq for event handling
Kill tasklet usage in rawmidi core code.  Use workq for the event callback
instead of tasklet (which is used only in core/seq/seq_midi.c).

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-06-14 14:37:06 +02:00
Clemens Ladisch aa73aec6c3 ALSA: rawmidi: fix oops (use after free) when unloading a driver module
When a driver module is unloaded and the last still open file is a raw
MIDI device, the card and its devices will be actually freed in the
snd_card_file_remove() call when that file is closed.  Afterwards, rmidi
and rmidi->card point into freed memory, so the module pointer is likely
to be garbage.
(This was introduced by commit 9a1b64caac82aa02cb74587ffc798e6f42c6170a.)

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Krzysztof Foltman <wdev@foltman.com>
Cc: 2.6.30-2.6.35 <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-10-17 10:11:40 +02:00
Dan Carpenter a7a13d0676 ALSA: rawmidi: fix the get next midi device ioctl
If we pass in a device which is higher than SNDRV_RAWMIDI_DEVICES then
the "next device" should be -1.  This function just returns device + 1.

But the main thing is that "device + 1" can lead to a (harmless) integer
overflow and that annoys static analysis tools.

[fix the case for device == SNDRV_RAWMIDI_DEVICE by tiwai]

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-09 09:05:21 +02:00
Takashi Iwai 02f4865fa4 ALSA: core - Define llseek fops
Set no_llseek to llseek file ops of each sound component (but for hwdep).
This avoids the implicit BKL invocation via generic_file_llseek() used
as default when fops.llseek is NULL.

Also call nonseekable_open() at each open ops to ensure the file flags
have no seek bit.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-04-13 12:01:21 +02:00
Christoph Hellwig 6b2f3d1f76 vfs: Implement proper O_SYNC semantics
While Linux provided an O_SYNC flag basically since day 1, it took until
Linux 2.4.0-test12pre2 to actually get it implemented for filesystems,
since that day we had generic_osync_around with only minor changes and the
great "For now, when the user asks for O_SYNC, we'll actually give
O_DSYNC" comment.  This patch intends to actually give us real O_SYNC
semantics in addition to the O_DSYNC semantics.  After Jan's O_SYNC
patches which are required before this patch it's actually surprisingly
simple, we just need to figure out when to set the datasync flag to
vfs_fsync_range and when not.

This patch renames the existing O_SYNC flag to O_DSYNC while keeping it's
numerical value to keep binary compatibility, and adds a new real O_SYNC
flag.  To guarantee backwards compatiblity it is defined as expanding to
both the O_DSYNC and the new additional binary flag (__O_SYNC) to make
sure we are backwards-compatible when compiled against the new headers.

This also means that all places that don't care about the differences can
just check O_DSYNC and get the right behaviour for O_SYNC, too - only
places that actuall care need to check __O_SYNC in addition.  Drivers and
network filesystems have been updated in a fail safe way to always do the
full sync magic if O_DSYNC is set.  The few places setting O_SYNC for
lower layers are kept that way for now to stay failsafe.

We enforce that O_DSYNC is set when __O_SYNC is set early in the open path
to make sure we always get these sane options.

Note that parisc really screwed up their headers as they already define a
O_DSYNC that has always been a no-op.  We try to repair it by using it for
the new O_DSYNC and redefinining O_SYNC to send both the traditional
O_SYNC numerical value _and_ the O_DSYNC one.

Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Grant Grundler <grundler@parisc-linux.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Dilger <adilger@sun.com>
Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: Kyle McMartin <kyle@mcmartin.ca>
Acked-by: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jan Kara <jack@suse.cz>
2009-12-10 15:02:50 +01:00
Clemens Ladisch 7584af10cf sound: rawmidi: record a substream's owner process
Record the pid of the task that opened a RawMIDI substream.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-10 16:32:38 +01:00
Clemens Ladisch 91d12c485b sound: rawmidi: fix opened substreams count
The substream_opened field is to count the number of opened substreams,
not the number of times that any substreams have been opened.

Furthermore, all substreams being opened does not imply that the next
open would fail, due to the possibility of O_APPEND.  With this wrong
check, opening a substream multiple times would succeed only if the
device had more unopened substreams.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-10 16:32:10 +01:00
Takashi Iwai 3f225c07c7 Merge branch 'topic/ctl-pid-lock' into topic/core-change 2009-11-10 16:30:03 +01:00
Clemens Ladisch b7fe750fcc sound: rawmidi: fix MIDI device O_APPEND error handling
Commit 9a1b64caac in 2.6.30 broke the
error handling code in rawmidi_open_priv().

If only the output substream of a RawMIDI device has been opened and
if this device is then opened with O_RDWR | O_APPEND and if the
initialization of the input substream fails (either because of low
memory or because the device driver's open callback fails), then the
runtime structure of the already open output substream will be freed
and all following writes through the first handle will cause
snd_rawmidi_write() to use the NULL runtime pointer.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-10 16:22:59 +01:00
Clemens Ladisch 16fb109644 sound: rawmidi: fix checking of O_APPEND when opening MIDI device
Commit 9a1b64caac in 2.6.30 dropped the
check that a substream must already have been opened with O_APPEND to be
able to open it a second time.

This would make it possible for a substream to be switched to append
mode, which would mean that non-atomic writes would fail unexpectedly.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-10 16:21:30 +01:00
Clemens Ladisch 8579d2d777 sound: rawmidi: fix double init when opening MIDI device with O_APPEND
Commit 9a1b64caac in 2.6.30 moved the
substream initialization code to where it would be executed every time
the substream is opened.

This had the consequence that any further opening would drop and leak
the data in the existing buffer, and that the device driver's open
callback would be called multiple times, unexpectedly.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-10 16:20:43 +01:00
Clemens Ladisch 25d27eded1 control: use reference-counted pid
Instead of storing the PID number, take a reference to the task's pid
structure.  This protects against duplicates due to PID overflows, and
using pid_vnr() ensures that the PID returned by snd_ctl_elem_info() is
correct as seen from the current namespace.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-06 14:32:06 +01:00
Clemens Ladisch 2d4b842014 sound: rawmidi: disable active-sensing-on-close by default
Sending an Active Sensing message when closing a port can interfere with
the following data if the port is reopened and a note-on is sent before
the device's timeout has elapsed.  Therefore, it is better to disable
this setting by default.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-07-15 11:57:20 +02:00
Takashi Iwai 9a1b64caac ALSA: rawmidi - Refactor rawmidi open/close codes
Refactor rawmidi open/close code messes.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-03-09 15:17:23 +01:00
Takashi Iwai f9d202833d ALSA: rawmidi - Fix possible race in open
The module refcount should be handled in the register_mutex to avoid
possible races with module unloading.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-03-09 15:17:21 +01:00
Takashi Iwai 1f04128a3d ALSA: hda - Convert from takslet_hi_schedule() to tasklet_schedule()
Replace all tasklet_hi_schedule() callers with the normal
tasklet_schedule().  The former often causes troubles with
RT-kernels, and has actually no merit.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-12-18 12:17:55 +01:00
Takashi Iwai 219df32fae ALSA: rawmidi - Add open check in rawmidi callbacks
The drivers (e.g. mtpav) may call rawmidi functions in irq handlers
even though the streams are not opened.  This results in Oops or panic.

This patch adds the rawmidi state check before actually operating the
rawmidi buffers.

Tested-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-11-03 08:57:12 +01:00
Takashi Iwai 7eaa943c8e ALSA: Kill snd_assert() in sound/core/*
Kill snd_assert() in sound/core/*, either removed or replaced with
if () with snd_BUG_ON().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-08-13 11:46:35 +02:00
Takashi Iwai 399ccdc1cd ALSA: fix locking in snd_pcm_open*() and snd_rawmidi_open*()
The PCM and rawmidi open callbacks have a lock against card->controls_list
but it takes a wrong one, card->controls_rwsem, instead of a right one
card->ctl_files_rwlock.  This patch fixes them.

This change also fixes automatically the potential deadlocks due to
mm->mmap_sem in munmap and copy_from/to_user, reported by Sitsofe
Wheeler:

  A: snd_ctl_elem_user_tlv(): card->controls_rwsem => mm->mmap_sem
  B: snd_pcm_open(): card->open_mutex => card->controls_rwsem
  C: munmap: mm->mmap_sem => snd_pcm_release(): card->open_mutex

The patch breaks the chain.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-09-25 14:51:03 +02:00
Marcin Ślusarz 17596a80d3 [ALSA] rawmidi: let sparse know what is going on _for real_
snd_rawmidi_kernel_read1/write1 weren't annotated but used
copy_to_user/copy_from_user when one of parameters (kernel) was equal to 0
remove it and add properly annotated parameter

Signed-off-by: Marcin Ślusarz <marcin.slusarz@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-01-31 17:29:49 +01:00
Takashi Iwai 9004acc70e [ALSA] Remove sound/driver.h
This header file exists only for some hacks to adapt alsa-driver
tree.  It's useless for building in the kernel.  Let's move a few
lines in it to sound/core.h and remove it.
With this patch, sound/driver.h isn't removed but has just a single
compile warning to include it.  This should be really killed in
future.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-01-31 17:29:48 +01:00
Jaroslav Kysela c1017a4cdb [ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.cz
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-10-16 16:51:18 +02:00
Jesper Juhl 25765c4e5d [ALSA] Clean up duplicate includes in sound/core/
This patch cleans up duplicate includes in
	sound/core/

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-10-16 15:03:19 +02:00
Randy Dunlap e63340ae6b header cleaning: don't include smp_lock.h when not used
Remove includes of <linux/smp_lock.h> where it is not used/needed.
Suggested by Al Viro.

Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:07 -07:00
Arjan van de Ven 9c2e08c592 [PATCH] mark struct file_operations const 9
Many struct file_operations in the kernel can be "const".  Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data.  In addition it'll catch accidental writes at compile time to
these shared resources.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 09:48:46 -08:00
Johannes Berg 9244b2c307 [ALSA] alsa core: convert to list_for_each_entry*
This patch converts most uses of list_for_each to list_for_each_entry all
across alsa. In some place apparently an item can be on a list with
different pointers so of course that isn't compatible with list_for_each, I
therefore didn't touch those places.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-02-09 09:00:10 +01:00
Akinobu Mita c13893d7be [ALSA] sound: initialize rawmidi substream list
If snd_rawmidi_new() failed to allocate substreams for input
(snd_rawmidi_alloc_substreams() failed to populate a
&rmidi->streams[SNDRV_RAWMIDI_STREAM_INPUT]), it will try to
free rawmidi instance by snd_rawmidi_free().
But it will cause oops because snd_rawmidi_free() tries to free
both of substreams list but list for output
(&rmidi->streams[SNDRV_RAWMIDI_STREAM_OUTPUT]) is not initialized yet.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-12-20 08:55:59 +01:00
Takashi Iwai 2529bba760 [ALSA] Fix substream selection in PCM and rawmidi
The PCM and rawmidi substreams can be selected explicitly by opening
control handle and set via *_PREFER_SUBDEVICE ioctl.  But, when
multiple controls are opened, the driver gets confused.
The patch fixes the initialization of prefer_*_subdevice and the
check of multiple controls.  The first set subdevice is picked up
as the valid one.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:39:59 +02:00
Takashi Iwai c461482c80 [ALSA] Unregister device files at disconnection
Orignally proposed by Sam Revitch <sam.revitch@gmail.com>.
Unregister device files at disconnection to avoid the futher accesses.
Also, the dev_unregister callback is removed and replaced with the
combination of disconnect + free.
A new function snd_card_free_when_closed() is introduced, which is
used in USB disconnect callback.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:36:58 +02:00
Takashi Iwai 746d4a02e6 [ALSA] Fix disconnection of proc interface
- Add the linked list to each proc entry to enable a single-shot
  disconnection (unregister)
- Deprecate snd_info_unregister(), use snd_info_free_entry()
- Removed NULL checks of snd_info_free_entry()

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:36:48 +02:00
Takashi Iwai 6581f4e74d [ALSA] Remove zero-initialization of static variables
Removed zero-initializations of static variables.
A tiny optimization.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-06-22 21:33:45 +02:00
Takashi Iwai bf850204a7 [ALSA] Remove unneeded read/write_size fields in proc text ops
Remove unneeded read/write_size fields in proc text ops.
snd_info_set_text_ops() is fixed, too.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-06-22 21:33:09 +02:00