| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Change-Id: Ie3dcdee7da8ad292712814e8402c571a717ab8d1
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
The stack object “r1” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Change-Id: I5ece63432f6ca6251fa31c046c211c8c03313a59
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
The stack object “tread” has a total size of 32 bytes. Its field
“event” and “val” both contain 4 bytes padding. These 8 bytes
padding bytes are sent to user without being initialized.
Change-Id: Ibf2868136a538eed0f2e75395a5f14a8608dd86d
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A slave timer instance might be still accessible in a racy way while
operating the master instance as it lacks of locking. Since the
master operation is mostly protected with timer->lock, we should cope
with it while changing the slave instance, too. Also, some linked
lists (active_list and ack_list) of slave instances aren't unlinked
immediately at stopping or closing, and this may lead to unexpected
accesses.
This patch tries to address these issues. It adds spin lock of
timer->lock (either from master or slave, which is equivalent) in a
few places. For avoiding a deadlock, we ensure that the global
slave_active_lock is always locked at first before each timer lock.
Also, ack and active_list of slave instances are properly unlinked at
snd_timer_stop() and snd_timer_close().
Last but not least, remove the superfluous call of _snd_timer_stop()
at removing slave links. This is a noop, and calling it may confuse
readers wrt locking. Further cleanup will follow in a later patch.
Actually we've got reports of use-after-free by syzkaller fuzzer, and
this hopefully fixes these issues.
Change-Id: I572878b909dda522dbedc84633414185802bc974
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ALSA timer ioctls have an open race and this may lead to a
use-after-free of timer instance object. A simplistic fix is to make
each ioctl exclusive. We have already tread_sem for controlling the
tread, and extend this as a global mutex to be applied to each ioctl.
The downside is, of course, the worse concurrency. But these ioctls
aren't to be parallel accessible, in anyway, so it should be fine to
serialize there.
Change-Id: Iaa21b00f62e02cc58e346a29846e0fce6536e860
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ALSA timer instance object has a couple of linked lists and they are
unlinked unconditionally at snd_timer_stop(). Meanwhile
snd_timer_interrupt() unlinks it, but it calls list_del() which leaves
the element list itself unchanged. This ends up with unlinking twice,
and it was caught by syzkaller fuzzer.
The fix is to use list_del_init() variant properly there, too.
Change-Id: I95e2ab06180dfe43fb6b7c2875a866b53ca245ce
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 0584ffa548b6e59aceb027112f23a55f0133400e upstream.
A slave-timer instance has no timer reference, and this results in
NULL-dereference at stopping the timer, typically called at closing
the device.
Reference: https://bugzilla.kernel.org/show_bug.cgi?id=40682
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
|
| |
|
|
|
|
|
| |
Merge list_del() + list_add_tail() to list_move_tail().
Signed-off-by: Nicolas Kaiser <nikai@nikai.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If CONFIG_SND_DYNAMIC_MINORS is used, assign /dev/snd/seq and
/dev/snd/timer the usual static minors, and export specific
module aliases to generate udev module on-demand loading
instructions:
$ cat /lib/modules/2.6.33.4-smp/modules.devname
# Device nodes to trigger on-demand module loading.
microcode cpu/microcode c10:184
fuse fuse c10:229
ppp_generic ppp c108:0
tun net/tun c10:200
uinput uinput c10:223
dm_mod mapper/control c10:236
snd_timer snd/timer c116:33
snd_seq snd/seq c116:1
The last two lines instruct udev to create device nodes, even
when the modules are not loaded at that time.
As soon as userspace accesses any of these nodes, the in-kernel
module-loader will load the module, and the device can be used.
The header file minor calculation needed to be simplified to
make __stringify() (supports only two indirections) in
the MODULE_ALIAS macro work.
This is part of systemd's effort to get rid of unconditional
module load instructions and needless init scripts.
Cc: Lennart Poettering <lennart@poettering.net>
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Increase the default timer limit so that snd-hrtimer.ko can be
automatically loaded when needed, e.g., when used as the default
sequencer timer. This replaces the check for the obsolete
CONFIG_SND_HPET.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Set no_llseek to llseek file ops of each sound component (but for hwdep).
This avoids the implicit BKL invocation via generic_file_llseek() used
as default when fops.llseek is NULL.
Also call nonseekable_open() at each open ops to ensure the file flags
have no seek bit.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should disable irqs when we take the tu->qlock because it is used in
the irq handler. The only place that doesn't is
snd_timer_user_ccallback(). Most of the time snd_timer_user_ccallback()
is called with interrupts disabled but the the first ti->ccallback()
call in snd_timer_notify1() has interrupts enabled.
This was caught by lockdep which generates the following message:
> =================================
> [ INFO: inconsistent lock state ]
> 2.6.34-rc5 #5
> ---------------------------------
> inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
> dolphin/4003 [HC1[1]:SC0[0]:HE0:SE1] takes:
> (&(&tu->qlock)->rlock){?.+...}, at: [<f84ec472>] snd_timer_user_tinterrupt+0x28/0x132 [snd_timer]
> {HARDIRQ-ON-W} state was registered at:
> [<c1048de9>] __lock_acquire+0x654/0x1482
> [<c1049c73>] lock_acquire+0x5c/0x73
> [<c125ac3e>] _raw_spin_lock+0x25/0x34
> [<f84ec370>] snd_timer_user_ccallback+0x55/0x95 [snd_timer]
> [<f84ecc4b>] snd_timer_notify1+0x53/0xca [snd_timer]
Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
| |
Do not use hardcoded SNDRV_TIMER_EVENT_START value.
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
| |
Remove open-coded memdup_user().
Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most fasync implementations do something like:
return fasync_helper(...);
But fasync_helper() will return a positive value at times - a feature used
in at least one place. Thus, a number of other drivers do:
err = fasync_helper(...);
if (err < 0)
return err;
return 0;
In the interests of consistency and more concise code, it makes sense to
map positive return values onto zero where ->fasync() is called.
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
|
| |
|
|
|
|
|
|
| |
Replace all tasklet_hi_schedule() callers with the normal
tasklet_schedule(). The former often causes troubles with
RT-kernels, and has actually no merit.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As it is, all instances of ->release() for files that have ->fasync()
need to remember to evict file from fasync lists; forgetting that
creates a hole and we actually have a bunch that *does* forget.
So let's keep our lives simple - let __fput() check FASYNC in
file->f_flags and call ->fasync() there if it's been set. And lose that
crap in ->release() instances - leaving it there is still valid, but we
don't have to bother anymore.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
| |
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
|
|
|
|
| |
Kill snd_assert() in sound/core/*, either removed or replaced with
if () with snd_BUG_ON().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
|
|
|
|
|
|
| |
A bunch of things in alsa depend on CONFIG_KMOD,
use CONFIG_MODULES instead where the dependency
is needed at all.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sound drivers and the pnpbios core test for current->root != NULL. This
test seems to be unnecessary since we always have rootfs mounted before
initializing the drivers.
Signed-off-by: Jan Blunck <jblunck@suse.de>
Acked-by: Christoph Hellwig <hch@lst.de>
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Cc: Jaroslav Kysela <perex@suse.cz>
Acked-by: Takashi Iwai <tiwai@suse.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This header file exists only for some hacks to adapt alsa-driver
tree. It's useless for building in the kernel. Let's move a few
lines in it to sound/core.h and remove it.
With this patch, sound/driver.h isn't removed but has just a single
compile warning to include it. This should be really killed in
future.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
|
|
|
|
|
| |
We need an accurate and continuous (monotonic) time sources to do
accurate synchronization among more timing sources. This patch allows
to enable monotonic timestamps for ALSA PCM devices and enables monotonic
timestamps for ALSA timer devices.
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
| |
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
| |
|
|
|
|
|
|
|
| |
Convert the snd_assert()s to simple if()s to prevent crashes when one of
the timer instance ioctls is called before the file is bound to a timer
device.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove includes of <linux/smp_lock.h> where it is not used/needed.
Suggested by Al Viro.
Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Many struct file_operations in the kernel can be "const". Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data. In addition it'll catch accidental writes at compile time to
these shared resources.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
| |
Remove the final useless reference to the obsolete KERNELD feature.
Signed-off-by: Robert P. J. Day <rpjday@mindspring.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch converts most uses of list_for_each to list_for_each_entry all
across alsa. In some place apparently an item can be on a list with
different pointers so of course that isn't compatible with list_for_each, I
therefore didn't touch those places.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
| |
Remove the snd_timer_system_private structure's timer field that was never used.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
| |
When checking whether a hardware timer needs to be rescheduled, we have
to compare against the previously scheduled interval and not against the
actual interval between the last two interrupts.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
| |
Do not retain the old correction value when the timer was stopped.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
| |
When multiple timer interrupts arrive too late, correct for all delays
instead of ignoring the earlier ones.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
|
| |
Fix the adjustment of the lost ticks correction variable in the case
when the correction has been fully taken into account in the next timer
expiration value. Subtracting the scheduled ticks value would result in
an underflow.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Orignally proposed by Sam Revitch <sam.revitch@gmail.com>.
Unregister device files at disconnection to avoid the futher accesses.
Also, the dev_unregister callback is removed and replaced with the
combination of disconnect + free.
A new function snd_card_free_when_closed() is introduced, which is
used in USB disconnect callback.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
|
|
| |
- Add the linked list to each proc entry to enable a single-shot
disconnection (unregister)
- Deprecate snd_info_unregister(), use snd_info_free_entry()
- Removed NULL checks of snd_info_free_entry()
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
|
| |
Fix a occasional deadlock occuring with snd-rtctimer driver,
added irqsave to the lock in tasklet (ALSA bug#952).
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
| |
|
|
|
|
|
| |
Removed zero-initializations of static variables.
A tiny optimization.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
| |
Fix a compile warning in timer.c due to unused variables.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
| |
Don't lock during showing proc read. snd_iprintf() might sleep.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
| |
Remove unneeded read/write_size fields in proc text ops.
snd_info_set_text_ops() is fixed, too.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
Semaphore to mutex conversion.
The conversion was generated via scripts, and the result was validated
automatically via a script as well.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
| |
Modules: HWDEP Midlevel,ALSA Core,PCM Midlevel,Timer Midlevel
Optimize the code when compiled without CONFIG_PROC_FS.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of storing the pointers to the device-specific structures in an
array, put them into the struct snd_minor, and look them up dynamically.
This makes the device type modules independent of the minor number
encoding.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
| |
|
|
|
|
|
|
|
|
| |
Instead of a comment string, store the device type in the snd_minor
structure. This makes snd_minor more flexible, and has the nice side
effect that we don't need anymore to create a separate snd_minor
template for registering a device but can pass the file_operations
directly to snd_register_device().
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
| |
|
|
|
|
| |
Fix possible races in timer callbacks.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
| |
Add error messages in the critial error path to be more verbose.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
| |
Modules: RTC timer driver,Timer Midlevel
Remove xxx_t typedefs from the core timer.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
| |
|
|
|
|
|
|
|
| |
Modules: Timer Midlevel
Split or rewrite lines that are longer than 80 characters, and remove
whitespaces at the end of lines.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
