Commit Graph

27926 Commits

Author SHA1 Message Date
Meng Xu e1af344df4 ALSA: asihpi: fix a potential double-fetch bug when copying puhm
The hm->h.size is intended to hold the actual size of the hm struct
that is copied from userspace and should always be <= sizeof(*hm).

However, after copy_from_user(hm, puhm, hm->h.size), since userspace
process has full control over the memory region pointed by puhm, it is
possible that the value of hm->h.size is different from what is fetched-in
previously (get_user(hm->h.size, (u16 __user *)puhm)). In other words,
hm->h.size is overriden and the relation between hm->h.size and the hm
struct is broken.

This patch proposes to use a seperate variable, msg_size, to hold
the value of the first fetch and override hm->h.size to msg_size
after the second fetch to maintain the relation.

Signed-off-by: Meng Xu <mengxu.gatech@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-19 22:03:59 +02:00
Guneshwor Singh a931b9ce93 ALSA: compress: Remove unused variable
Commit 04c5d5a430 ("ALSA: compress: Embed struct device") removed
the statement that used 'str' but didn't remove the variable itself.
So remove it.

[Adding stable to Cc since pr_debug() may refer to the uninitialized
 buffer -- tiwai]

Fixes: 04c5d5a430 ("ALSA: compress: Embed struct device")
Signed-off-by: Guneshwor Singh <guneshwor.o.singh@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-18 15:45:01 +02:00
Takashi Iwai fc27fe7e8d ALSA: seq: Cancel pending autoload work at unbinding device
ALSA sequencer core has a mechanism to load the enumerated devices
automatically, and it's performed in an off-load work.  This seems
causing some race when a sequencer is removed while the pending
autoload work is running.  As syzkaller spotted, it may lead to some
use-after-free:
  BUG: KASAN: use-after-free in snd_rawmidi_dev_seq_free+0x69/0x70
  sound/core/rawmidi.c:1617
  Write of size 8 at addr ffff88006c611d90 by task kworker/2:1/567

  CPU: 2 PID: 567 Comm: kworker/2:1 Not tainted 4.13.0+ #29
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
  Workqueue: events autoload_drivers
  Call Trace:
   __dump_stack lib/dump_stack.c:16 [inline]
   dump_stack+0x192/0x22c lib/dump_stack.c:52
   print_address_description+0x78/0x280 mm/kasan/report.c:252
   kasan_report_error mm/kasan/report.c:351 [inline]
   kasan_report+0x230/0x340 mm/kasan/report.c:409
   __asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435
   snd_rawmidi_dev_seq_free+0x69/0x70 sound/core/rawmidi.c:1617
   snd_seq_dev_release+0x4f/0x70 sound/core/seq_device.c:192
   device_release+0x13f/0x210 drivers/base/core.c:814
   kobject_cleanup lib/kobject.c:648 [inline]
   kobject_release lib/kobject.c:677 [inline]
   kref_put include/linux/kref.h:70 [inline]
   kobject_put+0x145/0x240 lib/kobject.c:694
   put_device+0x25/0x30 drivers/base/core.c:1799
   klist_devices_put+0x36/0x40 drivers/base/bus.c:827
   klist_next+0x264/0x4a0 lib/klist.c:403
   next_device drivers/base/bus.c:270 [inline]
   bus_for_each_dev+0x17e/0x210 drivers/base/bus.c:312
   autoload_drivers+0x3b/0x50 sound/core/seq_device.c:117
   process_one_work+0x9fb/0x1570 kernel/workqueue.c:2097
   worker_thread+0x1e4/0x1350 kernel/workqueue.c:2231
   kthread+0x324/0x3f0 kernel/kthread.c:231
   ret_from_fork+0x25/0x30 arch/x86/entry/entry_64.S:425

The fix is simply to assure canceling the autoload work at removing
the device.

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-12 12:41:20 +02:00
Markus Elfring f16e666b9b ALSA: firewire: Use common error handling code in snd_motu_stream_start_duplex()
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-12 09:23:26 +02:00
Takashi Iwai 2a0d85d9ad ALSA: asihpi: Kill BUG_ON() usages
BUG_ON() is the worst choice for a trivial sanity check.
Either it should be removed or replaced with a softer one like
WARN_ON() if still really needed.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:52:37 +02:00
Helge Deller c844558945 ALSA: core: Use %pS printk format for direct addresses
The debug functions uses wrongly the %pF instead of the %pS printk format
specifier for printing symbols for the address returned by
_builtin_return_address(0). Fix it for the ia64, ppc64 and parisc64
architectures.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:36:02 +02:00
Markus Elfring ba2186e40c ALSA: ymfpci: Use common error handling code in snd_ymfpci_create()
* Add a jump target so that a bit of exception handling can be better
  reused at the end of this function.

  This issue was detected by using the Coccinelle software.

* The script "checkpatch.pl" pointed information out like the following.

  ERROR: do not use assignment in if condition

  Thus fix a few source code places.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:33:28 +02:00
Markus Elfring 1f5ca8ec58 ALSA: ymfpci: Use common error handling code in snd_card_ymfpci_probe()
* Add a jump target so that a bit of exception handling can be better
  reused at the end of this function.

  This issue was detected by using the Coccinelle software.

* The script "checkpatch.pl" pointed information out like the following.

  ERROR: do not use assignment in if condition

  Thus fix a few source code places.

[ This also fixed a potential use-after-free at error path of
  snd_opl3_hwdep_new(), too -- tiwai ]

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:32:30 +02:00
Markus Elfring f804fff136 ALSA: 6fire: Use common error handling code in usb6fire_chip_probe()
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:29:35 +02:00
Markus Elfring d2d9770879 ALSA: usx2y: Use common error handling code in submit_urbs()
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:28:30 +02:00
Markus Elfring 80753cdfef ALSA: us122l: Use common error handling code in us122l_create_card()
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:27:42 +02:00
Markus Elfring e35e9ddfab ALSA: hdspm: Use common error handling code in snd_hdspm_probe()
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:26:19 +02:00
Markus Elfring 99dcad3237 ALSA: rme9652: Use common code in hdsp_get_iobox_version()
Add a jump target so that a bit of common code can be better reused
at the end of this function.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:25:29 +02:00
Markus Elfring 468778a09c ALSA: maestro3: Use common error handling code in two functions
Add jump targets so that a bit of exception handling can be better reused
at the end of these functions.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-07 10:23:47 +02:00
Takashi Iwai ee5f38a445 ASoC: Fixes for the CS43130 driver
A couple of warning fixes for the newly added CS43130 driver.
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAlmtesYTHGJyb29uaWVA
 a2VybmVsLm9yZwAKCRAk1otyXVSH0JAOB/9AoBjdVjBNuAm1Wbbx4/HNa+8AbptV
 bEgyg7DAP9Dua0XxZqDikm14LdD1iOUziQRJcMzm0ooqdVgNR3gD3GyMuj5EJhtb
 5ov27XHD5jHkgZaOUtLke2IeK2NuvC0v3ik3iMMcc37Z9p+zTzjemVUpgxYZk6Fe
 jGo/efNFPmHyoD05XIqnRoTeDEQNojRVYKzEcxg2KJhsLi0zCRdxsbWkt+X6fw/Z
 b/UXIfpcRvogc2Qsm+tngmyN+oN05zKItUQKU8WUfexp7gI6BBNfs49un+NDgfp1
 r0YLMWGhKcjwtw3J3Fp1Nq1lfi8Hbl7+EXJCADDlACFA03A1pKeiuX8C
 =4ibF
 -----END PGP SIGNATURE-----

Merge tag 'asoc-v4.14-cs43130' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Fixes for the CS43130 driver

A couple of warning fixes for the newly added CS43130 driver.
2017-09-04 18:13:29 +02:00
Takashi Iwai cc91ceaf3e ALSA: hda/ca0132 - Fix memory leak at error path
The CA0132 codec driver doesn't call the free function at its error
path of the probe, which leaves the allocated memory.  Call
ca0132_free() properly at the error handling.

Fixes: a73d511c48 ("ALSA: hda/ca0132: Add unsol handler for DSP and jack detection")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-04 17:42:27 +02:00
Wang YanQing 284b4c9289 ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe
When hda_codec_driver_probe meet error and return failure, we need
to free resource with patch_ops.free, or we will get resource leak.

Signed-off-by: Wang YanQing <udknight@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-04 17:33:53 +02:00
Takashi Iwai 7051334672 ASoC: cs43130: Fix unused compiler warnings for PM runtime
Add __maybe_unused prefix for addressing the following warnings:
  sound/soc/codecs/cs43130.c:2615:12: warning: ‘cs43130_runtime_resume’ defined but not used [-Wunused-function]
  sound/soc/codecs/cs43130.c:2596:12: warning: ‘cs43130_runtime_suspend’ defined but not used [-Wunused-function]

Fixes: 8f1e5bf9b4 ("ASoC: cs43130: Add support for CS43130 codec")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
2017-09-04 15:45:12 +01:00
Takashi Iwai f31877a16b ASoC: cs43130: Fix possible Oops with invalid dev_id
As compiler spotted out, there is the potential NULL-dereference in
the code when dc-measure OF is given for other than 43130/43131:
  sound/soc/codecs/cs43130.c:2089:18: warning: ‘hpload_seq’ may be used uninitialized in this function [-Wmaybe-uninitialized]

Warn it and return before triggering Oops.

Fixes: 8f1e5bf9b4 ("ASoC: cs43130: Add support for CS43130 codec")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
2017-09-04 15:45:09 +01:00
Takashi Iwai b06898d119 ASoC: Updates for v4.14
This is quite a large release by volume of patches and diff, a lot of
 that is mechanical cleanup patches but it's great to also see a range of
 vendors actively working on adding new features and fixing issues in
 their drivers.  Intel and Realtek have been especially active here.
 
  - Continued work towards moving everything to the component model from
    Morimoto-san.
  - Use of devres for jack detection GPIOs, eliminating some potential
    resource leaks.
  - Jack detection support for Qualcomm MSM8916.
  - Support for Allwinner H3, Cirrus Logic CS43130, Intel Kabylake
    systems with RT5663, Realtek RT274, TI TLV320AIC32x6 and Wolfson
    WM8523.
 -----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAlmtSMgTHGJyb29uaWVA
 a2VybmVsLm9yZwAKCRAk1otyXVSH0CVaCACFfGdNx730HTPAo90sOELYheJPYARN
 +9NDDh4XdDDQDcV81h64U4Osu0ZR1HKzxLLFkurhmvX3efwXwMKVKbKQ2H3XKSg0
 YPrpU/HuNoTsdLlF9X4r3GCBKZqKTsW8kmm2GCDV0LJRR4TTfWyzThYwunraNzfn
 FB6R7h3I6yqmWy9LohNPdysB8LUUM+TSZMeBmaWo9S0TIFusPzWy+7jx5O4lsb6q
 tqdr3LXQzpZslgO0chZJ+ZydBUNc+FmGqf7EkE/DR/CWSJFnan82SAUHt7FcgvLx
 9sxcJniEvUVVlEl1SP6PMVBAnhxKRHXRtTQB3hVubwD/lmgUYoamP7k/
 =oC+M
 -----END PGP SIGNATURE-----

Merge tag 'asoc-v4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus

ASoC: Updates for v4.14

This is quite a large release by volume of patches and diff, a lot of
that is mechanical cleanup patches but it's great to also see a range of
vendors actively working on adding new features and fixing issues in
their drivers.  Intel and Realtek have been especially active here.

 - Continued work towards moving everything to the component model from
   Morimoto-san.
 - Use of devres for jack detection GPIOs, eliminating some potential
   resource leaks.
 - Jack detection support for Qualcomm MSM8916.
 - Support for Allwinner H3, Cirrus Logic CS43130, Intel Kabylake
   systems with RT5663, Realtek RT274, TI TLV320AIC32x6 and Wolfson
   WM8523.
2017-09-04 14:50:49 +02:00
Colin Ian King 83ef26ac13 ASoC: cs43130: fix spelling mistake: "irq_occurrance" -> "irq_occurrence"
Trivial fix to spelling mistake in variable name

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2017-09-04 13:41:11 +01:00
Andy Shevchenko 5f10e84934 ALSA: atmel: convert AC97c driver to GPIO descriptor API
Convert the driver to use GPIO descriptor API.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-04 11:56:48 +02:00
PeiSen Hou b84e843644 ALSA: hda/realtek - Enable jack detection function for Intel ALC700
Intel ALC 700 needs this patch for jack detection function.
Because ALC700's jack detect function defaults is disable.
So alc700 needs pathc to enable jack detection function.

Signed-off-by: PeiSen Hou <pshou@realtek.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-04 11:55:54 +02:00
Takashi Iwai 2a32a4d9c9 Merge branch 'for-next' into for-linus 2017-09-04 10:10:27 +02:00
Wang YanQing 1f7f51a631 ALSA: hda: Fix regression of hdmi eld control created based on invalid pcm
Commit fb087eaaef ("ALSA: hda - hdmi eld control created based on pcm")
forget to filter out invalid pcm numbers, if there is only one invalid pcm
number, then this issue causes we create eld control for invalid pcm silently,
but when there are more than one invalid pcm numbers, then this issue bring
probe error looks like below dmesg:
"
kernel: [    1.647283] snd_hda_intel 0000:00:03.0: bound 0000:00:02.0 (ops 0xc2967540)
kernel: [    1.651192] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [    1.651195] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [    1.651197] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [    1.651199] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [    1.651201] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [    1.651203] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [    1.651676] snd_hda_intel 0000:00:03.0: control 3:0:0:ELD:0 is already present
kernel: [    1.651787] snd_hda_codec_hdmi: probe of hdaudioC0D0 failed with error -16
"

This patch add invalid pcm number filter before calling hdmi_create_eld_ctl.

Fixes: fb087eaaef ("ALSA: hda - hdmi eld control created based on pcm")
Signed-off-by: Wang YanQing <udknight@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-09-03 16:33:42 +02:00
Mark Brown f5fd4a67be Merge remote-tracking branches 'asoc/topic/wm8524', 'asoc/topic/wm8804' and 'asoc/topic/zte' into asoc-next 2017-09-01 12:13:19 +01:00
Mark Brown 6f78e0a1b2 Merge remote-tracking branches 'asoc/topic/twl6040', 'asoc/topic/txx9', 'asoc/topic/utils', 'asoc/topic/ux500' and 'asoc/topic/wm8523' into asoc-next 2017-09-01 12:13:15 +01:00
Mark Brown 644cbda501 Merge remote-tracking branches 'asoc/topic/tas2552', 'asoc/topic/tas5720', 'asoc/topic/tegra', 'asoc/topic/tlv320aic32x4' and 'asoc/topic/tlv320aic3x' into asoc-next 2017-09-01 12:13:10 +01:00
Mark Brown 2e9ac12a00 Merge remote-tracking branches 'asoc/topic/simple', 'asoc/topic/spear', 'asoc/topic/sta32x', 'asoc/topic/stm32' and 'asoc/topic/sunxi' into asoc-next 2017-09-01 12:13:06 +01:00
Mark Brown 55eafeb5cd Merge remote-tracking branches 'asoc/topic/rt5665', 'asoc/topic/rt5670', 'asoc/topic/rt5677' and 'asoc/topic/samsung' into asoc-next 2017-09-01 12:13:03 +01:00
Mark Brown cb2b0d7c6b Merge remote-tracking branches 'asoc/topic/rt5563', 'asoc/topic/rt5616', 'asoc/topic/rt5645', 'asoc/topic/rt5659' and 'asoc/topic/rt5663' into asoc-next 2017-09-01 12:12:58 +01:00
Mark Brown e5fadb7281 Merge remote-tracking branches 'asoc/topic/rk3036', 'asoc/topic/rockchip', 'asoc/topic/rt274' and 'asoc/topic/rt5514' into asoc-next 2017-09-01 12:12:55 +01:00
Mark Brown bf3cc310a2 Merge remote-tracking branches 'asoc/topic/omap', 'asoc/topic/psc-ac97' and 'asoc/topic/pxa' into asoc-next 2017-09-01 12:12:52 +01:00
Mark Brown af4f47717f Merge remote-tracking branches 'asoc/topic/mtk', 'asoc/topic/mxs', 'asoc/topic/nau8825', 'asoc/topic/nuc900' and 'asoc/topic/of-graph' into asoc-next 2017-09-01 12:12:48 +01:00
Mark Brown af796e3b2c Merge remote-tracking branches 'asoc/topic/kirkwood', 'asoc/topic/max9867', 'asoc/topic/max98926' and 'asoc/topic/max98927' into asoc-next 2017-09-01 12:12:44 +01:00
Mark Brown 796ff73a08 Merge remote-tracking branches 'asoc/topic/hisi', 'asoc/topic/img', 'asoc/topic/jack' and 'asoc/topic/jz4740' into asoc-next 2017-09-01 12:12:41 +01:00
Mark Brown 7d630ce4d6 Merge remote-tracking branches 'asoc/topic/dwc', 'asoc/topic/es8316', 'asoc/topic/fsi', 'asoc/topic/fsl' and 'asoc/topic/hdmi' into asoc-next 2017-09-01 12:12:36 +01:00
Mark Brown 3b2d0bb5ef Merge remote-tracking branches 'asoc/topic/cs43130', 'asoc/topic/cs53l30', 'asoc/topic/cygnus' and 'asoc/topic/davinci' into asoc-next 2017-09-01 12:12:32 +01:00
Mark Brown 8f90409f91 Merge remote-tracking branches 'asoc/topic/cs35l33', 'asoc/topic/cs35l34' and 'asoc/topic/cs42l42' into asoc-next 2017-09-01 12:12:29 +01:00
Mark Brown a641ed5e35 Merge remote-tracking branches 'asoc/topic/blackfin', 'asoc/topic/build', 'asoc/topic/cirrus' and 'asoc/topic/compress' into asoc-next 2017-09-01 12:12:26 +01:00
Mark Brown 82af2b7f3d Merge remote-tracking branches 'asoc/topic/adau1977', 'asoc/topic/arizona', 'asoc/topic/atmel', 'asoc/topic/au1x' and 'asoc/topic/bcm' into asoc-next 2017-09-01 12:12:21 +01:00
Mark Brown 94e26c0700 Merge remote-tracking branch 'asoc/topic/rcar' into asoc-next 2017-09-01 12:12:20 +01:00
Mark Brown 460f623a6e Merge remote-tracking branch 'asoc/topic/intel' into asoc-next 2017-09-01 12:12:19 +01:00
Mark Brown 39e0a0ae69 Merge remote-tracking branch 'asoc/topic/core' into asoc-next 2017-09-01 12:12:18 +01:00
Mark Brown 0314f6947c Merge remote-tracking branch 'asoc/topic/const' into asoc-next 2017-09-01 12:12:17 +01:00
Mark Brown 2e70042479 Merge remote-tracking branch 'asoc/topic/component' into asoc-next 2017-09-01 12:12:17 +01:00
Mark Brown ab99d9872e Merge remote-tracking branch 'asoc/topic/msm8916' into asoc-next 2017-09-01 12:12:16 +01:00
Mark Brown a5ef8ca69a Merge remote-tracking branches 'asoc/fix/arizona' and 'asoc/fix/mtk' into asoc-linus 2017-09-01 12:12:13 +01:00
Mark Brown 1a34ec4ab2 Merge remote-tracking branch 'asoc/fix/rcar' into asoc-linus 2017-09-01 12:12:12 +01:00
Mark Brown c8b24e23ad Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus 2017-09-01 12:12:11 +01:00