Commit Graph

39 Commits

Author SHA1 Message Date
Takashi Iwai
fa84cf094e ALSA: pcm: Nuke snd_pcm_lib_mmap_vmalloc()
snd_pcm_lib_mmap_vmalloc() was supposed to be implemented with
somewhat special for vmalloc handling, but in the end, this turned to
just the default handler, i.e. NULL.  As the situation has never
changed over decades, let's rip it off.

Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-07-18 08:24:29 +02:00
Takashi Iwai
9f88058e78 ALSA: aloop: Reduced duplicated PCM ops definition
The PCM ops defined for playback and capture are identical.  Just use
the single one for both.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-05-28 11:53:04 +02:00
Takashi Iwai
76b3421b39 ALSA: aloop: Add missing cable lock to ctl API callbacks
Some control API callbacks in aloop driver are too lazy to take the
loopback->cable_lock and it results in possible races of cable access
while it's being freed.  It eventually lead to a UAF, as reported by
fuzzer recently.

This patch covers such control API callbacks and add the proper mutex
locks.

Reported-by: DaeRyong Jeong <threeearcat@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-04-30 10:06:48 +02:00
Robert Rosengren
306a4f3ca7 ALSA: aloop: Mark paused device as inactive
Show paused ALSA aloop device as inactive, i.e. the control
"PCM Slave Active" set as false. Notification sent upon state change.

This makes it possible for client capturing from aloop device to know if
data is expected. Without it the client expects data even if playback
is paused.

Signed-off-by: Robert Rosengren <robert.rosengren@axis.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-27 08:00:28 +02:00
Takashi Iwai
8e6b1a72a7 ALSA: aloop: Fix access to not-yet-ready substream via cable
In loopback_open() and loopback_close(), we assign and release the
substream object to the corresponding cable in a racy way.  It's
neither locked nor done in the right position.  The open callback
assigns the substream before its preparation finishes, hence the other
side of the cable may pick it up, which may lead to the invalid memory
access.

This patch addresses these: move the assignment to the end of the open
callback, and wrap with cable->lock for avoiding concurrent accesses.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-22 10:40:27 +01:00
Takashi Iwai
67a01afaf3 ALSA: aloop: Sync stale timer before release
The aloop driver tries to stop the pending timer via timer_del() in
the trigger callback and in the close callback.  The former is
correct, as it's an atomic operation, while the latter expects that
the timer gets really removed and proceeds the resource releases after
that.  But timer_del() doesn't synchronize, hence the running timer
may still access the released resources.

A similar situation can be also seen in the prepare callback after
trigger(STOP) where the prepare tries to re-initialize the things
while a timer is still running.

The problems like the above are seen indirectly in some syzkaller
reports (although it's not 100% clear whether this is the only cause,
as the race condition is quite narrow and not always easy to
trigger).

For addressing these issues, this patch adds the explicit alls of
timer_del_sync() in some places, so that the pending timer is properly
killed / synced.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-22 10:34:12 +01:00
Takashi Iwai
898dfe4687 ALSA: aloop: Fix racy hw constraints adjustment
The aloop driver tries to update the hw constraints of the connected
target on the cable of the opened PCM substream.  This is done by
adding the extra hw constraints rules referring to the substream
runtime->hw fields, while the other substream may update the runtime
hw of another side on the fly.

This is, however, racy and may result in the inconsistent values when
both PCM streams perform the prepare concurrently.  One of the reason
is that it overwrites the other's runtime->hw field; which is not only
racy but also broken when it's called before the open of another side
finishes.  And, since the reference to runtime->hw isn't protected,
the concurrent write may give the partial value update and become
inconsistent.

This patch is an attempt to fix and clean up:
- The prepare doesn't change the runtime->hw of other side any longer,
  but only update the cable->hw that is referred commonly.
- The extra rules refer to the loopback_pcm object instead of the
  runtime->hw.  The actual hw is deduced from cable->hw.
- The extra rules take the cable_lock to protect against the race.

Fixes: b1c73fc8e6 ("ALSA: snd-aloop: Fix hw_params restrictions and checking")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-01-05 16:44:16 +01:00
Takashi Iwai
b088b53e20 ALSA: aloop: Fix inconsistent format due to incomplete rule
The extra hw constraint rule for the formats the aloop driver
introduced has a slight flaw, where it doesn't return a positive value
when the mask got changed.  It came from the fact that it's basically
a copy&paste from snd_hw_constraint_mask64().  The original code is
supposed to be a single-shot and it modifies the mask bits only once
and never after, while what we need for aloop is the dynamic hw rule
that limits the mask bits.

This difference results in the inconsistent state, as the hw_refine
doesn't apply the dependencies fully.  The worse and surprisingly
result is that it causes a crash in OSS emulation when multiple
full-duplex reads/writes are performed concurrently (I leave why it
triggers Oops to readers as a homework).

For fixing this, replace a few open-codes with the standard
snd_mask_*() macros.

Reported-by: syzbot+3902b5220e8ca27889ca@syzkaller.appspotmail.com
Fixes: b1c73fc8e6 ("ALSA: snd-aloop: Fix hw_params restrictions and checking")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-01-05 16:40:16 +01:00
Takashi Iwai
9685347aa0 ALSA: aloop: Release cable upon open error path
The aloop runtime object and its assignment in the cable are left even
when opening a substream fails.  This doesn't mean any memory leak,
but it still keeps the invalid pointer that may be referred by the
another side of the cable spontaneously, which is a potential Oops
cause.

Clean up the cable assignment and the empty cable upon the error path
properly.

Fixes: 597603d615 ("ALSA: introduce the snd-aloop module for the PCM loopback")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-01-05 16:22:20 +01:00
Kees Cook
bc47ba90b0 ALSA: drivers: Convert timers to use timer_setup()
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.

Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-10-24 21:01:16 +02:00
Arvind Yadav
f95925829b ALSA: drivers: constify snd_pcm_ops structures
snd_pcm_ops are not supposed to change at runtime. All functions
working with snd_pcm_ops provided by <sound/pcm.h> work with
const snd_pcm_ops. So mark the non-const structs as const.

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-08-19 11:02:15 +02:00
Bhumika Goyal
b6c0b71561 ALSA: drivers: make snd_pcm_hardware const
Make these const as they are only used in a copy operation.
Done using Coccinelle.

Signed-off-by: Bhumika Goyal <bhumirks@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-08-17 12:44:09 +02:00
Takashi Iwai
41960d9592 ALSA: aloop: Drop unnecessary ifdef CONFIG_PROC_FS
Since the compiler can optimize away the unused code, we can reduce
the messy ifdef.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-05-29 07:46:05 +02:00
Takashi Iwai
db974553e3 ALSA: aloop: Use setup_timer() and mod_timer()
No functional change, refactoring with the standard helpers.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-19 11:27:31 +01:00
Wolfram Sang
5d5638afa0 ALSA: drivers: drop owner assignment from platform_drivers
A platform_driver does not need to set an owner, it will be populated by the
driver core.

Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-10-20 16:21:59 +02:00
Takashi Iwai
5872f3f621 ALSA: drivers: Convert to snd_card_new() with a device pointer
Also remove superfluous snd_card_set_dev() calls.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-12 10:58:20 +01:00
Sachin Kamat
5ed5824bf4 ALSA: aloop: Remove redundant platform_set_drvdata()
Commit 0998d06310 (device-core: Ensure drvdata = NULL when no
driver is bound) removes the need to set driver data field to
NULL.

Signed-off-by: Sachin Kamat <sachin.kamat@linaro.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-05-23 14:34:09 +02:00
Eldad Zack
74c34ca1cc ALSA: pcm_format_to_bits strong-typed conversion
Add a function to handle conversion from snd_pcm_format_t
to bitwise with proper typing.

Change such conversions to use this function and silence sparse
warnings.

Signed-off-by: Eldad Zack <eldad@fogrefinery.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-04-29 13:36:15 +02:00
Takashi Iwai
edac894389 ALSA: aloop: Fix Oops while PM resume
snd-aloop driver has no proper PM implementation, thus the PM resume
may trigger Oops due to leftover timer instance.  This patch adds the
missing suspend/resume implementation.

Reported-and-tested-by: El boulangero <elboulangero@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-02-04 10:28:15 +01:00
Bill Pemberton
fbbb01a12d ALSA: drivers: remove __dev* attributes
CONFIG_HOTPLUG is going away as an option.  As result the __dev*
markings will be going away.

Remove use of __devinit, __devexit_p, __devinitdata, __devinitconst,
and __devexit.

Signed-off-by: Bill Pemberton <wfp5p@virginia.edu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-12-07 07:34:32 +01:00
Takashi Iwai
999fc9f6aa ALSA: aloop - Close races at restarting the stream
There are small races opened in the check of running bit and the timer
lock.  Instead of adding yet more flag, just protect the whole racy
codes with the existing cable->lock.  As a bonus, we can get rid of
timer_lock now.

Reported-and-tested-by: Omair Mohammed Abdullah <omair.m.abdullah@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-10-21 10:53:14 +02:00
Omair Mohammed Abdullah
d4f1e48bd1 ALSA: aloop - add locking to timer access
When the loopback timer handler is running, calling del_timer() (for STOP
trigger) will not wait for the handler to complete before deactivating the
timer. The timer gets rescheduled in the handler as usual. Then a subsequent
START trigger will try to start the timer using add_timer() with a timer pending
leading to a kernel panic.

Serialize the calls to add_timer() and del_timer() using a spin lock to avoid
this.

Signed-off-by: Omair Mohammed Abdullah <omair.m.abdullah@linux.intel.com>
Signed-off-by: Vinod Koul <vinod.koul@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-10-06 16:50:28 +02:00
Takashi Iwai
d34e4e00ad ALSA: platform: Check CONFIG_PM_SLEEP instead of CONFIG_PM
When CONFIG_PM is set but CONFIG_PM_SLEEP is unset,
SIMPLE_DEV_PM_OPS() ignores the given functions, and this leads to
compile warnings.

For avoiding this, simply check CONFIG_PM_SLEEP instead of CONFIG_PM.

Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-09 15:47:15 +02:00
Takashi Iwai
284e7ca75f ALSA: convert PM ops of platform_driver to new pm ops
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-07-03 07:58:19 +02:00
Takashi Iwai
8bf01d8abc ALSA: Add missing .owner=THIS_MODULE to platform_driver definitions
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-07-02 17:50:05 +02:00
Jaroslav Kysela
b012513c66 ALSA: snd-aloop - improve the sample copy accurracy
Maintain both streams (playback, capture) synchronized. Previous code
didn't take in account the small byte count drifts caused by the irq
position rounding.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-05-15 08:34:38 +02:00
Rusty Russell
a67ff6a540 ALSA: module_param: make bool parameters really bool
module_param(bool) used to counter-intuitively take an int.  In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.

It's time to remove the int/unsigned int option.  For this version
it'll simply give a warning, but it'll break next kernel version.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-12-19 10:34:41 +01:00
Paul Gortmaker
65a772172b sound: fix drivers needing module.h not moduleparam.h
The implicit presence of module.h lured several users into
incorrectly thinking that they only needed/used modparam.h
but once we clean up the module.h presence, these will show
up as build failures, so fix 'em now.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2011-10-31 19:31:19 -04:00
Takashi Iwai
6b69a0e520 ALSA: aloop - Use vmalloc buffer
snd-aloop driver is virtual and has no need for allocating contiguous
pages.  It'll be more system-friendly to use vmalloc buffers.

Tested-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-09-24 12:16:29 +02:00
Takashi Iwai
98d21df431 ALSA: aloop - Fix possible IRQ lock inversion
loopback_pos_update() can be called in the timer callback, thus the lock
held should be irq-safe.  Otherwise you'll get AB/BA deadlock together
with substream->self_group.lock.

Reported-and-tested-by: Knut Petersen <Knut_Petersen@t-online.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-03-18 07:31:53 +01:00
Jaroslav Kysela
5de9e45fcf ALSA: snd-aloop - add pause support
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-20 09:35:43 +02:00
Jaroslav Kysela
dd04bb12d0 ALSA: snd-aloop - fix locking issues (running flag updates)
On SMP machines, the cable->running update must be atomic, otherwise
stream is not started correctly sometimes.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-20 09:35:38 +02:00
Jaroslav Kysela
e74670b6fd ALSA: snd-aloop: add cable#0 and cable#1 files to proc card tree
Show some useful runtime information using procfs.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-18 11:08:21 +02:00
Jaroslav Kysela
0db7102305 ALSA: snd-aloop - fix issue in the timer start function
In some circumstances (the rate shift value was changed), the irq_pos
value may be higher than the fraction value in the timer start function.
Check for it.

Also, to avoid value overflow, decrease maximum period size.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-14 21:54:17 +02:00
Jaroslav Kysela
b1c73fc8e6 ALSA: snd-aloop: Fix hw_params restrictions and checking
This patch fixes the hw_params restrictions when first (or playback) stream
sets the final hardware parameters. Also, fix the hw_params checking
in the trigger callback.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-11 10:56:09 +02:00
Jaroslav Kysela
ac446fb7e6 ALSA: snd-aloop - fix "PCM Slave Active" element read value
Simple coding fix.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-10-02 16:07:03 +02:00
Jaroslav Kysela
20d9a26dbb ALSA: snd-aloop - fix capture buffer silence
In a special case, some old samples are left in the capture ring buffer.
Fix it.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-09-30 00:20:17 +02:00
Jaroslav Kysela
1446c5fba7 ALSA: snd-aloop - fix the "PCM Playback Channels" kcontrol
Obvious copy-and-paste error.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-09-15 08:05:03 +02:00
Jaroslav Kysela
597603d615 ALSA: introduce the snd-aloop module for the PCM loopback
The snd-aloop module allows redirecting of the PCM playback in the
kernel back to the user space using the standard ALSA PCM capture API.

The module also allows time synchronization with another timing source
and notifications of playback stream parameter changes.

Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-08-09 14:21:11 +02:00