#
2419891e |
|
16-Aug-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Create device with snd_device_alloc() Align with the other components, and use snd_device_alloc() for the new sound device for sequencer, too. No functional changes. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Signed-off-by: Curtis Malainey <cujomalainey@chromium.org> Tested-by: Curtis Malainey <cujomalainey@chromium.org> Link: https://lore.kernel.org/r/20230816160252.23396-9-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
8c15a183 |
|
05-Jun-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Avoid confusion of aligned read size Currently the read event packet size in snd_seq_read() is defined by client->midi_version value that is guaranteed to be zero if UMP isn't enabled. But the static analyzer doesn't know of the fact, and it still suspects as if it were leading to a potential overflow. Add the more explicit check of CONFIG_SND_SEQ_UMP to determine the aligned_size value for avoiding the confusion. Fixes: 46397622a3fa ("ALSA: seq: Add UMP support") Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <error27@gmail.com> Closes: https://lore.kernel.org/r/202305261415.NY0vapZK-lkp@intel.com/ Link: https://lore.kernel.org/r/20230605144758.6677-2-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d2b70607 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add UMP group filter Add a new filter bitmap for UMP groups for reducing the unnecessary read/write when the client is connected to UMP EP seq port. The new group_filter field contains the bitmap for the groups, i.e. when the bit is set, the corresponding group is filtered out and the messages to that group won't be delivered. The filter bitmap consists of each bit of 1-based UMP Group number. The bit 0 is reserved for the future use. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-37-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
e85b9260 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Print UMP Endpoint and Block information in proc outputs This patch enhances the /proc/asound/seq/clients output to show a few more information about the assigned UMP Endpoint and Blocks. The "Groups" are shown in 1-based group number to align with the sequencer client name and port number. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-36-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d2d247e3 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add ioctls for client UMP info query and setup Add new ioctls for sequencer clients to query and set the UMP endpoint and block information. As a sequencer client corresponds to a UMP Endpoint, one UMP Endpoint information can be assigned at most to a single sequencer client while multiple UMP block infos can be assigned by passing the type with the offset of block id (i.e. type = block_id + 1). For the kernel client, only SNDRV_SEQ_IOCTL_GET_CLIENT_UMP_INFO is allowed. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-35-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
329ffe11 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Allow suppressing UMP conversions A sequencer client like seq_dummy rather doesn't want to convert UMP events but receives / sends as is. Add a new event filter flag to suppress the automatic UMP conversion and applies accordingly. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-32-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
e9e02819 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Automatic conversion of UMP events This patch enables the automatic conversion of UMP events from/to the legacy ALSA sequencer MIDI events. Also, as UMP itself has two different modes (MIDI 1.0 and MIDI 2.0), yet another converters between them are needed, too. Namely, we have conversions between the legacy and UMP like: - seq legacy event -> seq UMP MIDI 1.0 event - seq legacy event -> seq UMP MIDI 2.0 event - seq UMP MIDI 1.0 event -> seq legacy event - seq UMP MIDI 2.0 event -> seq legacy event and the conversions between UMP MIDI 1.0 and 2.0 clients like: - seq UMP MIDI 1.0 event -> seq UMP MIDI 2.0 event - seq UMP MIDI 2.0 event -> seq UMP MIDI 1.0 event The translation is per best-effort; some MIDI 2.0 specific events are ignored when translated to MIDI 1.0. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-31-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ff166a9d |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add port direction to snd_seq_port_info Add a new field "direction" to snd_seq_port_info for allowing a client to tell the expected direction of the port access. A port might still allow subscriptions for read/write (e.g. for MIDI-CI) even if the primary usage of the port is a single direction (either input or output only). This new "direction" field can help to indicate such cases. When the direction is unspecified at creating a port and the port has either read or write capability, the corresponding direction bits are set automatically as default. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-29-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
177ccf81 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Support MIDI 2.0 UMP Endpoint port This is an extension to ALSA sequencer infrastructure to support the MIDI 2.0 UMP Endpoint port. It's a "catch-all" port that is supposed to be present for each UMP Endpoint. When this port is read via subscription, it sends any events from all ports (UMP Groups) found in the same client. A UMP Endpoint port can be created with the new capability bit SNDRV_SEQ_PORT_CAP_UMP_ENDPOINT. Although the port assignment isn't strictly defined, it should be the port number 0. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-28-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
74661932 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add port inactive flag This extends the ALSA sequencer port capability bit to indicate the "inactive" flag. When this flag is set, the port is essentially invisible, and doesn't appear in the port query ioctls, while the direct access and the connection to this port are still allowed. The active/inactive state can be flipped dynamically, so that it can be visible at any time later. This feature is introduced basically for UMP; some UMP Groups in a UMP Block may be unassigned, hence those are practically invisible. On ALSA sequencer, the corresponding sequencer ports will get this new "inactive" flag to indicate the invisible state. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-27-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
46397622 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add UMP support Starting from this commit, we add the basic support of UMP (Universal MIDI Packet) events on ALSA sequencer infrastructure. The biggest change here is that, for transferring UMP packets that are up to 128 bits, we extend the data payload of ALSA sequencer event record when the client is declared to support for the new UMP events. A new event flag bit, SNDRV_SEQ_EVENT_UMP, is defined and it shall be set for the UMP packet events that have the larger payload of 128 bits, defined as struct snd_seq_ump_event. For controlling the UMP feature enablement in kernel, a new Kconfig, CONFIG_SND_SEQ_UMP is introduced. The extended event for UMP is available only when this Kconfig item is set. Similarly, the size of the internal snd_seq_event_cell also increases (in 4 bytes) when the Kconfig item is set. (But the size increase is effective only for 32bit architectures; 64bit archs already have padding there.) Overall, when CONFIG_SND_SEQ_UMP isn't set, there is no change in the event and cell, keeping the old sizes. For applications that want to access the UMP packets, first of all, a sequencer client has to declare the user-protocol to match with the latest one via the new SNDRV_SEQ_IOCTL_USER_PVERSION; otherwise it's treated as if a legacy client without UMP support. Then the client can switch to the new UMP mode (MIDI 1.0 or MIDI 2.0) with a new field, midi_version, in snd_seq_client_info. When switched to UMP mode (midi_version = 1 or 2), the client can write the UMP events with SNDRV_SEQ_EVENT_UMP flag. For reads, the alignment size is changed from snd_seq_event (28 bytes) to snd_seq_ump_event (32 bytes). When a UMP sequencer event is delivered to a legacy sequencer client, it's ignored or handled as an error. Conceptually, ALSA sequencer client and port correspond to the UMP Endpoint and Group, respectively; each client may have multiple ports and each port has the fixed number (16) of channels, total up to 256 channels. As of this commit, ALSA sequencer core just sends and receives the UMP events as-is from/to clients. The automatic conversions between the legacy events and the new UMP events will be implemented in a later patch. Along with this commit, bump the sequencer protocol version to 1.0.3. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-26-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
afb72505 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Introduce SNDRV_SEQ_IOCTL_USER_PVERSION ioctl For the future extension of ALSA sequencer ABI, introduce a new ioctl SNDRV_SEQ_IOCTL_USER_PVERSION. This is similar like the ioctls used in PCM and other interfaces, for an application to specify its supporting ABI version. The use of this ioctl will be mandatory for the upcoming UMP support. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-25-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
13599053 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Prohibit creating ports with special numbers Some port numbers are special, such as 254 for subscribers and 255 for broadcast. Return error if application tries to create such a port. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-24-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
4f92eb79 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Check validity before creating a port object The client type and the port info validity check should be done before actually creating a port, instead of unnecessary create-and-scratch. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-23-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7c3f0d3d |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Check the conflicting port at port creation We didn't check if a port with the given port number has been already present at creating a new port. Check it and return -EBUSY properly if the port number conflicts. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-22-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
94c5b717 |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Drop dead code for the old broadcast support The broadcast and multicast supports have been never enabled. Let's drop the dead code. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-21-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d0c8308f |
|
23-May-2023 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Treat snd_seq_client object directly in client drivers Introduce the new helpers, snd_seq_kernel_client_get() and _put() for kernel client drivers to treat the snd_seq_client more directly. This allows us to reduce the exported symbols and APIs at each time we need to access some field in future. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20230523075358.9672-20-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
3e7e04b7 |
|
23-Aug-2022 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix data-race at module auto-loading It's been reported that there is a possible data-race accessing to the global card_requested[] array at ALSA sequencer core, which is used for determining whether to call request_module() for the card or not. This data race itself is almost harmless, as it might end up with one extra request_module() call for the already loaded module at most. But it's still better to fix. This patch addresses the possible data race of card_requested[] and client_requested[] arrays by replacing them with bitmask. It's an atomic operation and can work without locks. Reported-by: Abhishek Shah <abhishek.shah@columbia.edu> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/CAEHB24_ay6YzARpA1zgCsE7=H9CSJJzux618E=Ka4h0YdKn=qA@mail.gmail.com Link: https://lore.kernel.org/r/20220823072717.1706-2-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
f9a6bb84 |
|
08-Jun-2021 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix assignment in if condition There are lots of places doing assignments in if condition in ALSA sequencer core, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-57-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
75b1a8f9 |
|
04-Jan-2021 |
Joe Perches <joe@perches.com> |
ALSA: Convert strlcpy to strscpy when return value is unused strlcpy is deprecated. see: Documentation/process/deprecated.rst Change the calls that do not use the strlcpy return value to the preferred strscpy. Done with cocci script: @@ expression e1, e2, e3; @@ - strlcpy( + strscpy( e1, e2, e3); This cocci script leaves the instances where the return value is used unchanged. After this patch, sound/ has 3 uses of strlcpy() that need to be manually inspected for conversion and changed one day. $ git grep -w strlcpy sound/ sound/usb/card.c: len = strlcpy(card->longname, s, sizeof(card->longname)); sound/usb/mixer.c: return strlcpy(buf, p->name, buflen); sound/usb/mixer.c: return strlcpy(buf, p->names[index], buflen); Miscellenea: o Remove trailing whitespace in conversion of sound/core/hwdep.c Link: https://lore.kernel.org/lkml/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/ Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Mark Brown <broonie@kernel.org> Link: https://lore.kernel.org/r/22b393d1790bb268769d0bab7bacf0866dcb0c14.camel@perches.com Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
1a6a071f |
|
03-Nov-2020 |
Yu Hao <yuhaobehappy@gmail.com> |
ALSA: seq: remove useless function The function snd_seq_queue_client_termination() is only called from the function seq_free_client1(). The function seq_free_client1() calls the function snd_seq_queue_client_leave() and the function snd_seq_queue_client_termination() together. Because the function snd_seq_queue_client_leave() does all things, so the function snd_seq_queue_client_termination() is a useless function. Signed-off-by: Yu Hao <yuhaobehappy@gmail.com> Link: https://lore.kernel.org/r/20201103223335.21831-1-yuhaobehappy@gmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
dc749779 |
|
13-Feb-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix concurrent access to queue current tick/time snd_seq_check_queue() passes the current tick and time of the given queue as a pointer to snd_seq_prioq_cell_out(), but those might be updated concurrently by the seq timer update. Fix it by retrieving the current tick and time via the proper helper functions at first, and pass those values to snd_seq_prioq_cell_out() later in the loops. snd_seq_timer_get_cur_time() takes a new argument and adjusts with the current system time only when it's requested so; this update isn't needed for snd_seq_check_queue(), as it's called either from the interrupt handler or right after queuing. Also, snd_seq_timer_get_cur_tick() is changed to read the value in the spinlock for the concurrency, too. Reported-by: syzbot+fd5e0eaa1a32999173b2@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20200214111316.26939-3-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
75545304 |
|
25-Aug-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix potential concurrent access to the deleted pool The input pool of a client might be deleted via the resize ioctl, the the access to it should be covered by the proper locks. Currently the only missing place is the call in snd_seq_ioctl_get_client_pool(), and this patch papers over it. Reported-by: syzbot+4a75454b9ca2777f35c7@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ede34f39 |
|
15-Jul-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Break too long mutex context in the write loop The fix for the racy writes and ioctls to sequencer widened the application of client->ioctl_mutex to the whole write loop. Although it does unlock/relock for the lengthy operation like the event dup, the loop keeps the ioctl_mutex for the whole time in other situations. This may take quite long time if the user-space would give a huge buffer, and this is a likely cause of some weird behavior spotted by syzcaller fuzzer. This patch puts a simple workaround, just adding a mutex break in the loop when a large number of events have been processed. This shouldn't hit any performance drop because the threshold is set high enough for usual operations. Fixes: 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races") Reported-by: syzbot+97aae04ce27e39cbfca9@syzkaller.appspotmail.com Reported-by: syzbot+4c595632b98bb8ffcc66@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
1a59d1b8 |
|
27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
c5bf68fe |
|
26-Mar-2019 |
Kirill Smelkov <kirr@nexedi.com> |
*: convert stream-like files from nonseekable_open -> stream_open Using scripts/coccinelle/api/stream_open.cocci added in 10dce8af3422 ("fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock"), search and convert to stream_open all in-kernel nonseekable_open users for which read and write actually do not depend on ppos and where there is no other methods in file_operations which assume @offset access. I've verified each generated change manually - that it is correct to convert - and each other nonseekable_open instance left - that it is either not correct to convert there, or that it is not converted due to current stream_open.cocci limitations. The script also does not convert files that should be valid to convert, but that currently have .llseek = noop_llseek or generic_file_llseek for unknown reason despite file being opened with nonseekable_open (e.g. drivers/input/mousedev.c) Among cases converted 14 were potentially vulnerable to read vs write deadlock (see details in 10dce8af3422): drivers/char/pcmcia/cm4000_cs.c:1685:7-23: ERROR: cm4000_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/gnss/core.c:45:1-17: ERROR: gnss_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/hid/uhid.c:635:1-17: ERROR: uhid_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/infiniband/core/user_mad.c:988:1-17: ERROR: umad_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/input/evdev.c:527:1-17: ERROR: evdev_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/input/misc/uinput.c:401:1-17: ERROR: uinput_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/isdn/capi/capi.c:963:8-24: ERROR: capi_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/leds/uleds.c:77:1-17: ERROR: uleds_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/media/rc/lirc_dev.c:198:1-17: ERROR: lirc_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/s390/char/fs3270.c:488:1-17: ERROR: fs3270_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/usb/misc/ldusb.c:310:1-17: ERROR: ld_usb_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. drivers/xen/evtchn.c:667:8-24: ERROR: evtchn_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. net/batman-adv/icmp_socket.c:80:1-17: ERROR: batadv_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. net/rfkill/core.c:1146:8-24: ERROR: rfkill_fops: .read() can deadlock .write(); change nonseekable_open -> stream_open to fix. and the rest were just safe to convert to stream_open because their read and write do not use ppos at all and corresponding file_operations do not have methods that assume @offset file access(*): arch/powerpc/platforms/52xx/mpc52xx_gpt.c:631:8-24: WARNING: mpc52xx_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_ibox_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_ibox_stat_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_mbox_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_mbox_stat_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_wbox_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. arch/powerpc/platforms/cell/spufs/file.c:591:8-24: WARNING: spufs_wbox_stat_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. arch/um/drivers/harddog_kern.c:88:8-24: WARNING: harddog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. arch/x86/kernel/cpu/microcode/core.c:430:33-49: WARNING: microcode_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/char/ds1620.c:215:8-24: WARNING: ds1620_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/char/dtlk.c:301:1-17: WARNING: dtlk_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/char/ipmi/ipmi_watchdog.c:840:9-25: WARNING: ipmi_wdog_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/char/pcmcia/scr24x_cs.c:95:8-24: WARNING: scr24x_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/char/tb0219.c:246:9-25: WARNING: tb0219_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/firewire/nosy.c:306:8-24: WARNING: nosy_ops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/hwmon/fschmd.c:840:8-24: WARNING: watchdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/hwmon/w83793.c:1344:8-24: WARNING: watchdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/infiniband/core/ucma.c:1747:8-24: WARNING: ucma_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/infiniband/core/ucm.c:1178:8-24: WARNING: ucm_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/infiniband/core/uverbs_main.c:1086:8-24: WARNING: uverbs_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/input/joydev.c:282:1-17: WARNING: joydev_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/pci/switch/switchtec.c:393:1-17: WARNING: switchtec_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/platform/chrome/cros_ec_debugfs.c:135:8-24: WARNING: cros_ec_console_log_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/rtc/rtc-ds1374.c:470:9-25: WARNING: ds1374_wdt_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/rtc/rtc-m41t80.c:805:9-25: WARNING: wdt_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/s390/char/tape_char.c:293:2-18: WARNING: tape_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/s390/char/zcore.c:194:8-24: WARNING: zcore_reipl_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/s390/crypto/zcrypt_api.c:528:8-24: WARNING: zcrypt_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/spi/spidev.c:594:1-17: WARNING: spidev_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/staging/pi433/pi433_if.c:974:1-17: WARNING: pi433_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/acquirewdt.c:203:8-24: WARNING: acq_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/advantechwdt.c:202:8-24: WARNING: advwdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/alim1535_wdt.c:252:8-24: WARNING: ali_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/alim7101_wdt.c:217:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ar7_wdt.c:166:8-24: WARNING: ar7_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/at91rm9200_wdt.c:113:8-24: WARNING: at91wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ath79_wdt.c:135:8-24: WARNING: ath79_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/bcm63xx_wdt.c:119:8-24: WARNING: bcm63xx_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/cpu5wdt.c:143:8-24: WARNING: cpu5wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/cpwd.c:397:8-24: WARNING: cpwd_fops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/eurotechwdt.c:319:8-24: WARNING: eurwdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/f71808e_wdt.c:528:8-24: WARNING: watchdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/gef_wdt.c:232:8-24: WARNING: gef_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/geodewdt.c:95:8-24: WARNING: geodewdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ib700wdt.c:241:8-24: WARNING: ibwdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ibmasr.c:326:8-24: WARNING: asr_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/indydog.c:80:8-24: WARNING: indydog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/intel_scu_watchdog.c:307:8-24: WARNING: intel_scu_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/iop_wdt.c:104:8-24: WARNING: iop_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/it8712f_wdt.c:330:8-24: WARNING: it8712f_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ixp4xx_wdt.c:68:8-24: WARNING: ixp4xx_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/ks8695_wdt.c:145:8-24: WARNING: ks8695wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/m54xx_wdt.c:88:8-24: WARNING: m54xx_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/machzwd.c:336:8-24: WARNING: zf_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/mixcomwd.c:153:8-24: WARNING: mixcomwd_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/mtx-1_wdt.c:121:8-24: WARNING: mtx1_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/mv64x60_wdt.c:136:8-24: WARNING: mv64x60_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/nuc900_wdt.c:134:8-24: WARNING: nuc900wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/nv_tco.c:164:8-24: WARNING: nv_tco_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pc87413_wdt.c:289:8-24: WARNING: pc87413_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd.c:698:8-24: WARNING: pcwd_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd.c:737:8-24: WARNING: pcwd_temp_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd_pci.c:581:8-24: WARNING: pcipcwd_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd_pci.c:623:8-24: WARNING: pcipcwd_temp_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd_usb.c:488:8-24: WARNING: usb_pcwd_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pcwd_usb.c:527:8-24: WARNING: usb_pcwd_temperature_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pika_wdt.c:121:8-24: WARNING: pikawdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/pnx833x_wdt.c:119:8-24: WARNING: pnx833x_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/rc32434_wdt.c:153:8-24: WARNING: rc32434_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/rdc321x_wdt.c:145:8-24: WARNING: rdc321x_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/riowd.c:79:1-17: WARNING: riowd_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sa1100_wdt.c:62:8-24: WARNING: sa1100dog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sbc60xxwdt.c:211:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sbc7240_wdt.c:139:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sbc8360.c:274:8-24: WARNING: sbc8360_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sbc_epx_c3.c:81:8-24: WARNING: epx_c3_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sbc_fitpc2_wdt.c:78:8-24: WARNING: fitpc2_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sb_wdog.c:108:1-17: WARNING: sbwdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sc1200wdt.c:181:8-24: WARNING: sc1200wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sc520_wdt.c:261:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/sch311x_wdt.c:319:8-24: WARNING: sch311x_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/scx200_wdt.c:105:8-24: WARNING: scx200_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/smsc37b787_wdt.c:369:8-24: WARNING: wb_smsc_wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/w83877f_wdt.c:227:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/w83977f_wdt.c:301:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wafer5823wdt.c:200:8-24: WARNING: wafwdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/watchdog_dev.c:828:8-24: WARNING: watchdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdrtas.c:379:8-24: WARNING: wdrtas_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdrtas.c:445:8-24: WARNING: wdrtas_temp_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt285.c:104:1-17: WARNING: watchdog_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt977.c:276:8-24: WARNING: wdt977_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt.c:424:8-24: WARNING: wdt_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt.c:484:8-24: WARNING: wdt_temp_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt_pci.c:464:8-24: WARNING: wdtpci_fops: .write() has stream semantic; safe to change nonseekable_open -> stream_open. drivers/watchdog/wdt_pci.c:527:8-24: WARNING: wdtpci_temp_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. net/batman-adv/log.c:105:1-17: WARNING: batadv_log_fops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. sound/core/control.c:57:7-23: WARNING: snd_ctl_f_ops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. sound/core/rawmidi.c:385:7-23: WARNING: snd_rawmidi_f_ops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. sound/core/seq/seq_clientmgr.c:310:7-23: WARNING: snd_seq_f_ops: .read() and .write() have stream semantic; safe to change nonseekable_open -> stream_open. sound/core/timer.c:1428:7-23: WARNING: snd_timer_f_ops: .read() has stream semantic; safe to change nonseekable_open -> stream_open. One can also recheck/review the patch via generating it with explanation comments included via $ make coccicheck MODE=patch COCCI=scripts/coccinelle/api/stream_open.cocci SPFLAGS="-D explain" (*) This second group also contains cases with read/write deadlocks that stream_open.cocci don't yet detect, but which are still valid to convert to stream_open since ppos is not used. For example drivers/pci/switch/switchtec.c calls wait_for_completion_interruptible() in its .read, but stream_open.cocci currently detects only "wait_event*" as blocking. Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Yongzhi Pan <panyongzhi@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: David Vrabel <david.vrabel@citrix.com> Cc: Juergen Gross <jgross@suse.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Tejun Heo <tj@kernel.org> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Christoph Hellwig <hch@lst.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Julia Lawall <Julia.Lawall@lip6.fr> Cc: Nikolaus Rath <Nikolaus@rath.org> Cc: Han-Wen Nienhuys <hanwen@google.com> Cc: Anatolij Gustschin <agust@denx.de> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "James R. Van Zandt" <jrv@vanzandt.mv.com> Cc: Corey Minyard <minyard@acm.org> Cc: Harald Welte <laforge@gnumonks.org> Acked-by: Lubomir Rintel <lkundrak@v3.sk> [scr24x_cs] Cc: Stefan Richter <stefanr@s5r6.in-berlin.de> Cc: Johan Hovold <johan@kernel.org> Cc: David Herrmann <dh.herrmann@googlemail.com> Cc: Jiri Kosina <jikos@kernel.org> Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com> Cc: Jean Delvare <jdelvare@suse.com> Acked-by: Guenter Roeck <linux@roeck-us.net> [watchdog/* hwmon/*] Cc: Rudolf Marek <r.marek@assembler.cz> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Karsten Keil <isdn@linux-pingi.de> Cc: Jacek Anaszewski <jacek.anaszewski@gmail.com> Cc: Pavel Machek <pavel@ucw.cz> Cc: Mauro Carvalho Chehab <mchehab@kernel.org> Cc: Kurt Schwemmer <kurt.schwemmer@microsemi.com> Acked-by: Logan Gunthorpe <logang@deltatee.com> [drivers/pci/switch/switchtec] Acked-by: Bjorn Helgaas <bhelgaas@google.com> [drivers/pci/switch/switchtec] Cc: Benson Leung <bleung@chromium.org> Acked-by: Enric Balletbo i Serra <enric.balletbo@collabora.com> [platform/chrome] Cc: Alessandro Zummo <a.zummo@towertech.it> Acked-by: Alexandre Belloni <alexandre.belloni@bootlin.com> [rtc/*] Cc: Mark Brown <broonie@kernel.org> Cc: Wim Van Sebroeck <wim@linux-watchdog.org> Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: bcm-kernel-feedback-list@broadcom.com Cc: Wan ZongShun <mcuos.com@gmail.com> Cc: Zwane Mwaikambo <zwanem@gmail.com> Cc: Marek Lindner <mareklindner@neomailbox.ch> Cc: Simon Wunderlich <sw@simonwunderlich.de> Cc: Antonio Quartulli <a@unstable.cc> Cc: "David S. Miller" <davem@davemloft.net> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Jaroslav Kysela <perex@perex.cz> Cc: Takashi Iwai <tiwai@suse.com> Signed-off-by: Kirill Smelkov <kirr@nexedi.com>
|
#
b5fd12d6 |
|
15-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Correct unlock sequence at snd_seq_client_ioctl_unlock() The doubly unlock sequence at snd_seq_client_ioctl_unlock() is tricky. I took a direct unref call since I thought it would avoid misunderstanding, but rather this seems more confusing. Let's use snd_seq_client_unlock() consistently even if they look strange to be called twice, and add more comments for avoiding reader's confusion. Fixes: 6b580f523172 ("ALSA: seq: Protect racy pool manipulation from OSS sequencer") Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
6b580f52 |
|
11-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Protect racy pool manipulation from OSS sequencer OSS sequencer emulation still allows to queue and issue the events that manipulate the client pool concurrently in a racy way. This patch serializes the access like the normal sequencer write / ioctl via taking the client ioctl_mutex. Since the access to the sequencer client is done indirectly via a client id number, a new helper to take/release the mutex is introduced. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
6740ea67 |
|
11-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Simplify snd_seq_kernel_client_enqueue() helper We have two helpers for queuing a sequencer event from the kernel client, and both are used only from OSS sequencer layer without any hop and atomic set. Let's simplify and unify two helpers into one. No functional change, just a call pattern change. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
f0654ba9 |
|
11-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" This reverts commit feb689025fbb6f0aa6297d3ddf97de945ea4ad32. The fix attempt was incorrect, leading to the mutex deadlock through the close of OSS sequencer client. The proper fix needs more consideration, so let's revert it now. Fixes: feb689025fbb ("ALSA: seq: Protect in-kernel ioctl calls with mutex") Reported-by: syzbot+47ded6c0f23016cde310@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
2eabc5ec |
|
09-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix race of get-subscription call vs port-delete ioctls The snd_seq_ioctl_get_subscription() retrieves the port subscriber information as a pointer, while the object isn't protected, hence it may be deleted before the actual reference. This race was spotted by syzkaller and may lead to a UAF. The fix is simply copying the data in the lookup function that performs in the rwsem to protect against the deletion. Reported-by: syzbot+9437020c82413d00222d@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
feb68902 |
|
09-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Protect in-kernel ioctl calls with mutex ALSA OSS sequencer calls the ioctl function indirectly via snd_seq_kernel_client_ctl(). While we already applied the protection against races between the normal ioctls and writes via the client's ioctl_mutex, this code path was left untouched. And this seems to be the cause of still remaining some rare UAF as spontaneously triggered by syzkaller. For the sake of robustness, wrap the ioctl_mutex also for the call via snd_seq_kernel_client_ctl(), too. Reported-by: syzbot+e4c8abb920efa77bace9@syzkaller.appspotmail.com Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
f823b8a7 |
|
28-Mar-2019 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Remove superfluous irqsave flags spin_lock_irqsave() is used unnecessarily in various places in sequencer core code although it's pretty obvious that the context is sleepable. Remove irqsave and use the plain spin_lock_irq() in such places for simplicity. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
212ac181 |
|
04-Apr-2019 |
Zubin Mithra <zsm@chromium.org> |
ALSA: seq: Fix OOB-reads from strlcpy When ioctl calls are made with non-null-terminated userspace strings, strlcpy causes an OOB-read from within strlen. Fix by changing to use strscpy instead. Signed-off-by: Zubin Mithra <zsm@chromium.org> Reviewed-by: Guenter Roeck <groeck@chromium.org> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
96d4f267 |
|
03-Jan-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Remove 'type' argument from access_ok() function Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
04702e8d |
|
01-Aug-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Use no intrruptible mutex_lock All usages of mutex in ALSA sequencer core would take too long, hence we don't have to care about the user interruption that makes things complicated. Let's replace them with simpler mutex_lock(). Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
00976ad5 |
|
01-Aug-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix leftovers at probe error path The sequencer core module doesn't call some destructors in the error path of the init code, which may leave some resources. This patch mainly fix these leaks by calling the destructors appropriately at alsa_seq_init(). Also the patch brings a few cleanups along with it, namely: - Expand the old "if ((err = xxx) < 0)" coding style - Get rid of empty seq_queue_init() and its caller - Change snd_seq_info_done() to void Last but not least, a couple of functions lose __exit annotation since they are called also in alsa_seq_init(). No functional changes but minor code cleanups. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
a49a71f6 |
|
25-Jul-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix poll() error return The sanity checks in ALSA sequencer and OSS sequencer emulation codes return falsely -ENXIO from poll callback. They should be EPOLLERR instead. This was caught thanks to the recent change to the return value. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
c9a4c638 |
|
25-Jun-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl The kernel may spew a WARNING with UBSAN undefined behavior at handling ALSA sequencer ioctl SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT: UBSAN: Undefined behaviour in sound/core/seq/seq_clientmgr.c:2007:14 signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x122/0x1c8 lib/dump_stack.c:113 ubsan_epilogue+0x12/0x86 lib/ubsan.c:159 handle_overflow+0x1c2/0x21f lib/ubsan.c:190 __ubsan_handle_add_overflow+0x2a/0x31 lib/ubsan.c:198 snd_seq_ioctl_query_next_client+0x1ac/0x1d0 sound/core/seq/seq_clientmgr.c:2007 snd_seq_ioctl+0x264/0x3d0 sound/core/seq/seq_clientmgr.c:2144 .... It happens only when INT_MAX is passed there, as we're incrementing it unconditionally. So the fix is trivial, check the value with INT_MAX. Although the bug itself is fairly harmless, it's better to fix it so that fuzzers won't hit this again later. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200211 Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
a2ff19f7 |
|
09-Mar-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Clear client entry before deleting else at closing When releasing a client, we need to clear the clienttab[] entry at first, then call snd_seq_queue_client_leave(). Otherwise, the in-flight cell in the queue might be picked up by the timer interrupt via snd_seq_check_queue() before calling snd_seq_queue_client_leave(), and it's delivered to another queue while the client is clearing queues. This may eventually result in an uncleared cell remaining in a queue, and the later snd_seq_pool_delete() may need to wait for a long time until the event gets really processed. By moving the clienttab[] clearance at the beginning of release, any event delivery of a cell belonging to this client will fail at a later point, since snd_seq_client_ptr() returns NULL. Thus the cell that was picked up by the timer interrupt will be returned immediately without further delivery, and the long stall of snd_seq_delete_pool() can be avoided, too. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
85d59b57 |
|
07-Mar-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Remove superfluous snd_seq_queue_client_leave_cells() call With the previous two fixes for the write / ioctl races: ALSA: seq: Don't allow resizing pool in use ALSA: seq: More protection for concurrent write and ioctl races the cells aren't any longer in queues at the point calling snd_seq_pool_done() in snd_seq_ioctl_set_client_pool(). Hence the function call snd_seq_queue_client_leave_cells() can be dropped safely from there. Suggested-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7bd80091 |
|
05-Mar-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: More protection for concurrent write and ioctl races This patch is an attempt for further hardening against races between the concurrent write and ioctls. The previous fix d15d662e89fc ("ALSA: seq: Fix racy pool initializations") covered the race of the pool initialization at writer and the pool resize ioctl by the client->ioctl_mutex (CVE-2018-1000004). However, basically this mutex should be applied more widely to the whole write operation for avoiding the unexpected pool operations by another thread. The only change outside snd_seq_write() is the additional mutex argument to helper functions, so that we can unlock / relock the given mutex temporarily during schedule() call for blocking write. Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations") Reported-by: 范龙飞 <long7573@126.com> Reported-by: Nicolai Stange <nstange@suse.de> Reviewed-and-tested-by: Nicolai Stange <nstange@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d8573936 |
|
05-Mar-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Don't allow resizing pool in use This is a fix for a (sort of) fallout in the recent commit d15d662e89fc ("ALSA: seq: Fix racy pool initializations") for CVE-2018-1000004. As the pool resize deletes the existing cells, it may lead to a race when another thread is writing concurrently, eventually resulting a UAF. A simple workaround is not to allow the pool resizing when the pool is in use. It's an invalid behavior in anyway. Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations") Reported-by: 范龙飞 <long7573@126.com> Reported-by: Nicolai Stange <nstange@suse.de> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d15d662e |
|
12-Feb-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix racy pool initializations ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. Meanwhile user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound accesses since the function tries to vmalloc / vfree the buffer. A simple fix is to just wrap the snd_seq_pool_init() call with the recently introduced client->ioctl_mutex; as the calls for snd_seq_pool_init() from other side are always protected with this mutex, we can avoid the race. Reported-by: 范龙飞 <long7573@126.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
a9a08845 |
|
11-Feb-2018 |
Linus Torvalds <torvalds@linux-foundation.org> |
vfs: do bulk POLL* -> EPOLL* replacement This is the mindless scripted replacement of kernel use of POLL* variables as described by Al, done by this script: for V in IN OUT PRI ERR RDNORM RDBAND WRNORM WRBAND HUP RDHUP NVAL MSG; do L=`git grep -l -w POLL$V | grep -v '^t' | grep -v /um/ | grep -v '^sa' | grep -v '/poll.h$'|grep -v '^D'` for f in $L; do sed -i "-es/^\([^\"]*\)\(\<POLL$V\>\)/\\1E\\2/" $f; done done with de-mangling cleanups yet to come. NOTE! On almost all architectures, the EPOLL* constants have the same values as the POLL* constants do. But they keyword here is "almost". For various bad reasons they aren't the same, and epoll() doesn't actually work quite correctly in some cases due to this on Sparc et al. The next patch from Al will sort out the final differences, and we should be all done. Scripted-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
b3defb79 |
|
09-Jan-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Make ioctls race-free The ALSA sequencer ioctls have no protection against racy calls while the concurrent operations may lead to interfere with each other. As reported recently, for example, the concurrent calls of setting client pool with a combination of write calls may lead to either the unkillable dead-lock or UAF. As a slightly big hammer solution, this patch introduces the mutex to make each ioctl exclusive. Although this may reduce performance via parallel ioctl calls, usually it's not demanded for sequencer usages, hence it should be negligible. Reported-by: Luo Quan <a4651386@163.com> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
680ef72a |
|
02-Jul-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
sound: annotate ->poll() instances Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
1f20f9ff |
|
29-Oct-2017 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix nested rwsem annotation for lockdep splat syzkaller reported the lockdep splat due to the possible deadlock of grp->list_mutex of each sequencer client object. Actually this is rather a false-positive report due to the missing nested lock annotations. The sequencer client may deliver the event directly to another client which takes another own lock. For addressing this issue, this patch replaces the simple down_read() with down_read_nested(). As a lock subclass, the already existing "hop" can be re-used, which indicates the depth of the call. Reference: http://lkml.kernel.org/r/089e082686ac9b482e055c832617@google.com Reported-by: syzbot <bot+7feb8de6b4d6bf810cf098bef942cc387e79d0ad@syzkaller.appspotmail.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
71105998 |
|
09-Oct-2017 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix use-after-free at creating a port There is a potential race window opened at creating and deleting a port via ioctl, as spotted by fuzzing. snd_seq_create_port() creates a port object and returns its pointer, but it doesn't take the refcount, thus it can be deleted immediately by another thread. Meanwhile, snd_seq_ioctl_create_port() still calls the function snd_seq_system_client_ev_port_start() with the created port object that is being deleted, and this triggers use-after-free like: BUG: KASAN: use-after-free in snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] at addr ffff8801f2241cb1 ============================================================================= BUG kmalloc-512 (Tainted: G B ): kasan: bad access detected ----------------------------------------------------------------------------- INFO: Allocated in snd_seq_create_port+0x94/0x9b0 [snd_seq] age=1 cpu=3 pid=4511 ___slab_alloc+0x425/0x460 __slab_alloc+0x20/0x40 kmem_cache_alloc_trace+0x150/0x190 snd_seq_create_port+0x94/0x9b0 [snd_seq] snd_seq_ioctl_create_port+0xd1/0x630 [snd_seq] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] snd_seq_ioctl+0x40/0x80 [snd_seq] do_vfs_ioctl+0x54b/0xda0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x16/0x75 INFO: Freed in port_delete+0x136/0x1a0 [snd_seq] age=1 cpu=2 pid=4717 __slab_free+0x204/0x310 kfree+0x15f/0x180 port_delete+0x136/0x1a0 [snd_seq] snd_seq_delete_port+0x235/0x350 [snd_seq] snd_seq_ioctl_delete_port+0xc8/0x180 [snd_seq] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] snd_seq_ioctl+0x40/0x80 [snd_seq] do_vfs_ioctl+0x54b/0xda0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x16/0x75 Call Trace: [<ffffffff81b03781>] dump_stack+0x63/0x82 [<ffffffff81531b3b>] print_trailer+0xfb/0x160 [<ffffffff81536db4>] object_err+0x34/0x40 [<ffffffff815392d3>] kasan_report.part.2+0x223/0x520 [<ffffffffa07aadf4>] ? snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] [<ffffffff815395fe>] __asan_report_load1_noabort+0x2e/0x30 [<ffffffffa07aadf4>] snd_seq_ioctl_create_port+0x504/0x630 [snd_seq] [<ffffffffa07aa8f0>] ? snd_seq_ioctl_delete_port+0x180/0x180 [snd_seq] [<ffffffff8136be50>] ? taskstats_exit+0xbc0/0xbc0 [<ffffffffa07abc5c>] snd_seq_do_ioctl+0x11c/0x190 [snd_seq] [<ffffffffa07abd10>] snd_seq_ioctl+0x40/0x80 [snd_seq] [<ffffffff8136d433>] ? acct_account_cputime+0x63/0x80 [<ffffffff815b515b>] do_vfs_ioctl+0x54b/0xda0 ..... We may fix this in a few different ways, and in this patch, it's fixed simply by taking the refcount properly at snd_seq_create_port() and letting the caller unref the object after use. Also, there is another potential use-after-free by sprintf() call in snd_seq_create_port(), and this is moved inside the lock. This fix covers CVE-2017-15265. Reported-and-tested-by: Michael23 Yu <ycqzsy@gmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
19b592da |
|
09-Oct-2017 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Add sanity check for user-space pointer delivery The sequencer event may contain a user-space pointer with its SNDRV_SEQ_EXT_USRPTR bit, and we assure that its delivery is limited with non-atomic mode. Otherwise the copy_from_user() may hit the fault and cause a problem. Although the core code doesn't set such a flag (only set at snd_seq_write()), any wild driver may set it mistakenly and lead to an unexpected crash. This patch adds a sanity check of such events at the delivery core code to filter out the invalid invocation in the atomic mode. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7e1d90f6 |
|
14-Aug-2017 |
Daniel Mentz <danielmentz@google.com> |
ALSA: seq: 2nd attempt at fixing race creating a queue commit 4842e98f26dd80be3623c4714a244ba52ea096a8 ("ALSA: seq: Fix race at creating a queue") attempted to fix a race reported by syzkaller. That fix has been described as follows: " When a sequencer queue is created in snd_seq_queue_alloc(),it adds the new queue element to the public list before referencing it. Thus the queue might be deleted before the call of snd_seq_queue_use(), and it results in the use-after-free error, as spotted by syzkaller. The fix is to reference the queue object at the right time. " Even with that fix in place, syzkaller reported a use-after-free error. It specifically pointed to the last instruction "return q->queue" in snd_seq_queue_alloc(). The pointer q is being used after kfree() has been called on it. It turned out that there is still a small window where a race can happen. The window opens at snd_seq_ioctl_create_queue()->snd_seq_queue_alloc()->queue_list_add() and closes at snd_seq_ioctl_create_queue()->queueptr()->snd_use_lock_use(). Between these two calls, a different thread could delete the queue and possibly re-create a different queue in the same location in queue_list. This change prevents this situation by calling snd_use_lock_use() from snd_seq_queue_alloc() prior to calling queue_list_add(). It is then the caller's responsibility to call snd_use_lock_free(&q->use_lock). Fixes: 4842e98f26dd ("ALSA: seq: Fix race at creating a queue") Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Daniel Mentz <danielmentz@google.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
9c8ddd10 |
|
16-Jun-2017 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Follow standard EXPORT_SYMBOL() declarations Just a tidy up to follow the standard EXPORT_SYMBOL*() declarations in order to improve grep-ability. - Move EXPORT_SYMBOL*() to the position right after its definition - Remove superfluous blank line before EXPORT_SYMBOL*() lines Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
c520ff3d |
|
21-Mar-2017 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done() When snd_seq_pool_done() is called, it marks the closing flag to refuse the further cell insertions. But snd_seq_pool_done() itself doesn't clear the cells but just waits until all cells are cleared by the caller side. That is, it's racy, and this leads to the endless stall as syzkaller spotted. This patch addresses the racy by splitting the setup of pool->closing flag out of snd_seq_pool_done(), and calling it properly before snd_seq_pool_done(). BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
69b05825 |
|
13-Sep-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: fix to copy from/to user space When checking value of request for copy operation, current implementation compares shifted value to macros, while these macros are already shifted. As a result, it never performs to copy from/to user space. This commit fixes the bug. Fixes: 8ce8eb601c71('ALSA: seq: add an alternative way to handle ioctl requests' Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
4127e80a |
|
31-Aug-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: initialize whole fields of automatic variable with union type Currently, automatic variable of 'union ioctl_arg' type is initialized by designated initialization. Although, the actual effect is interpretation of early element of int type and initialization of 'int pversion'. Therefore the first field corresponding to int type is initialized to zero. This is against my expectation to initialize whole fields. This commit uses memset() to initialize the variable, instead of designated initialization. Fixes: 04a56dd8ed0d ('ALSA: seq: change ioctl command operation to get data in kernel space') Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
e12ec251 |
|
12-Aug-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: obsolete change of address limit Former commits change existent functions so that they don't handle data in kernel space. Copying from/to userspace is done outside of the functions, thus no need to change address limit of running task. This commit obsoletes get_fs()/set_fs() and applies corresponding changes. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
04a56dd8 |
|
12-Aug-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: change ioctl command operation to get data in kernel space In previous commit, a new table for functions with data in kernel space is added to replace current table. This commit changes existent functions to fit the table. These functions are added to the new table and removed from the old table. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
8ce8eb60 |
|
12-Aug-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: add an alternative way to handle ioctl requests ALSA sequencer is designed with two types of clients; application and kernel. Operations for each ioctl command should handle data in both of user space and kernel space, while current implementation just allows them to handle data in user space. Data in kernel space is handled with change of address limit of running tasks. This commit adds a new table to map ioctl commands to corresponding functions. The functions get data in kernel space. Helper functions to operate kernel and application clients seek entries from the table. Especially, the helper function for application is responsible for coping from user space to kernel space or vise versa. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
77dfa8d3 |
|
12-Aug-2016 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: add documentation for snd_seq_kernel_client_ctl This kernel API is used by kernel implementation. Currently, it's used for kernel clients of ALSA sequencer, while it can be used for application clients. The difference is just on address spaces of argument. In short, this kernel API can be available for application client with data in kernel space. This commit adds a document about this. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
a1ce94d0 |
|
02-Mar-2016 |
Martin Koegler <martin.koegler@chello.at> |
ALSA: seq: Provide card number / PID via sequencer client info rawmidi devices expose the card number via IOCTLs, which allows to find the corresponding device in sysfs. The sequencer provides no identifing data. Chromium works around this issue by scanning rawmidi as well as sequencer devices and matching them by using assumtions, how the kernel register sequencer devices. This changes adds support for exposing the card number for kernel clients as well as the PID for user client. The minor of the API version is changed to distinguish between the zero initialised reserved field and card number 0. [minor coding style fixes by tiwai] Signed-off-by: Martin Koegler <martin.koegler@chello.at> Acked-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7f0973e9 |
|
03-Feb-2016 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix lockdep warnings due to double mutex locks The port subscription code uses double mutex locks for source and destination ports, and this may become racy once when wrongly set up. It leads to lockdep warning splat, typically triggered by fuzzer like syzkaller, although the actual deadlock hasn't been seen, so far. This patch simplifies the handling by reducing to two single locks, so that no lockdep warning will be trigger any longer. By splitting to two actions, a still-in-progress element shall be added in one list while handling another. For ignoring this element, a new check is added in deliver_to_subscribers(). Along with it, the code to add/remove the subscribers list element was cleaned up and refactored. BugLink: http://lkml.kernel.org/r/CACT4Y+aKQXV7xkBW9hpQbzaDO7LrUvohxWh-UwMxXjDy-yBD=A@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
030e2c78 |
|
11-Jan-2016 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Fix missing NULL check at remove_events ioctl snd_seq_ioctl_remove_events() calls snd_seq_fifo_clear() unconditionally even if there is no FIFO assigned, and this leads to an Oops due to NULL dereference. The fix is just to add a proper NULL check. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
cd6a6503 |
|
27-May-2015 |
Jie Yang <yang.jie@intel.com> |
ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS We may disable proc fs only for sound part, to reduce ALSA memory footprint. So add CONFIG_SND_PROC_FS and replace the old CONFIG_PROC_FSs in alsa code. With sound proc fs disabled, we can save about 9KB memory size on X86_64 platform. Signed-off-by: Jie Yang <yang.jie@intel.com> Reviewed-by: Mark Brown <broonie@kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
3e21a19d |
|
10-Apr-2015 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: seq: fill client ID in return value of pool operation The returned value of 'get/seq client pool' operation has zeroed value for its client ID, against requested client ID. This commit fix the bug by filling it with index value of referred client object. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
40a4b263 |
|
30-Jan-2015 |
Takashi Iwai <tiwai@suse.de> |
ALSA: Simplify snd_device_register() variants Now that all callers have been replaced with snd_device_register_for_dev(), let's drop the obsolete device registration code and concentrate only on the code handling struct device directly. That said, - remove the old snd_device_register(), - rename snd_device_register_for_dev() with snd_device_register(), - drop superfluous arguments from snd_device_register(), - change snd_unregister_device() to pass the device pointer directly Reviewed-by: Jaroslav Kysela <perex@perex.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
5205388d |
|
30-Jan-2015 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Handle the device directly Like the previous change for the timer device, this patch changes the device management for the ALSA sequencer device using the struct device directly. Reviewed-by: Jaroslav Kysela <perex@perex.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
a55bdf1e |
|
25-Jan-2015 |
Clemens Ladisch <clemens@ladisch.de> |
ALSA: seq: remove unused callback_all field Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
467be357 |
|
25-Jan-2015 |
Clemens Ladisch <clemens@ladisch.de> |
ALSA: seq: correctly report maximum number of ports Due to SNDRV_SEQ_ADDRESS_BROADCAST, not all 256 port number values can be used. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
27423257 |
|
04-Jun-2014 |
Adam Goode <agoode@google.com> |
ALSA: seq: Continue broadcasting events to ports if one of them fails Sometimes PORT_EXIT messages are lost when a process is exiting. This happens if you subscribe to the announce port with client A, then subscribe to the announce port with client B, then kill client A. Client B will not see the PORT_EXIT message because client A's port is closing and is earlier in the announce port subscription list. The for each loop will try to send the announcement to client A and fail, then will stop trying to broadcast to other ports. Killing B works fine since the announcement will already have gone to A. The CLIENT_EXIT message does not get lost. How to reproduce problem: *** termA $ aseqdump -p 0:1 0:1 Port subscribed 0:1 -> 128:0 *** termB $ aseqdump -p 0:1 *** termA 0:1 Client start client 129 0:1 Port start 129:0 0:1 Port subscribed 0:1 -> 129:0 *** termB 0:1 Port subscribed 0:1 -> 129:0 *** termA ^C *** termB 0:1 Client exit client 128 <--- expected Port exit as well (before client exit) Signed-off-by: Adam Goode <agoode@google.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
04cc79a0 |
|
04-Feb-2014 |
Takashi Iwai <tiwai@suse.de> |
ALSA: seq: Use standard printk helpers Use the standard pr_xxx() helpers instead of home-baked snd_print*(). Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d81a6d71 |
|
22-Sep-2011 |
Paul Gortmaker <paul.gortmaker@windriver.com> |
sound: Add export.h for THIS_MODULE/EXPORT_SYMBOL where needed These aren't modules, but they do make use of these macros, so they will need export.h to get that definition. Previously, they got it via the implicit module.h inclusion. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
|
#
fea952e5 |
|
14-Feb-2011 |
Clemens Ladisch <clemens@ladisch.de> |
ALSA: core: sparse cleanups Change the core code where sparse complains. In most cases, this means just adding annotations to confirm that we indeed want to do the dirty things we're doing. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
02f4865f |
|
13-Apr-2010 |
Takashi Iwai <tiwai@suse.de> |
ALSA: core - Define llseek fops Set no_llseek to llseek file ops of each sound component (but for hwdep). This avoids the implicit BKL invocation via generic_file_llseek() used as default when fops.llseek is NULL. Also call nonseekable_open() at each open ops to ensure the file flags have no seek bit. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
c85a4004 |
|
01-Feb-2010 |
Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> |
ALSA: trivial: sound seq ioctl dbg: print hexadecimal value padded with 0s Instead of padding with blanks and printing "number=0x a", print "number=0x0a". Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@holoscopio.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7eaa943c |
|
08-Aug-2008 |
Takashi Iwai <tiwai@suse.de> |
ALSA: Kill snd_assert() in sound/core/* Kill snd_assert() in sound/core/*, either removed or replaced with if () with snd_BUG_ON(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
ee2da997 |
|
09-Jul-2008 |
Johannes Berg <johannes@sipsolutions.net> |
ALSA: remove CONFIG_KMOD from sound A bunch of things in alsa depend on CONFIG_KMOD, use CONFIG_MODULES instead where the dependency is needed at all. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
0d63e4f9 |
|
14-Feb-2008 |
Jan Blunck <jblunck@suse.de> |
Dont touch fs_struct in drivers The sound drivers and the pnpbios core test for current->root != NULL. This test seems to be unnecessary since we always have rootfs mounted before initializing the drivers. Signed-off-by: Jan Blunck <jblunck@suse.de> Acked-by: Christoph Hellwig <hch@lst.de> Cc: Bjorn Helgaas <bjorn.helgaas@hp.com> Cc: Jaroslav Kysela <perex@suse.cz> Acked-by: Takashi Iwai <tiwai@suse.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
9004acc7 |
|
08-Jan-2008 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove sound/driver.h This header file exists only for some hacks to adapt alsa-driver tree. It's useless for building in the kernel. Let's move a few lines in it to sound/core.h and remove it. With this patch, sound/driver.h isn't removed but has just a single compile warning to include it. This should be really killed in future. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
3b378e1f |
|
13-Dec-2007 |
Marcin Ślusarz <marcin.slusarz@gmail.com> |
[ALSA] sound/core/seq: move declarations of globally visible variables to proper headers sound/core/seq: move declarations of globally visible variables to proper headers Signed-off-by: Marcin Ślusarz <marcin.slusarz@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
e5723b41 |
|
29-Oct-2007 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove sequencer instrument layer Remove sequencer instrument layer from the tree. This mechanism hasn't been used much with the actual devices. The only reasonable user was OPL3 loader, and now it was rewritten to use hwdep instead. So, let's remove the rest of rotten codes. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
c1017a4c |
|
15-Oct-2007 |
Jaroslav Kysela <perex@perex.cz> |
[ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.cz Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
e63340ae |
|
08-May-2007 |
Randy Dunlap <randy.dunlap@oracle.com> |
header cleaning: don't include smp_lock.h when not used Remove includes of <linux/smp_lock.h> where it is not used/needed. Suggested by Al Viro. Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc, sparc64, and arm (all 59 defconfigs). Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
9c2e08c5 |
|
12-Feb-2007 |
Arjan van de Ven <arjan@linux.intel.com> |
[PATCH] mark struct file_operations const 9 Many struct file_operations in the kernel can be "const". Marking them const moves these to the .rodata section, which avoids false sharing with potential dirty data. In addition it'll catch accidental writes at compile time to these shared resources. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
9244b2c3 |
|
05-Oct-2006 |
Johannes Berg <johannes@sipsolutions.net> |
[ALSA] alsa core: convert to list_for_each_entry* This patch converts most uses of list_for_each to list_for_each_entry all across alsa. In some place apparently an item can be on a list with different pointers so of course that isn't compatible with list_for_each, I therefore didn't touch those places. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
#
91715ed9 |
|
28-Apr-2006 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Clean up EXPORT_SYMBOL()s in snd-seq module Move EXPORT_SYMBOL()s to places adjacent to functions/variables. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
e64d2e36 |
|
17-Mar-2006 |
Eugene Teo <eugene.teo@eugeneteo.net> |
[ALSA] Fix seq_clientmgr dereferences before NULL check Modules: ALSA sequencer cptr->pool must be non-NULL there, so just the if (cptr->pool) is superfluous. Thanks Takashi. Signed-off-by: Eugene Teo <eugene.teo@eugeneteo.net> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
1a60d4c5 |
|
16-Jan-2006 |
Ingo Molnar <mingo@elte.hu> |
[ALSA] semaphore -> mutex (core part) Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
aa1e77e6 |
|
12-Dec-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] seq: reorganize sequencer client numbers Modules: ALSA sequencer Reduce the maximum possible number of global clients to 16 to make more numbers available for card clients, and allow dynamically allocated card client numbers to share the same range as application client numbers to make sure that all 32 cards can be used at the same time. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
7b6d9245 |
|
12-Dec-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] seq: set client name in snd_seq_create_kernel_client() All users of snd_seq_create_kernel_client() have to set the client name anyway, so we can just pass the name as parameter. This relieves us from having to muck around with a struct snd_seq_client_info in these cases. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
83e8ad69 |
|
12-Dec-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] seq: remove struct snd_seq_client_callback The fields of struct snd_seq_client_callback either aren't used or are always set to the same value, so we can get rid of it altogether. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
255bd169 |
|
12-Dec-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] seq: remove superfluous fields Modules: ALSA sequencer None of the fields of struct snd_seq_kernel_client was actually used, so remove them. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
04f141a8 |
|
01-Dec-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Optimize for config without PROC_FS (seq and oss parts) Modules: ALSA<-OSS emulation,ALSA sequencer,ALSA<-OSS sequencer Optimize the code when compiled without CONFIG_PROC_FS (in seq and oss emulation parts). Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
d001544d |
|
20-Nov-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] dynamic minors (6/6): increase maximum number of sound cards Modules: ALSA Core,Memalloc module,ALSA sequencer With dynamic minor numbers, we can increase the number of sound cards. This requires that the sequencer client numbers of some kernel drivers are allocated dynamically, too. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
204bdb1b |
|
20-Nov-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] dynamic minors (5/6): reduce maximum number of MIDI devices per card Modules: ALSA sequencer,Generic drivers To allow increasing the maximum number of sound cards, we have to limit the number of sequencer clients per card because client numbers are still allocated statically. Reducing the number of clients to four limits the number of sequencer MIDI ports to 1024 per card. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
f87135f5 |
|
20-Nov-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] dynamic minors (3/6): store device-specific object pointers dynamically Instead of storing the pointers to the device-specific structures in an array, put them into the struct snd_minor, and look them up dynamically. This makes the device type modules independent of the minor number encoding. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
2af677fc |
|
20-Nov-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] dynamic minors (1/6): store device type in struct snd_minor Instead of a comment string, store the device type in the snd_minor structure. This makes snd_minor more flexible, and has the nice side effect that we don't need anymore to create a separate snd_minor template for registering a device but can pass the file_operations directly to snd_register_device(). Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
c7e0b5bf |
|
17-Nov-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove xxx_t typedefs: Sequencer Modules: ALSA sequencer Remove xxx_t typedefs from the core sequencer codes. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ecca82b4 |
|
09-Sep-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Replace with kzalloc() - seq stuff ALSA sequencer,Instrument layer,ALSA<-OSS sequencer Replace kcalloc(1,..) with kzalloc(). Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
4d23359b |
|
05-Sep-2005 |
Clemens Ladisch <clemens@ladisch.de> |
[ALSA] sparse address space annotations ALSA Core,RawMidi Midlevel,ALSA<-OSS emulation,ALSA sequencer RME32 driver,RME96 driver,EMU10K1/EMU10K2 driver,NM256 driver Add sparse annotations where we do strange this with __iomem/__user pointers. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
|
#
1da177e4 |
|
16-Apr-2005 |
Linus Torvalds <torvalds@ppc970.osdl.org> |
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
|