Commit Graph

1926 Commits

Author SHA1 Message Date
Linus Torvalds
b9b4c79e58 sound fixes for 5.18-rc3
This became an unexpectedly large pull request due to various
 regression fixes in the previous kernels.
 
 The majority of fixes are a series of patches to address the
 regression at probe errors in devres'ed drivers, while there are
 yet more fixes for the x86 SG allocations and for USB-audio
 buffer management.  In addition, a few HD-audio quirks and other
 small fixes are found.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmJWp0oOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE8uUxAAozqgnJSXJPj/ADhgdkYEWEQQlz2nMomQFZmN
 QSvh+gHmPD5HATrwwGFcVpmmwXHiZdG3pzh+gJPseaNNastO6jiSuRAeEFuX/h/a
 Mw8mdvT1git7rHBliRUAIZnbIV7e1NKVOXdujTPF7FLt2OlcoALpCeygGh6zTTEp
 0UmRUYrHhtZbXzkXszaq6SEhLjGG8Maa1AiaOo2ltl4O9fTfrFvGiOP3usxEY4xx
 aTAtF+fmY24UEmD6/44L3LuQ568cDf+XXDCgStOOCM9jlz3Q5ptTCcmv6pj5KaM3
 zGG4gmjialzG+QS8qySvo4BU3sYWASwUklw/Yyyx8tFcnLG7q2nWjswQA9g8X19h
 MyZXwgh9iKKfF3XQRETcQupsOAFnzpUJj1ZQzxG2fwj/ohFdbKQ2Z/OO9f8eCvbo
 IEQrQwBgGS6eHetUDOCdC357XwzDlRFafx0W6o5cm+XdxcXzMIDcJZbyKoEwvzr3
 tozNc8L9AUYdDqZ8dKiNMOrDy7OHGTN/VU+pV1xVBF7R7/5DKvbnF4s+mAg25uXF
 1/V+z9zDciDBXSuiuSzsfz/MbHUPlMn+c8qKwHfUiw5sLX2AKXGwgmkhr3ly1ga0
 /4YZfrQgTVFrzQITfMxxn8MGG5QOy42g4uKmTnEUeH2ucJ9uY5hE8FUDH3jOeC/V
 tJB+f4Y=
 =NERK
 -----END PGP SIGNATURE-----

Merge tag 'sound-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This became an unexpectedly large pull request due to various
  regression fixes in the previous kernels.

  The majority of fixes are a series of patches to address the
  regression at probe errors in devres'ed drivers, while there are yet
  more fixes for the x86 SG allocations and for USB-audio buffer
  management. In addition, a few HD-audio quirks and other small fixes
  are found"

* tag 'sound-5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (52 commits)
  ALSA: usb-audio: Limit max buffer and period sizes per time
  ALSA: memalloc: Add fallback SG-buffer allocations for x86
  ALSA: nm256: Don't call card private_free at probe error path
  ALSA: mtpav: Don't call card private_free at probe error path
  ALSA: rme9652: Fix the missing snd_card_free() call at probe error
  ALSA: hdspm: Fix the missing snd_card_free() call at probe error
  ALSA: hdsp: Fix the missing snd_card_free() call at probe error
  ALSA: oxygen: Fix the missing snd_card_free() call at probe error
  ALSA: lx6464es: Fix the missing snd_card_free() call at probe error
  ALSA: cmipci: Fix the missing snd_card_free() call at probe error
  ALSA: aw2: Fix the missing snd_card_free() call at probe error
  ALSA: als300: Fix the missing snd_card_free() call at probe error
  ALSA: lola: Fix the missing snd_card_free() call at probe error
  ALSA: bt87x: Fix the missing snd_card_free() call at probe error
  ALSA: sis7019: Fix the missing error handling
  ALSA: intel_hdmi: Fix the missing snd_card_free() call at probe error
  ALSA: via82xx: Fix the missing snd_card_free() call at probe error
  ALSA: sonicvibes: Fix the missing snd_card_free() call at probe error
  ALSA: rme96: Fix the missing snd_card_free() call at probe error
  ALSA: rme32: Fix the missing snd_card_free() call at probe error
  ...
2022-04-14 11:08:12 -07:00
Takashi Iwai
925ca893b4 ALSA: memalloc: Add fallback SG-buffer allocations for x86
The recent change for memory allocator replaced the SG-buffer handling
helper for x86 with the standard non-contiguous page handler.  This
works for most cases, but there is a corner case I obviously
overlooked, namely, the fallback of non-contiguous handler without
IOMMU.  When the system runs without IOMMU, the core handler tries to
use the continuous pages with a single SGL entry.  It works nicely for
most cases, but when the system memory gets fragmented, the large
allocation may fail frequently.

Ideally the non-contig handler could deal with the proper SG pages,
it's cumbersome to extend for now.  As a workaround, here we add new
types for (minimalistic) SG allocations, instead, so that the
allocator falls back to those types automatically when the allocation
with the standard API failed.

BTW, one better (but pretty minor) improvement from the previous
SG-buffer code is that this provides the proper mmap support without
the PCM's page fault handling.

Fixes: 2c95b92ecd ("ALSA: memalloc: Unify x86 SG-buffer handling (take#3)")
BugLink: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/2272
BugLink: https://bugzilla.suse.com/show_bug.cgi?id=1198248
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220413054808.7547-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-04-13 07:48:53 +02:00
Takashi Iwai
fee2b871d8 ALSA: core: Add snd_card_free_on_error() helper
This is a small helper function to handle the error path more easily
when an error happens during the probe for the device with the
device-managed card.  Since devres releases in the reverser order of
the creations, usually snd_card_free() gets called at the last in the
probe error path unless it already reached snd_card_register() calls.
Due to this nature, when a driver expects the resource releases in
card->private_free, this might be called too lately.

As a workaround, one should call the probe like:

 static int __some_probe(...) { // do real probe.... }

 static int some_probe(...)
 {
	return snd_card_free_on_error(dev, __some_probe(dev, ...));
 }

so that the snd_card_free() is called explicitly at the beginning of
the error path from the probe.

This function will be used in the upcoming fixes to address the
regressions by devres usages.

Fixes: e8ad415b7a ("ALSA: core: Add managed card creation")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220412093141.8008-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-04-12 11:47:57 +02:00
Fabio M. De Francesco
2f7a26abb8 ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
Syzbot reports "KASAN: null-ptr-deref Write in
snd_pcm_format_set_silence".[1]

It is due to missing validation of the "silence" field of struct
"pcm_format_data" in "pcm_formats" array.

Add a test for valid "pat" and, if it is not so, return -EINVAL.

[1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/

Reported-and-tested-by: syzbot+205eb15961852c2c5974@syzkaller.appspotmail.com
Signed-off-by: Fabio M. De Francesco <fmdefrancesco@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220409012655.9399-1-fmdefrancesco@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-04-11 09:27:56 +02:00
Linus Torvalds
d0d642a5d3 sound fixes for 5.18-rc1
Just a few fixes that have been gathered since the previous PR.
 
 - An additional fix for potential PCM deadlocks
 - A series of HD-audio CS8409 codec patches for new models
 - Other device specific fixes for HD-audio, ASoC mediatek, Intel,
   fsl, rockchip
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmJGwsoOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE9u5Q//UMFiJK2YUBEqMotanbxXH2oDySxnlEKpz4k+
 AdZKWscl/b0mmD/UfkoqDCi69G/g+STt6Ois71KsZt0DMvOxKF0ok0xkR9XF3HX/
 vOzx+PWorAljYS9LaSH3gF2lLza35fKCY3Xk4yi2T5blfPb2i60zenhhbpors21k
 4Kp9Jy98EipCYh7st3HTw9h8tlscOECeYxYyj/EY/Jte6ZrW4FsPeD8lFDEtuj8z
 IIwp3SlMPha4rnB///x9F1wTslQF/e64Ao7AVPLNPZ53DKWQ5QwIt5NzIKgT9haC
 Ddd2nJTLoEKJIlfJ2RZwbkEuHvNX2az+pA5iz1la/lv9bp+SShEoV+QsZjE7mIME
 siAGWr8v7dHWHrVE2Tc4Ob1QIY1ByEFgJRWS6weSpzUUIJ9rP+0s5JngNZfbvyJ1
 Za6wAArVMHkKn2sDd/Z/41BrPZtihHJzWCZzG14rzlvg6huvNVXJ701QSWw3Ji5H
 ybh+CTLOSJInKqtoQT7szZQ1RonOpRsQKQbkcgzeD+XSvSVn8E5wjQ/OhIPSbX6G
 pzOMbSEPxiyZTGrcyls/WUNu6j4HRGrbDrl0Y1Vn2i8izXW0Nw6XNwAmyOXyr7yT
 fcpkGnQEO5AgLD7ZxkQypChj0P431siocO4hSalDfT0HODIZ95Hw+ITFR6/U11bn
 0Bp37b8=
 =MFKn
 -----END PGP SIGNATURE-----

Merge tag 'sound-fix-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Just a few fixes that have been gathered since the previous pull:

   - An additional fix for potential PCM deadlocks

   - A series of HD-audio CS8409 codec patches for new models

   - Other device specific fixes for HD-audio, ASoC mediatek, Intel,
     fsl, rockchip"

* tag 'sound-fix-5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
  ALSA: hda: Avoid unsol event during RPM suspending
  ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
  ALSA: hda/cs8409: Add new Dolphin HW variants
  ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg
  ALSA: hda/cs8409: Support new Warlock MLK Variants
  ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants
  ALSA: hda/cs8409: Re-order quirk table into ascending order
  ALSA: hda/cs8409: Fix Warlock to use mono mic configuration
  ALSA: cs4236: fix an incorrect NULL check on list iterator
  ALSA: hda/realtek: Enable headset mic on Lenovo P360
  ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV
  ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9
  ASoC: rockchip: i2s_tdm: Fixup config for SND_SOC_DAIFMT_DSP_A/B
  ASoC: fsl-asoc-card: Fix jack_event() always return 0
  ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs
2022-04-01 10:32:46 -07:00
Takashi Iwai
bc55cfd571 ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
syzbot caught a potential deadlock between the PCM
runtime->buffer_mutex and the mm->mmap_lock.  It was brought by the
recent fix to cover the racy read/write and other ioctls, and in that
commit, I overlooked a (hopefully only) corner case that may take the
revert lock, namely, the OSS mmap.  The OSS mmap operation
exceptionally allows to re-configure the parameters inside the OSS
mmap syscall, where mm->mmap_mutex is already held.  Meanwhile, the
copy_from/to_user calls at read/write operations also take the
mm->mmap_lock internally, hence it may lead to a AB/BA deadlock.

A similar problem was already seen in the past and we fixed it with a
refcount (in commit b248371628).  The former fix covered only the
call paths with OSS read/write and OSS ioctls, while we need to cover
the concurrent access via both ALSA and OSS APIs now.

This patch addresses the problem above by replacing the buffer_mutex
lock in the read/write operations with a refcount similar as we've
used for OSS.  The new field, runtime->buffer_accessing, keeps the
number of concurrent read/write operations.  Unlike the former
buffer_mutex protection, this protects only around the
copy_from/to_user() calls; the other codes are basically protected by
the PCM stream lock.  The refcount can be a negative, meaning blocked
by the ioctls.  If a negative value is seen, the read/write aborts
with -EBUSY.  In the ioctl side, OTOH, they check this refcount, too,
and set to a negative value for blocking unless it's already being
accessed.

Reported-by: syzbot+6e5c88838328e99c7e1c@syzkaller.appspotmail.com
Fixes: dca947d4d2 ("ALSA: pcm: Fix races among concurrent read/write and buffer changes")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000381a0d05db622a81@google.com
Link: https://lore.kernel.org/r/20220330120903.4738-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-30 14:29:49 +02:00
Linus Torvalds
7001052160 Add support for Intel CET-IBT, available since Tigerlake (11th gen), which is a
coarse grained, hardware based, forward edge Control-Flow-Integrity mechanism
 where any indirect CALL/JMP must target an ENDBR instruction or suffer #CP.
 
 Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation is
 limited to 2 instructions (and typically fewer) on branch targets not starting
 with ENDBR. CET-IBT also limits speculation of the next sequential instruction
 after the indirect CALL/JMP [1].
 
 CET-IBT is fundamentally incompatible with retpolines, but provides, as
 described above, speculation limits itself.
 
 [1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html
 -----BEGIN PGP SIGNATURE-----
 
 iQJJBAABCgAzFiEEv3OU3/byMaA0LqWJdkfhpEvA5LoFAmI/LI8VHHBldGVyekBp
 bmZyYWRlYWQub3JnAAoJEHZH4aRLwOS6ZnkP/2QCgQLTu6oRxv9O020CHwlaSEeD
 1Hoy3loum5q5hAi1Ik3dR9p0H5u64c9qbrBVxaFoNKaLt5GKrtHaDSHNk2L/CFHX
 urpH65uvTLxbyZzcahkAahoJ71XU+m7PcrHLWMunw9sy10rExYVsUOlFyoyG6XCF
 BDCNZpdkC09ZM3vwlWGMZd5Pp+6HcZNPyoV9tpvWAS2l+WYFWAID7mflbpQ+tA8b
 y/hM6b3Ud0rT2ubuG1iUpopgNdwqQZ+HisMPGprh+wKZkYwS2l8pUTrz0MaBkFde
 go7fW16kFy2HQzGm6aIEBmfcg0palP/mFVaWP0zS62LwhJSWTn5G6xWBr3yxSsht
 9gWCiI0oDZuTg698MedWmomdG2SK6yAuZuqmdKtLLoWfWgviPEi7TDFG/cKtZdAW
 ag8GM8T4iyYZzpCEcWO9GWbjo6TTGq30JBQefCBG47GjD0csv2ubXXx0Iey+jOwT
 x3E8wnv9dl8V9FSd/tMpTFmje8ges23yGrWtNpb5BRBuWTeuGiBPZED2BNyyIf+T
 dmewi2ufNMONgyNp27bDKopY81CPAQq9cVxqNm9Cg3eWPFnpOq2KGYEvisZ/rpEL
 EjMQeUBsy/C3AUFAleu1vwNnkwP/7JfKYpN00gnSyeQNZpqwxXBCKnHNgOMTXyJz
 beB/7u2KIUbKEkSN
 =jZfK
 -----END PGP SIGNATURE-----

Merge tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 CET-IBT (Control-Flow-Integrity) support from Peter Zijlstra:
 "Add support for Intel CET-IBT, available since Tigerlake (11th gen),
  which is a coarse grained, hardware based, forward edge
  Control-Flow-Integrity mechanism where any indirect CALL/JMP must
  target an ENDBR instruction or suffer #CP.

  Additionally, since Alderlake (12th gen)/Sapphire-Rapids, speculation
  is limited to 2 instructions (and typically fewer) on branch targets
  not starting with ENDBR. CET-IBT also limits speculation of the next
  sequential instruction after the indirect CALL/JMP [1].

  CET-IBT is fundamentally incompatible with retpolines, but provides,
  as described above, speculation limits itself"

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html

* tag 'x86_core_for_5.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (53 commits)
  kvm/emulate: Fix SETcc emulation for ENDBR
  x86/Kconfig: Only allow CONFIG_X86_KERNEL_IBT with ld.lld >= 14.0.0
  x86/Kconfig: Only enable CONFIG_CC_HAS_IBT for clang >= 14.0.0
  kbuild: Fixup the IBT kbuild changes
  x86/Kconfig: Do not allow CONFIG_X86_X32_ABI=y with llvm-objcopy
  x86: Remove toolchain check for X32 ABI capability
  x86/alternative: Use .ibt_endbr_seal to seal indirect calls
  objtool: Find unused ENDBR instructions
  objtool: Validate IBT assumptions
  objtool: Add IBT/ENDBR decoding
  objtool: Read the NOENDBR annotation
  x86: Annotate idtentry_df()
  x86,objtool: Move the ASM_REACHABLE annotation to objtool.h
  x86: Annotate call_on_stack()
  objtool: Rework ASM_REACHABLE
  x86: Mark __invalid_creds() __noreturn
  exit: Mark do_group_exit() __noreturn
  x86: Mark stop_this_cpu() __noreturn
  objtool: Ignore extra-symbol code
  objtool: Rename --duplicate to --lto
  ...
2022-03-27 10:17:23 -07:00
Takashi Iwai
1f68915b2e ALSA: pcm: Add stream lock during PCM reset ioctl operations
snd_pcm_reset() is a non-atomic operation, and it's allowed to run
during the PCM stream running.  It implies that the manipulation of
hw_ptr and other parameters might be racy.

This patch adds the PCM stream lock at appropriate places in
snd_pcm_*_reset() actions for covering that.

Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322171325.4355-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-22 20:57:15 +01:00
Takashi Iwai
69534c48ba ALSA: pcm: Fix races among concurrent prealloc proc writes
We have no protection against concurrent PCM buffer preallocation
changes via proc files, and it may potentially lead to UAF or some
weird problem.  This patch applies the PCM open_mutex to the proc
write operation for avoiding the racy proc writes and the PCM stream
open (and further operations).

Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-5-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-22 20:56:58 +01:00
Takashi Iwai
3c3201f8c7 ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
Like the previous fixes to hw_params and hw_free ioctl races, we need
to paper over the concurrent prepare ioctl calls against hw_params and
hw_free, too.

This patch implements the locking with the existing
runtime->buffer_mutex for prepare ioctls.  Unlike the previous case
for snd_pcm_hw_hw_params() and snd_pcm_hw_free(), snd_pcm_prepare() is
performed to the linked streams, hence the lock can't be applied
simply on the top.  For tracking the lock in each linked substream, we
modify snd_pcm_action_group() slightly and apply the buffer_mutex for
the case stream_lock=false (formerly there was no lock applied)
there.

Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-22 20:56:42 +01:00
Takashi Iwai
dca947d4d2 ALSA: pcm: Fix races among concurrent read/write and buffer changes
In the current PCM design, the read/write syscalls (as well as the
equivalent ioctls) are allowed before the PCM stream is running, that
is, at PCM PREPARED state.  Meanwhile, we also allow to re-issue
hw_params and hw_free ioctl calls at the PREPARED state that may
change or free the buffers, too.  The problem is that there is no
protection against those mix-ups.

This patch applies the previously introduced runtime->buffer_mutex to
the read/write operations so that the concurrent hw_params or hw_free
call can no longer interfere during the operation.  The mutex is
unlocked before scheduling, so we don't take it too long.

Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-22 20:56:27 +01:00
Takashi Iwai
92ee3c60ec ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
Currently we have neither proper check nor protection against the
concurrent calls of PCM hw_params and hw_free ioctls, which may result
in a UAF.  Since the existing PCM stream lock can't be used for
protecting the whole ioctl operations, we need a new mutex to protect
those racy calls.

This patch introduced a new mutex, runtime->buffer_mutex, and applies
it to both hw_params and hw_free ioctl code paths.  Along with it, the
both functions are slightly modified (the mmap_count check is moved
into the state-check block) for code simplicity.

Reported-by: Hu Jiahui <kirin.say@gmail.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220322170720.3529-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-22 20:56:07 +01:00
Takashi Iwai
a6d4b68502 Merge branch 'for-next' into for-linus
Pull 5.18 development branch

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-21 16:18:34 +01:00
Takashi Iwai
8a580a2676 ALSA: oss: Release temporary buffers upon errors
When the parameter changes fails, we don't need to keep the old
temporary buffers.  Release those (and plugin instances) upon errors
for reducing dead memory footprint.  Since we always call it at the
exit of snd_pcm_oss_changes_params_locked(), the explicit calls of
snd_pcm_oss_plugin_clear() can be dropped, too.

Along with it, unify the buffer-free calls to a single helper and call
it from the needed places.

Link: https://lore.kernel.org/r/20220318082157.29769-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-18 14:01:28 +01:00
Takashi Iwai
efb6402c3c ALSA: oss: Fix PCM OSS buffer allocation overflow
We've got syzbot reports hitting INT_MAX overflow at vmalloc()
allocation that is called from snd_pcm_plug_alloc().  Although we
apply the restrictions to input parameters, it's based only on the
hw_params of the underlying PCM device.  Since the PCM OSS layer
allocates a temporary buffer for the data conversion, the size may
become unexpectedly large when more channels or higher rates is given;
in the reported case, it went over INT_MAX, hence it hits WARN_ON().

This patch is an attempt to avoid such an overflow and an allocation
for too large buffers.  First off, it adds the limit of 1MB as the
upper bound for period bytes.  This must be large enough for all use
cases, and we really don't want to handle a larger temporary buffer
than this size.  The size check is performed at two places, where the
original period bytes is calculated and where the plugin buffer size
is calculated.

In addition, the driver uses array_size() and array3_size() for
multiplications to catch overflows for the converted period size and
buffer bytes.

Reported-by: syzbot+72732c532ac1454eeee9@syzkaller.appspotmail.com
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/00000000000085b1b305da5a66f3@google.com
Link: https://lore.kernel.org/r/20220318082036.29699-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-18 14:01:07 +01:00
Elijah Harding
a893b7fc7b ALSA: core: Fix typo in 'PCM Timer Interface' help
Signed-off-by: Elijah Harding <eharding830@gmail.com>
Link: https://lore.kernel.org/r/20220318015201.30871-1-eharding830@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-18 09:19:37 +01:00
Masahiro Yamada
83a44a4f47 x86: Remove toolchain check for X32 ABI capability
Commit 0bf6276392 ("x32: Warn and disable rather than error if
binutils too old") added a small test in arch/x86/Makefile because
binutils 2.22 or newer is needed to properly support elf32-x86-64. This
check is no longer necessary, as the minimum supported version of
binutils is 2.23, which is enforced at configuration time with
scripts/min-tool-version.sh.

Remove this check and replace all uses of CONFIG_X86_X32 with
CONFIG_X86_X32_ABI, as two symbols are no longer necessary.

[nathan: Rebase, fix up a few places where CONFIG_X86_X32 was still
         used, and simplify commit message to satisfy -tip requirements]

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://lore.kernel.org/r/20220314194842.3452-2-nathan@kernel.org
2022-03-15 10:32:48 +01:00
Julia Lawall
b62c563f1c ALSA: seq: oss: fix typo
Fix typo in "announcement".

Reported-by: Joe Perches <joe@perches.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Link: https://lore.kernel.org/r/20220313085635.102123-1-Julia.Lawall@inria.fr
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-14 07:51:22 +01:00
Julia Lawall
3baa40d4fd ALSA: seq: oss: use kzalloc
Use kzalloc instead of kmalloc + memset.

The semantic patch that makes this change is:
(https://coccinelle.gitlabpages.inria.fr/website/)

//<smpl>
@@
expression res, size, flag;
@@
- res = kmalloc(size, flag);
+ res = kzalloc(size, flag);
  ...
- memset(res, 0, size);
//</smpl>

Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>

Link: https://lore.kernel.org/r/20220312102705.71413-4-Julia.Lawall@inria.fr
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-03-13 09:09:37 +01:00
Takashi Iwai
3e16dc50d7 ALSA: memalloc: invalidate SG pages before sync
It seems that calling invalidate_kernel_vmap_range() is more correct
to be called before dma_sync_*(), judging from the other thread:
  https://lore.kernel.org/all/20220111085958.GA22795@lst.de/
Although this won't matter much in practice, let's fix the call order
for consistency.

Fixes: a25684a956 ("ALSA: memalloc: Support for non-contiguous page allocation")
Reported-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220210123344.8756-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-02-10 13:36:53 +01:00
Takashi Iwai
8e1741c658 ALSA: memalloc: Fix dma_need_sync() checks
dma_need_sync() checks each DMA address.  Fix the incorrect usages
for non-contiguous and non-coherent page allocations.
Fortunately, there are no actual call sites that need manual syncs
yet.

Fixes: a25684a956 ("ALSA: memalloc: Support for non-contiguous page allocation")
Fixes: 73325f60e2 ("ALSA: memalloc: Support for non-coherent page allocation")
Cc: <stable@vger.kernel.org>
Reported-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Link: https://lore.kernel.org/r/20220210123344.8756-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-02-10 13:36:39 +01:00
Takashi Iwai
52517d9c0c ASoC: Fixes for v5.17
Quite a few fixes here, including an unusually large set in the core
 spurred on by various testing efforts as well as the usual small driver
 fixes.  There are quite a few fixes for out of bounds writes in both the
 core and the various Qualcomm drivers, plus a couple of fixes for
 locking in the DPCM code.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmH5Vi4ACgkQJNaLcl1U
 h9Ah6gf/SdlpKMKgAYiXAfmhb/88UgWkXWwHYgK+uHQXy3VpiG3zOso2uHQTbZ0X
 +QMZ1LwPbcSsz6Ny/w/kQ4MKeklHou0X6GiQ6PRoDukBPQ6yidivwnVXt35qNBwT
 iYmMuLpWsq0CrbUp9cPX+zurX+jUv/CKuwG1JnHxS2+lQ7UjetUOfKzO80X4zUA5
 tm12soU9PSUcSyBICg5Jn+Tt9ZPccJ4cDPLfdRVkKjwb+6o4CnuM56Jq9UeHY6KT
 SGr8/Jt0I61p8UHPUpqJsj2ItHhy80bNraSaNptQljlIYCPidgFlPKyXxgunm8e5
 Z2PUG2mOIR4pk0cj1SxOXwhH9+d3dQ==
 =UdmQ
 -----END PGP SIGNATURE-----

Merge tag 'asoc-fix-v5.17-rc2' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for v5.17

Quite a few fixes here, including an unusually large set in the core
spurred on by various testing efforts as well as the usual small driver
fixes.  There are quite a few fixes for out of bounds writes in both the
core and the various Qualcomm drivers, plus a couple of fixes for
locking in the DPCM code.
2022-02-01 16:52:54 +01:00
Takashi Iwai
3c75c0ea5d
ASoC: soc-pcm: Fix DPCM lockdep warning due to nested stream locks
The recent change for DPCM locking caused spurious lockdep warnings.
Actually the warnings are false-positive, as those are triggered due
to the nested stream locks for FE and BE.  Since both locks belong to
the same lock class, lockdep sees it as if a deadlock.

For fixing this, we need to take PCM stream locks for BE with the
nested lock primitives.  Since currently snd_pcm_stream_lock*() helper
assumes only the top-level single locking, a new helper function
snd_pcm_stream_lock_irqsave_nested() is defined for a single-depth
nested lock, which is now used in the BE DAI trigger that is always
performed inside a FE stream lock.

Fixes: b2ae806630 ("ASoC: soc-pcm: serialize BE triggers")
Reported-and-tested-by: Hans de Goede <hdegoede@redhat.com>
Reported-and-tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/73018f3c-9769-72ea-0325-b3f8e2381e30@redhat.com
Link: https://lore.kernel.org/alsa-devel/9a0abddd-49e9-872d-2f00-a1697340f786@samsung.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20220119155249.26754-2-tiwai@suse.de
Signed-off-by: Mark Brown <broonie@kernel.org>
2022-01-28 15:59:16 +00:00
Muchun Song
359745d783 proc: remove PDE_DATA() completely
Remove PDE_DATA() completely and replace it with pde_data().

[akpm@linux-foundation.org: fix naming clash in drivers/nubus/proc.c]
[akpm@linux-foundation.org: now fix it properly]

Link: https://lkml.kernel.org/r/20211124081956.87711-2-songmuchun@bytedance.com
Signed-off-by: Muchun Song <songmuchun@bytedance.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexey Gladkov <gladkov.alexey@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-01-22 08:33:37 +02:00
Takashi Iwai
8c0ae778e2 ALSA: core: Simplify snd_power_ref_and_wait() with the standard macro
Use wait_event_cmd() macro and simplify snd_power_ref_wait()
implementation.  This may also cover possible races in the current
open code, too.

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20220119091050.30125-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-01-19 17:26:04 +01:00
Takashi Iwai
5576c4f24c ALSA: core: Fix SSID quirk lookup for subvendor=0
Some weird devices set the codec SSID vendor ID 0, and
snd_pci_quirk_lookup_id() loop aborts at the point although it should
still try matching with the SSID device ID.  This resulted in a
missing quirk for some old Macs.

Fix the loop termination condition to check both subvendor and
subdevice.

Fixes: 73355ddd87 ("ALSA: hda: Code refactoring snd_hda_pick_fixup()")
Cc: <stable@vger.kernel.org>
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=215495
Link: https://lore.kernel.org/r/20220116082838.19382-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-01-17 09:59:32 +01:00
Stefan Sauer
7560ee032b ALSA: seq: virmidi: Add a drain operation
If a driver does not supply a drain operation for outputs, a default code
path will execute msleep(50). Especially for a virtual midi device
this severely limmits the throughput.

This implementation for the virtual midi driver simply flushes the output
workqueue.

Signed-off-by: Stefan Sauer <st_kost@gmx.de>
Link: https://lore.kernel.org/r/20220106124145.17254-1-st_kost@gmx.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-01-06 16:08:07 +01:00
Takashi Iwai
dec36c09a5 ASoC: Updates for v5.17
Not much going on framework release this time, but a big update for
 drivers especially the Intel and SOF ones.
 
  - Refinements and cleanups around the delay() APIs.
  - Wider use of dev_err_probe().
  - Continuing cleanups and improvements to the SOF code.
  - Support for pin switches in simple-card derived cards.
  - Support for AMD Renoir ACP, Asahi Kasei Microdevices AKM4375, Intel
    systems using NAU8825 and MAX98390, Mediatek MT8915, nVidia Tegra20
    S/PDIF, Qualcomm systems using ALC5682I-VS and Texas Instruments
    TLV320ADC3xxx.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmHVprgACgkQJNaLcl1U
 h9CGVQf8DQ0SsUiOKQOdGIcw/Os38EiR/rhGnDH5IxhbqqASrkFMTRe2fED2x2zr
 AifAWehuMuloX/xufAkZPDP6v58mv4ZrXY+NSSFU+IRaeM5TgyxFfOlU/saNaHYC
 zxIldSEopok9Hmpg48mVrWePIJ8qEln6NidS7qpt6ylJ+U9LSt5rVkp6Rj86/va1
 /JCJ8qaN9FRP+mTVWVMcd1lFG4lsZbqlUiipdhNLZT1p2/2mfGxTOhjiYnygG4l0
 PU+lIUFv+fTrjsMm9B9ZRFCZO/K5zop65O+wKyBZYwkH/UXmeGi6f1AvzAWf174z
 5fRIosTgCDWKVIWrFrXYV8Qyp2kAMg==
 =bHj3
 -----END PGP SIGNATURE-----

Merge tag 'asoc-v5.17' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v5.17

Not much going on framework release this time, but a big update for
drivers especially the Intel and SOF ones.

 - Refinements and cleanups around the delay() APIs.
 - Wider use of dev_err_probe().
 - Continuing cleanups and improvements to the SOF code.
 - Support for pin switches in simple-card derived cards.
 - Support for AMD Renoir ACP, Asahi Kasei Microdevices AKM4375, Intel
   systems using NAU8825 and MAX98390, Mediatek MT8915, nVidia Tegra20
   S/PDIF, Qualcomm systems using ALC5682I-VS and Texas Instruments
   TLV320ADC3xxx.
2022-01-05 15:39:24 +01:00
Takashi Iwai
f81483aaeb Merge branch 'for-next' into for-linus
Pull 5.17 materials.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-01-05 15:38:34 +01:00
Jaroslav Kysela
39a8fc4971 ALSA: rawmidi - fix the uninitalized user_pversion
The user_pversion was uninitialized for the user space file structure
in the open function, because the file private structure use
kmalloc for the allocation.

The kernel ALSA sequencer code clears the file structure, so no additional
fixes are required.

Cc: stable@kernel.org
Cc: broonie@kernel.org
BugLink: https://github.com/alsa-project/alsa-lib/issues/178
Fixes: 09d2317440 ("ALSA: rawmidi: introduce SNDRV_RAWMIDI_IOCTL_USER_PVERSION")
Reported-by: syzbot+88412ee8811832b00dbe@syzkaller.appspotmail.com
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20211218123925.2583847-1-perex@perex.cz
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-22 20:18:27 +01:00
Mark Brown
5a49d926da dmaengine_topic_slave_id_removal_5.17
Tag for dmaengine slave_id removal topic branch which should be merged
 into v5.17
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmG8J+UACgkQfBQHDyUj
 g0cmEQ/9H5sOft40t02H4tKkdIm8ZvEL4p58+Dzkv09YR7PjGH9pOWoPikzMozNe
 aQVIoMs+0QAe9HmaHNOqEgXX3yCswm+PTl9KoULOzMZGMIbw9KxeippVvpqybgtH
 flxVPBN/u++WEyPUHRWkr8TCHRzDZjzOQDlHVfOFTl09oNM302Mmz7XasArDwQkI
 X3FIpI4mDsWxXOE2hX+A6zqUTqhakV+KBg7a7/JpPnJ558REsvdOxTTRVyW8dQiW
 O5EXvrCqus6Ahtu+NIJ3wHjEHcn2pUBeuDRGJgo729f9tBa4ERcZIWSoMXPNLqZm
 jbmyoUZIBt6DCTwwd+k35BtreN47dfxY7KIjX3D3qdWDPOBrWsVUIhbEjkzIUqOa
 mnEJf6mdDs9z6qCDTYm+Fly7n0bFaOSs94wLWbccxf5PK1ZnS8yI7XcWrA37WRl/
 5196CvFoMx4n68QJeyv1PdMEzSMb2aubniOohgfMrPE1HxBdRYcikzoNExiwZeGs
 m5oIAQ0bCAu/Jp1c1m/wMN5hE2KSzGQY6L/8h0Jl4ML1jn2x6QGQa6NkHhpVH2AX
 5aNF2tOUFNUN8MxunU7eNTE3icpIwhWnW5emfRwrW7sbhPvssbN+O6Pv30TgjA5e
 gvtytGO8sXFhRFKoVpMEPI/CYyYz8hxGJKLnLFSvcLYkZN9yvig=
 =Mpf8
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmG8cOYACgkQJNaLcl1U
 h9D+Wgf+PdDgmb/kBATZNCfSa13y0A18EVC0ETrCn7EBQt6UbyU5Zx/rVOe8Sjw+
 d/kuqc0WCV3UrSdnZHh1pYpn/eqRh6KJCufMJFQiYAEwjJi5TQ5eYDHf7sd0oEI8
 NOkTJbl26UImAsnsHcC35moHyTH2U8sKoEeva5i/MIXxBpn+3cIWnmjUi7ZUEzLu
 qmZDPEYHVRklcbFEWI7oehb68hJlTHz2PY9ARM+sTUica9owlTiaGRD2WX+Wtc5G
 fx0rWoIiFUGnW2qoRBX7yNOBKvzmT6m+pqPMQ/LAjE1Xa4Cb0e87fm33b1QFhuEk
 CYFHAAzKem/3GskXlR57fY4p8CvJmQ==
 =6fXc
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine_topic_slave_id_removal_5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine into v4_20211204_digetx_support_hdmi_audio_on_nvidia_tegra20

dmaengine_topic_slave_id_removal_5.17

Tag for dmaengine slave_id removal topic branch which should be merged
into v5.17
2021-12-17 11:13:39 +00:00
Arnd Bergmann
bdecfceffe ASoC: dai_dma: remove slave_id field
This field is no longer set from any driver now, so remove the
last references as well.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20211122222203.4103644-3-arnd@kernel.org
Signed-off-by: Vinod Koul <vkoul@kernel.org>
2021-12-17 11:23:56 +05:30
Xiaoke Wang
c01c1db1dc ALSA: jack: Check the return value of kstrdup()
kstrdup() can return NULL, it is better to check the return value of it.

Signed-off-by: Xiaoke Wang <xkernel.wang@foxmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/tencent_094816F3522E0DC704056C789352EBBF0606@qq.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-13 10:38:27 +01:00
Takashi Iwai
6fadb494a6 ALSA: seq: Set upper limit of processed events
Currently ALSA sequencer core tries to process the queued events as
much as possible when they become dispatchable.  If applications try
to queue too massive events to be processed at the very same timing,
the sequencer core would still try to process such all events, either
in the interrupt context or via some notifier; in either away, it
might be a cause of RCU stall or such problems.

As a potential workaround for those problems, this patch adds the
upper limit of the amount of events to be processed.  The remaining
events are processed in the next batch, so they won't be lost.

For the time being, it's limited up to 1000 events per queue, which
should be high enough for any normal usages.

Reported-by: Zqiang <qiang.zhang1211@gmail.com>
Reported-by: syzbot+bb950e68b400ab4f65f8@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20211102033222.3849-1-qiang.zhang1211@gmail.com
Link: https://lore.kernel.org/r/20211207165146.2888-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-07 17:52:28 +01:00
Bernard Zhao
82cd3ba691 ALSA: oss: remove useless NULL check before kfree
Tis patch try to remove useless NULL check before kfree

Signed-off-by: Bernard Zhao <bernard@vivo.com>
Link: https://lore.kernel.org/r/20211206014135.320720-1-bernard@vivo.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-06 10:08:13 +01:00
Alan Young
b6409dd6bd ALSA: ctl: Fix copy of updated id with element read/write
When control_compat.c:copy_ctl_value_to_user() is used, by
ctl_elem_read_user() & ctl_elem_write_user(), it must also copy back the
snd_ctl_elem_id value that may have been updated (filled in) by the call
to snd_ctl_elem_read/snd_ctl_elem_write().

This matches the functionality provided by snd_ctl_elem_read_user() and
snd_ctl_elem_write_user(), via snd_ctl_build_ioff().

Without this, and without making additional calls to snd_ctl_info()
which are unnecessary when using the non-compat calls, a userspace
application will not know the numid value for the element and
consequently will not be able to use the poll/read interface on the
control file to determine which elements have updates.

Signed-off-by: Alan Young <consult.awy@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211202150607.543389-1-consult.awy@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-02 16:41:07 +01:00
Takashi Iwai
6665bb30a6 ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
A couple of calls in snd_pcm_oss_change_params_locked() ignore the
possible errors.  Catch those errors and abort the operation for
avoiding further problems.

Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211201073606.11660-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-02 09:02:22 +01:00
Takashi Iwai
8839c8c0f7 ALSA: pcm: oss: Limit the period size to 16MB
Set the practical limit to the period size (the fragment shift in OSS)
instead of a full 31bit; a too large value could lead to the exhaust
of memory as we allocate temporary buffers of the period size, too.

As of this patch, we set to 16MB limit, which should cover all use
cases.

Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com
Reported-by: Bixuan Cui <cuibixuan@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1638270978-42412-1-git-send-email-cuibixuan@linux.alibaba.com
Link: https://lore.kernel.org/r/20211201073606.11660-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-02 09:01:58 +01:00
Takashi Iwai
9d2479c960 ALSA: pcm: oss: Fix negative period/buffer sizes
The period size calculation in OSS layer may receive a negative value
as an error, but the code there assumes only the positive values and
handle them with size_t.  Due to that, a too big value may be passed
to the lower layers.

This patch changes the code to handle with ssize_t and adds the proper
error checks appropriately.

Reported-by: syzbot+bb348e9f9a954d42746f@syzkaller.appspotmail.com
Reported-by: Bixuan Cui <cuibixuan@linux.alibaba.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1638270978-42412-1-git-send-email-cuibixuan@linux.alibaba.com
Link: https://lore.kernel.org/r/20211201073606.11660-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-02 09:01:46 +01:00
Bixuan Cui
8e7daf318d ALSA: oss: fix compile error when OSS_DEBUG is enabled
Fix compile error when OSS_DEBUG is enabled:
    sound/core/oss/pcm_oss.c: In function 'snd_pcm_oss_set_trigger':
    sound/core/oss/pcm_oss.c:2055:10: error: 'substream' undeclared (first
    use in this function); did you mean 'csubstream'?
      pcm_dbg(substream->pcm, "pcm_oss: trigger = 0x%x\n", trigger);
              ^

Fixes: 61efcee860 ("ALSA: oss: Use standard printk helpers")
Signed-off-by: Bixuan Cui <cuibixuan@linux.alibaba.com>
Link: https://lore.kernel.org/r/1638349134-110369-1-git-send-email-cuibixuan@linux.alibaba.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-12-01 10:31:04 +01:00
Pierre-Louis Bossart
b456abe63f
ALSA: pcm: introduce INFO_NO_REWINDS flag
When the hardware can only deal with a monotonically increasing
appl_ptr, this flag can be set.

In case the application requests a rewind, be it with a
snd_pcm_rewind() or with a direct change of a mmap'ed pointer followed
by a SNDRV_PCM_IOCTL_SYNC_PTR, this patch checks if a rewind
occurred and returns an error.

Credits to Takashi Iwai for identifying the path with SYNC_PTR and
suggesting the pointer checks.

Suggested-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20211119230852.206310-3-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2021-11-24 12:57:18 +00:00
Pierre-Louis Bossart
0e888a74e5
ALSA: pcm: unconditionally check if appl_ptr is in 0..boundary range
In some cases, the appl_ptr passed by userspace is not checked before
being used. This patch adds an unconditional check and returns an
error code should the appl_ptr exceed the ALSA 'boundary'.

Suggested-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Link: https://lore.kernel.org/r/20211119230852.206310-2-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
2021-11-24 12:57:17 +00:00
Takashi Iwai
7c72665c56 ALSA: led: Use restricted type for iface assignment
Fix a sparse warning that complains about the inconsistent type
assignment for iface, which is a restricted type of
snd_ctl_elem_iface_t.

Fixes: a135dfb5de ("ALSA: led control - add sysfs kcontrol LED marking layer")
Reported-by: kernel test robot <lkp@intel.com>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/202111201028.xduVYgH5-lkp@intel.com
Link: https://lore.kernel.org/r/20211123170247.2962-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-23 18:12:05 +01:00
Takashi Iwai
2c95b92ecd ALSA: memalloc: Unify x86 SG-buffer handling (take#3)
This is a second attempt to unify the x86-specific SG-buffer handling
code with the new standard non-contiguous page handler.

The first try (in commit 2d9ea39917) failed due to the wrong page
and address calculations, hence reverted.  (And the second try failed
due to a copy&paste error.)  Now it's corrected with the previous fix
for noncontig pages, and the proper sg page iteration by this patch.

After the migration, SNDRV_DMA_TYPE_DMA_SG becomes identical with
SNDRV_DMA_TYPE_NONCONTIG on x86, while others still fall back to
SNDRV_DMA_TYPE_DEV.

Tested-by: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
Tested-by: Harald Arnesen <harald@skogtun.org>
Link: https://lore.kernel.org/r/20211017074859.24112-4-tiwai@suse.de
Link: https://lore.kernel.org/r/20211109062235.22310-1-tiwai@suse.de
Link: https://lore.kernel.org/r/20211116073358.19741-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-16 08:34:29 +01:00
Takashi Iwai
5471e9762e ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
snd_ctl_remove() has to be called with card->controls_rwsem held (when
called after the card instantiation).  This patch add the missing
rwsem calls around it.

Fixes: a8ff48cb70 ("ALSA: pcm: Free chmap at PCM free callback, too")
Link: https://lore.kernel.org/r/20211116071314.15065-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-16 08:13:55 +01:00
Takashi Iwai
06764dc931 ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
snd_ctl_remove() has to be called with card->controls_rwsem held (when
called after the card instantiation).  This patch add the missing
rwsem calls around it.

Fixes: 9058cbe1ee ("ALSA: jack: implement kctl creating for jack devices")
Link: https://lore.kernel.org/r/20211116071314.15065-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-16 08:13:54 +01:00
Takashi Iwai
4ddac46031 ALSA: memalloc: Remove a stale comment
The comment about the reused vmalloc helpers is no longer valid after
the recent change for the noncontig allocator.  Drop the stale
comment.

Fixes: ad4f93ca41 ("ALSA: memalloc: Use proper SG helpers for noncontig allocations")
Link: https://lore.kernel.org/r/20211110063100.21359-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-10 07:35:23 +01:00
Takashi Iwai
ad4f93ca41 ALSA: memalloc: Use proper SG helpers for noncontig allocations
The recently introduced non-contiguous page allocation support helpers
are using the simplified code to calculate the page and DMA address
based on the vmalloc helpers, but this isn't quite right as the vmap
is valid only for the direct DMA.

This patch corrects those accessors to use the proper SG helpers
instead.

Fixes: a25684a956 ("ALSA: memalloc: Support for non-contiguous page allocation")
Tested-by: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
Link: https://lore.kernel.org/r/20211108151059.31898-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-09 07:14:22 +01:00
Takashi Iwai
8e537d5dec ALSA: PCM: Fix NULL dereference at mmap checks
The recent refactoring of mmap handling caused Oops on some devices
that don't use the standard memory allocations.  This patch addresses
it by allowing snd_dma_buffer_mmap() helper to receive the NULL
pointer dmab argument (and return an error appropriately).

Fixes: a202bd1ad8 ("ALSA: core: Move mmap handler into memalloc ops")
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211107163911.13534-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-07 17:55:05 +01:00
Takashi Iwai
ffdd98277f ALSA: timer: Unconditionally unlink slave instances, too
Like the previous fix (commit c0317c0e87 "ALSA: timer: Fix
use-after-free problem"), we have to unlink slave timer instances
immediately at snd_timer_stop(), too.  Otherwise it may leave a stale
entry in the list if the slave instance is freed before actually
running.

Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20211105091517.21733-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2021-11-05 11:27:27 +01:00