Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.10.257 2022-08-25T09:38:21+00:00 2022-08-25T09:38:21+00:00 Takashi Iwai tiwai@suse.de 2022-07-28T12:59:45+00:00 urn:sha1:857ccedcf569665809d351241d22247c6c55887f [ Upstream commit 4a971e84a7ae10a38d875cd2d4e487c8d1682ca3 ] For avoiding the potential deadlock via kill_fasync() call, use the new fasync helpers to defer the invocation from the control API. Note that it's merely a workaround. Another note: although we haven't received reports about the deadlock with the control API, the deadlock is still potentially possible, and it's better to align the behavior with other core APIs (PCM and timer); so let's move altogether. Link: https://lore.kernel.org/r/20220728125945.29533-5-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-11-13T10:33:55+00:00 Takashi Sakamoto o-takashi@sakamocchi.jp 2020-11-13T09:20:43+00:00 urn:sha1:95a793c3bc75cf888e0e641d656e7d080f487d8b When processing request to add/replace user-defined element set, check of given element identifier and decision of numeric identifier is done in "__snd_ctl_add_replace()" helper function. When the result of check is wrong, the helper function returns error code. The error code shall be returned to userspace application. Current implementation includes bug to return zero to userspace application regardless of the result. This commit fixes the bug. Cc: <stable@vger.kernel.org> Fixes: e1a7bfe38079 ("ALSA: control: Fix race between adding and removing a user element") Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Link: https://lore.kernel.org/r/20201113092043.16148-1-o-takashi@sakamocchi.jp Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-10-26T14:26:31+00:00 Mauro Carvalho Chehab mchehab+huawei@kernel.org 2020-10-23T16:33:35+00:00 urn:sha1:f7b6603c666798a1f8379e692d11d500885f32d8 Kernel-doc markups should use this format: identifier - description There is a common comment marked, instead, with kernel-doc notation. Some identifiers have different names between their prototypes and the kernel-doc markup. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Acked-by: Mark Brown <broonie@kernel.org> Link: https://lore.kernel.org/r/535182d6f55d7a7de293dda9676df68f5f60afc6.1603469755.git.mchehab+huawei@kernel.org Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-09-22T09:07:10+00:00 Takashi Iwai tiwai@suse.de 2020-09-22T08:49:53+00:00 urn:sha1:6564d0ad67efb2d977e130e7448505ee538af016 The recent change in lockdep for read lock caused the deadlock warnings in ALSA control code which uses the read_lock() for notification and else while write_lock_irqsave() is used for adding and removing the list entry. Although a deadlock would practically never hit in a real usage (the addition and the deletion can't happen with the notification), it's better to fix the read_lock() usage in a semantically correct way. This patch replaces the read_lock() calls with read_lock_irqsave() version for avoiding a reported deadlock. The notification code path takes the irq disablement in anyway, and other code paths are very short execution, hence there shouldn't be any big performance hit by this change. Fixes: e918188611f0 ("locking: More accurate annotations for read_lock()") Reported-by: syzbot+561a74f84100162990b2@syzkaller.appspotmail.com Link: https://lore.kernel.org/r/20200922084953.29018-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-09-21T08:37:07+00:00 Arnd Bergmann arnd@arndb.de 2020-09-18T09:56:19+00:00 urn:sha1:18d122c0287b29e70bc312a994c7ee79738cec77 Using compat_alloc_user_space() tends to add complexity to the ioctl handling, so I am trying to remove it everywhere. The two callers in sound/core can rewritten to just call the same code that operates on a kernel pointer as the native handler. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20200918095642.1446243-1-arnd@arndb.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-01-08T06:20:28+00:00 Dan Carpenter dan.carpenter@oracle.com 2020-01-08T05:37:06+00:00 urn:sha1:3b2549a3740efb8af0150415737067d87e466c5b Smatch complains that "ret" might be uninitialized. Fixes: fbd3eb7f66c5 ("ALSA: control: Add verification for kctl accesses") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Link: https://lore.kernel.org/r/20200108053706.h3hcnvmnf62wkjac@kili.mountain Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-01-04T08:37:59+00:00 Takashi Iwai tiwai@suse.de 2020-01-04T08:35:56+00:00 urn:sha1:fbd3eb7f66c5b4f37a959bc2deaeb1d7b5ddf0d4 The current implementation of ALSA control API fully relies on the callbacks of each driver, and there is no verification of the values passed via API. This patch is an attempt to improve the situation slightly by adding the validation code for the values stored via info and get callbacks. The patch adds a new kconfig, CONFIG_SND_CTL_VALIDATION. It depends on CONFIG_SND_DEBUG and off as default since the validation would require a slight overhead including the additional call of info callback at each get callback invocation. When this config is enabled, the values stored by each info callback invocation are verified, namely: - Whether the info type is valid - Whether the number of enum items is non-zero - Whether the given info count is within the allowed boundary Similarly, the values stored at each get callback are verified as well: - Whether the values are within the given range - Whether the values are aligned with the given step - Whether any further changes are seen in the data array over the given info count The last point helps identifying a possibly invalid data type access, typically a case where the info callback declares the type being SNDRV_CTL_ELEM_TYPE_ENUMERATED while the get/put callbacks store the values in value.integer.value[] array. When a validation fails, the ALSA core logs an error message including the device and the control ID, and the API call also returns an error. So, with the new validation turned on, the driver behavior difference may be visible on user-space, too -- it's intentional, though, so that we can catch an error more clearly. The patch also introduces a new ctl access type, SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK. A driver may pass this flag with other access bits to indicate that the ctl element won't be verified. It's useful when a driver code is specially written to access the data greater than info->count size by some reason. For example, this flag is actually set now in HD-audio HDMI codec driver which needs to clear the data array in the case of the disconnected monitor. Also, the PCM channel-map helper code is slightly modified to avoid the false-positive hit by this validation code, too. Link: https://lore.kernel.org/r/20200104083556.27789-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2020-01-03T08:23:51+00:00 Takashi Iwai tiwai@suse.de 2020-01-03T08:16:20+00:00 urn:sha1:f15ee210cdb87f82147df237d2fcfc4527523d62 Now we may declare const for snd_device_ops definitions, so let's do it for optimization. There should be no functional changes by this patch. Link: https://lore.kernel.org/r/20200103081714.9560-5-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de> 2019-12-24T14:29:12+00:00 Takashi Sakamoto o-takashi@sakamocchi.jp 2019-12-23T09:33:47+00:00 urn:sha1:d61fe22c2ae42d9fd76c34ef4224064cca4b04b0 A design of ALSA control core allows applications to execute three operations for TLV feature; read, write and command. Furthermore, it allows driver developers to process the operations by two ways; allocated array or callback function. In the former, read operation is just allowed, thus developers uses the latter when device driver supports variety of models or the target model is expected to dynamically change information stored in TLV container. The core also allows applications to lock any element so that the other applications can't perform write operation to the element for element value and TLV information. When the element is locked, write and command operation for TLV information are prohibited as well as element value. Any read operation should be allowed in the case. At present, when an element has callback function for TLV information, TLV read operation returns EPERM if the element is locked. On the other hand, the read operation is success when an element has allocated array for TLV information. In both cases, read operation is success for element value expectedly. This commit fixes the bug. This change can be backported to v4.14 kernel or later. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Reviewed-by: Jaroslav Kysela <perex@perex.cz> Link: https://lore.kernel.org/r/20191223093347.15279-1-o-takashi@sakamocchi.jp Signed-off-by: Takashi Iwai <tiwai@suse.de> 2019-12-23T14:57:35+00:00 Takashi Sakamoto o-takashi@sakamocchi.jp 2019-12-23T02:39:20+00:00 urn:sha1:ff16351e3f302a2913bd17da6ed8f195ab2139fd The 'dimen' member of 'struct snd_ctl_elem_info' is designed to deliver information to use an array of value as multi-dimensional values. This feature is used just by echoaudio PCI driver, and fortunately it's not used by the other applications than 'echomixer' in alsa-tools. In a previous commit, usage of 'dimen' member is removed from echoaudio PCI driver. Nowadays no driver/application use the feature. This commit removes the member from structure. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Link: https://lore.kernel.org/r/20191223023921.8151-4-o-takashi@sakamocchi.jp Signed-off-by: Takashi Iwai <tiwai@suse.de>