kernel/linux.git/sound/core/seq/seq_memory.c, branch v6.12.80

ALSA: seq: Improve data consistency at polling

2025-05-29T09:02:27+00:00

[ Upstream commit e3cd33ab17c33bd8f1a9df66ec83a15dd8f7afbb ] snd_seq_poll() calls snd_seq_write_pool_allocated() that reads out a field in client->pool object, while it can be updated concurrently via ioctls, as reported by syzbot. The data race itself is harmless, as it's merely a poll() call, and the state is volatile. OTOH, the read out of poll object info from the caller side is fragile, and we can leave it better in snd_seq_pool_poll_wait() alone. A similar pattern is seen in snd_seq_kernel_client_write_poll(), too, which is called from the OSS sequencer. This patch drops the pool checks from the caller side and add the pool->lock in snd_seq_pool_poll_wait() for better data consistency. Reported-by: syzbot+2d373c9936c00d7e120c@syzkaller.appspotmail.com Closes: https://lore.kernel.org/67c88903.050a0220.15b4b9.0028.GAE@google.com Link: https://patch.msgid.link/20250307084246.29271-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin

ALSA: seq: memory: Use guard() for locking

2024-02-28T14:01:21+00:00

We can simplify the code gracefully with new guard() macro and co for automatic cleanup of locks. Only the code refactoring, and no functional changes. Signed-off-by: Takashi Iwai Link: https://lore.kernel.org/r/20240227085306.9764-14-tiwai@suse.de

ALSA: seq: fix kvmalloc_array() arguments order

2023-12-29T13:13:40+00:00

When compiling with gcc version 14.0.0 20231220 (experimental) and W=1, I've noticed the following warning: sound/core/seq/seq_memory.c: In function 'snd_seq_pool_init': sound/core/seq/seq_memory.c:445:41: warning: 'kvmalloc_array' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Wcalloc-transposed-args] 445 | cellptr = kvmalloc_array(sizeof(struct snd_seq_event_cell), pool->size, | ^~~~~~ Since 'n' and 'size' arguments of 'kvmalloc_array()' are multiplied to calculate the final size, their actual order doesn't affect the result and so this is not a bug. But it's still worth to fix it. Signed-off-by: Dmitry Antipov Link: https://lore.kernel.org/r/20231221091605.14660-1-dmantipov@yandex.ru Signed-off-by: Takashi Iwai

ALSA: seq: Fix snd_seq_expand_var_event() call to user-space

2023-09-05T08:13:46+00:00

The recent fix to clear the padding bytes at snd_seq_expand_var_event() broke the read to user-space with in_kernel=0 parameter. For user-space address, it has to use clear_user() instead of memset(). Fixes: f80e6d60d677 ("ALSA: seq: Clear padded bytes at expanding events") Reported-and-tested-by: Ash Holland Closes: https://lore.kernel.org/r/8a555319-9f31-4ea2-878f-adc338bc40d4@sorrel.sh Link: https://lore.kernel.org/r/20230905052631.18240-1-tiwai@suse.de Link: https://lore.kernel.org/r/20230905081210.6731-1-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: Add UMP support

2023-05-23T10:11:21+00:00

Starting from this commit, we add the basic support of UMP (Universal MIDI Packet) events on ALSA sequencer infrastructure. The biggest change here is that, for transferring UMP packets that are up to 128 bits, we extend the data payload of ALSA sequencer event record when the client is declared to support for the new UMP events. A new event flag bit, SNDRV_SEQ_EVENT_UMP, is defined and it shall be set for the UMP packet events that have the larger payload of 128 bits, defined as struct snd_seq_ump_event. For controlling the UMP feature enablement in kernel, a new Kconfig, CONFIG_SND_SEQ_UMP is introduced. The extended event for UMP is available only when this Kconfig item is set. Similarly, the size of the internal snd_seq_event_cell also increases (in 4 bytes) when the Kconfig item is set. (But the size increase is effective only for 32bit architectures; 64bit archs already have padding there.) Overall, when CONFIG_SND_SEQ_UMP isn't set, there is no change in the event and cell, keeping the old sizes. For applications that want to access the UMP packets, first of all, a sequencer client has to declare the user-protocol to match with the latest one via the new SNDRV_SEQ_IOCTL_USER_PVERSION; otherwise it's treated as if a legacy client without UMP support. Then the client can switch to the new UMP mode (MIDI 1.0 or MIDI 2.0) with a new field, midi_version, in snd_seq_client_info. When switched to UMP mode (midi_version = 1 or 2), the client can write the UMP events with SNDRV_SEQ_EVENT_UMP flag. For reads, the alignment size is changed from snd_seq_event (28 bytes) to snd_seq_ump_event (32 bytes). When a UMP sequencer event is delivered to a legacy sequencer client, it's ignored or handled as an error. Conceptually, ALSA sequencer client and port correspond to the UMP Endpoint and Group, respectively; each client may have multiple ports and each port has the fixed number (16) of channels, total up to 256 channels. As of this commit, ALSA sequencer core just sends and receives the UMP events as-is from/to clients. The automatic conversions between the legacy events and the new UMP events will be implemented in a later patch. Along with this commit, bump the sequencer protocol version to 1.0.3. Reviewed-by: Jaroslav Kysela Link: https://lore.kernel.org/r/20230523075358.9672-26-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: Add snd_seq_expand_var_event_at() helper

2023-05-23T10:11:14+00:00

Create a new variant of snd_seq_expand_var_event() for expanding the data starting from the given byte offset. It'll be used by the new UMP sequencer code later. Reviewed-by: Jaroslav Kysela Link: https://lore.kernel.org/r/20230523075358.9672-19-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: Clear padded bytes at expanding events

2023-05-23T10:11:13+00:00

There can be a small memory hole that may not be cleared at expanding an event with the variable length type. Make sure to clear it. Reviewed-by: Jaroslav Kysela Link: https://lore.kernel.org/r/20230523075358.9672-18-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event

2022-11-19T08:20:11+00:00

With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function pointer prototype to make sure the call target is valid to help mitigate ROP attacks. If they are not identical, there is a failure at run time, which manifests as either a kernel panic or thread getting killed. seq_copy_in_user() and seq_copy_in_kernel() did not have prototypes matching snd_seq_dump_func_t. Adjust this and remove the casts. There are not resulting binary output differences. This was found as a result of Clang's new -Wcast-function-type-strict flag, which is more sensitive than the simpler -Wcast-function-type, which only checks for type width mismatches. Reported-by: kernel test robot Link: https://lore.kernel.org/lkml/202211041527.HD8TLSE1-lkp@intel.com Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: "Gustavo A. R. Silva" Cc: alsa-devel@alsa-project.org Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221118232346.never.380-kees@kernel.org Signed-off-by: Takashi Iwai

ALSA: seq: Fix assignment in if condition

2021-06-09T15:30:26+00:00

There are lots of places doing assignments in if condition in ALSA sequencer core, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-57-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: core: Use DIV_ROUND_UP() instead of open-coding it

2020-12-25T08:11:46+00:00

Use DIV_ROUND_UP() instead of open-coding it. This documents intent and makes it more clear what is going on for the casual reviewer. Generated using the following the Coccinelle semantic patch. // @@ expression x, y; @@ -(((x) + (y) - 1) / (y)) +DIV_ROUND_UP(x, y) // Signed-off-by: Lars-Peter Clausen Link: https://lore.kernel.org/r/20201223172229.781-1-lars@metafoo.de Signed-off-by: Takashi Iwai