From 3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Thu, 14 Apr 2016 18:02:37 +0200 Subject: ALSA: pcm : Call kill_fasync() in stream lock Currently kill_fasync() is called outside the stream lock in snd_pcm_period_elapsed(). This is potentially racy, since the stream may get released even during the irq handler is running. Although snd_pcm_release_substream() calls snd_pcm_drop(), this doesn't guarantee that the irq handler finishes, thus the kill_fasync() call outside the stream spin lock may be invoked after the substream is detached, as recently reported by KASAN. As a quick workaround, move kill_fasync() call inside the stream lock. The fasync is rarely used interface, so this shouldn't have a big impact from the performance POV. Ideally, we should implement some sync mechanism for the proper finish of stream and irq handler. But this oneliner should suffice for most cases, so far. Reported-by: Baozeng Ding Signed-off-by: Takashi Iwai --- sound/core/pcm_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sound/core') diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index 3a9b66c6e09c..0aca39762ed0 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -1886,8 +1886,8 @@ void snd_pcm_period_elapsed(struct snd_pcm_substream *substream) snd_timer_interrupt(substream->timer, 1); #endif _end: - snd_pcm_stream_unlock_irqrestore(substream, flags); kill_fasync(&runtime->fasync, SIGIO, POLL_IN); + snd_pcm_stream_unlock_irqrestore(substream, flags); } EXPORT_SYMBOL(snd_pcm_period_elapsed); -- cgit v1.2.3 From 34ce71a96dcba24c71b07f1b087bd179b885784d Mon Sep 17 00:00:00 2001 From: Alexandre Belloni Date: Sat, 23 Apr 2016 02:58:05 +0200 Subject: ALSA: timer: remove legacy rtctimer There are no users of rtctimer left. Remove its code as this is the in-kernel user of the legacy PC RTC driver that will hopefully be removed at some point. Signed-off-by: Alexandre Belloni Signed-off-by: Takashi Iwai --- include/uapi/sound/asound.h | 2 +- sound/core/Kconfig | 29 ------- sound/core/Makefile | 1 - sound/core/rtctimer.c | 187 -------------------------------------------- sound/core/seq/seq.c | 2 - sound/core/timer.c | 2 - 6 files changed, 1 insertion(+), 222 deletions(-) delete mode 100644 sound/core/rtctimer.c (limited to 'sound/core') diff --git a/include/uapi/sound/asound.h b/include/uapi/sound/asound.h index 67bf49d8c944..609cadb8739d 100644 --- a/include/uapi/sound/asound.h +++ b/include/uapi/sound/asound.h @@ -672,7 +672,7 @@ enum { /* global timers (device member) */ #define SNDRV_TIMER_GLOBAL_SYSTEM 0 -#define SNDRV_TIMER_GLOBAL_RTC 1 +#define SNDRV_TIMER_GLOBAL_RTC 1 /* unused */ #define SNDRV_TIMER_GLOBAL_HPET 2 #define SNDRV_TIMER_GLOBAL_HRTIMER 3 diff --git a/sound/core/Kconfig b/sound/core/Kconfig index 6d12ca9bcb80..9749f9e8b45c 100644 --- a/sound/core/Kconfig +++ b/sound/core/Kconfig @@ -141,35 +141,6 @@ config SND_SEQ_HRTIMER_DEFAULT Say Y here to use the HR-timer backend as the default sequencer timer. -config SND_RTCTIMER - tristate "RTC Timer support" - depends on RTC - select SND_TIMER - help - Say Y here to enable RTC timer support for ALSA. ALSA uses - the RTC timer as a precise timing source and maps the RTC - timer to ALSA's timer interface. The ALSA sequencer code also - can use this timing source. - - To compile this driver as a module, choose M here: the module - will be called snd-rtctimer. - - Note that this option is exclusive with the new RTC drivers - (CONFIG_RTC_CLASS) since this requires the old API. - -config SND_SEQ_RTCTIMER_DEFAULT - bool "Use RTC as default sequencer timer" - depends on SND_RTCTIMER && SND_SEQUENCER - depends on !SND_SEQ_HRTIMER_DEFAULT - default y - help - Say Y here to use the RTC timer as the default sequencer - timer. This is strongly recommended because it ensures - precise MIDI timing even when the system timer runs at less - than 1000 Hz. - - If in doubt, say Y. - config SND_DYNAMIC_MINORS bool "Dynamic device file minor numbers" help diff --git a/sound/core/Makefile b/sound/core/Makefile index 48ab4b8f8279..e85d9dd12c2d 100644 --- a/sound/core/Makefile +++ b/sound/core/Makefile @@ -37,7 +37,6 @@ obj-$(CONFIG_SND) += snd.o obj-$(CONFIG_SND_HWDEP) += snd-hwdep.o obj-$(CONFIG_SND_TIMER) += snd-timer.o obj-$(CONFIG_SND_HRTIMER) += snd-hrtimer.o -obj-$(CONFIG_SND_RTCTIMER) += snd-rtctimer.o obj-$(CONFIG_SND_PCM) += snd-pcm.o obj-$(CONFIG_SND_DMAENGINE_PCM) += snd-pcm-dmaengine.o obj-$(CONFIG_SND_RAWMIDI) += snd-rawmidi.o diff --git a/sound/core/rtctimer.c b/sound/core/rtctimer.c deleted file mode 100644 index f3420d11a12f..000000000000 --- a/sound/core/rtctimer.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * RTC based high-frequency timer - * - * Copyright (C) 2000 Takashi Iwai - * based on rtctimer.c by Steve Ratcliffe - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - */ - -#include -#include -#include -#include -#include -#include - -#if IS_ENABLED(CONFIG_RTC) - -#include - -#define RTC_FREQ 1024 /* default frequency */ -#define NANO_SEC 1000000000L /* 10^9 in sec */ - -/* - * prototypes - */ -static int rtctimer_open(struct snd_timer *t); -static int rtctimer_close(struct snd_timer *t); -static int rtctimer_start(struct snd_timer *t); -static int rtctimer_stop(struct snd_timer *t); - - -/* - * The hardware dependent description for this timer. - */ -static struct snd_timer_hardware rtc_hw = { - .flags = SNDRV_TIMER_HW_AUTO | - SNDRV_TIMER_HW_FIRST | - SNDRV_TIMER_HW_TASKLET, - .ticks = 100000000L, /* FIXME: XXX */ - .open = rtctimer_open, - .close = rtctimer_close, - .start = rtctimer_start, - .stop = rtctimer_stop, -}; - -static int rtctimer_freq = RTC_FREQ; /* frequency */ -static struct snd_timer *rtctimer; -static struct tasklet_struct rtc_tasklet; -static rtc_task_t rtc_task; - - -static int -rtctimer_open(struct snd_timer *t) -{ - int err; - - err = rtc_register(&rtc_task); - if (err < 0) - return err; - t->private_data = &rtc_task; - return 0; -} - -static int -rtctimer_close(struct snd_timer *t) -{ - rtc_task_t *rtc = t->private_data; - if (rtc) { - rtc_unregister(rtc); - tasklet_kill(&rtc_tasklet); - t->private_data = NULL; - } - return 0; -} - -static int -rtctimer_start(struct snd_timer *timer) -{ - rtc_task_t *rtc = timer->private_data; - if (snd_BUG_ON(!rtc)) - return -EINVAL; - rtc_control(rtc, RTC_IRQP_SET, rtctimer_freq); - rtc_control(rtc, RTC_PIE_ON, 0); - return 0; -} - -static int -rtctimer_stop(struct snd_timer *timer) -{ - rtc_task_t *rtc = timer->private_data; - if (snd_BUG_ON(!rtc)) - return -EINVAL; - rtc_control(rtc, RTC_PIE_OFF, 0); - return 0; -} - -static void rtctimer_tasklet(unsigned long data) -{ - snd_timer_interrupt((struct snd_timer *)data, 1); -} - -/* - * interrupt - */ -static void rtctimer_interrupt(void *private_data) -{ - tasklet_schedule(private_data); -} - - -/* - * ENTRY functions - */ -static int __init rtctimer_init(void) -{ - int err; - struct snd_timer *timer; - - if (rtctimer_freq < 2 || rtctimer_freq > 8192 || - !is_power_of_2(rtctimer_freq)) { - pr_err("ALSA: rtctimer: invalid frequency %d\n", rtctimer_freq); - return -EINVAL; - } - - /* Create a new timer and set up the fields */ - err = snd_timer_global_new("rtc", SNDRV_TIMER_GLOBAL_RTC, &timer); - if (err < 0) - return err; - - timer->module = THIS_MODULE; - strcpy(timer->name, "RTC timer"); - timer->hw = rtc_hw; - timer->hw.resolution = NANO_SEC / rtctimer_freq; - - tasklet_init(&rtc_tasklet, rtctimer_tasklet, (unsigned long)timer); - - /* set up RTC callback */ - rtc_task.func = rtctimer_interrupt; - rtc_task.private_data = &rtc_tasklet; - - err = snd_timer_global_register(timer); - if (err < 0) { - snd_timer_global_free(timer); - return err; - } - rtctimer = timer; /* remember this */ - - return 0; -} - -static void __exit rtctimer_exit(void) -{ - if (rtctimer) { - snd_timer_global_free(rtctimer); - rtctimer = NULL; - } -} - - -/* - * exported stuff - */ -module_init(rtctimer_init) -module_exit(rtctimer_exit) - -module_param(rtctimer_freq, int, 0444); -MODULE_PARM_DESC(rtctimer_freq, "timer frequency in Hz"); - -MODULE_LICENSE("GPL"); - -MODULE_ALIAS("snd-timer-" __stringify(SNDRV_TIMER_GLOBAL_RTC)); - -#endif /* IS_ENABLED(CONFIG_RTC) */ diff --git a/sound/core/seq/seq.c b/sound/core/seq/seq.c index 7e0aabb808a6..639544b4fb04 100644 --- a/sound/core/seq/seq.c +++ b/sound/core/seq/seq.c @@ -47,8 +47,6 @@ int seq_default_timer_card = -1; int seq_default_timer_device = #ifdef CONFIG_SND_SEQ_HRTIMER_DEFAULT SNDRV_TIMER_GLOBAL_HRTIMER -#elif defined(CONFIG_SND_SEQ_RTCTIMER_DEFAULT) - SNDRV_TIMER_GLOBAL_RTC #else SNDRV_TIMER_GLOBAL_SYSTEM #endif diff --git a/sound/core/timer.c b/sound/core/timer.c index 6469bedda2f3..0cfc028c1193 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -37,8 +37,6 @@ #if IS_ENABLED(CONFIG_SND_HRTIMER) #define DEFAULT_TIMER_LIMIT 4 -#elif IS_ENABLED(CONFIG_SND_RTCTIMER) -#define DEFAULT_TIMER_LIMIT 2 #else #define DEFAULT_TIMER_LIMIT 1 #endif -- cgit v1.2.3 From d2c5cf88d5282de258f4eb6ab40040b80a075cd8 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Sun, 24 Apr 2016 22:52:18 +0200 Subject: ALSA: hrtimer: Handle start/stop more properly This patch tries to address the still remaining issues in ALSA hrtimer driver: - Spurious use-after-free was detected in hrtimer callback - Incorrect rescheduling due to delayed start - WARN_ON() is triggered in hrtimer_forward() invoked in hrtimer callback The first issue happens only when the new timer is scheduled even while hrtimer is being closed. It's related with the second and third items; since ALSA timer core invokes hw.start callback during hrtimer interrupt, this may result in the explicit call of hrtimer_start(). Also, the similar problem is seen for the stop; ALSA timer core invokes hw.stop callback even in the hrtimer handler, too. Since we must not call the synced hrtimer_cancel() in such a context, it's just a hrtimer_try_to_cancel() call that doesn't properly work. Another culprit of the second and third items is the call of hrtimer_forward_now() before snd_timer_interrupt(). The timer->stick value may change during snd_timer_interrupt() call, but this possibility is ignored completely. For covering these subtle and messy issues, the following changes have been done in this patch: - A new flag, in_callback, is introduced in the private data to indicate that the hrtimer handler is being processed. - Both start and stop callbacks skip when called from (during) in_callback flag. - The hrtimer handler returns properly HRTIMER_RESTART and NORESTART depending on the running state now. - The hrtimer handler reprograms the expiry properly after snd_timer_interrupt() call, instead of before. - The close callback clears running flag and sets in_callback flag to block any further start/stop calls. Signed-off-by: Takashi Iwai --- sound/core/hrtimer.c | 56 ++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 17 deletions(-) (limited to 'sound/core') diff --git a/sound/core/hrtimer.c b/sound/core/hrtimer.c index 656d9a9032dc..e2f27022b363 100644 --- a/sound/core/hrtimer.c +++ b/sound/core/hrtimer.c @@ -38,37 +38,53 @@ static unsigned int resolution; struct snd_hrtimer { struct snd_timer *timer; struct hrtimer hrt; - atomic_t running; + bool in_callback; }; static enum hrtimer_restart snd_hrtimer_callback(struct hrtimer *hrt) { struct snd_hrtimer *stime = container_of(hrt, struct snd_hrtimer, hrt); struct snd_timer *t = stime->timer; - unsigned long oruns; - - if (!atomic_read(&stime->running)) - return HRTIMER_NORESTART; - - oruns = hrtimer_forward_now(hrt, ns_to_ktime(t->sticks * resolution)); - snd_timer_interrupt(stime->timer, t->sticks * oruns); + ktime_t delta; + unsigned long ticks; + enum hrtimer_restart ret = HRTIMER_NORESTART; + + spin_lock(&t->lock); + if (!t->running) + goto out; /* fast path */ + stime->in_callback = true; + ticks = t->sticks; + spin_unlock(&t->lock); + + /* calculate the drift */ + delta = ktime_sub(hrt->base->get_time(), hrtimer_get_expires(hrt)); + if (delta.tv64 > 0) + ticks += ktime_divns(delta, ticks * resolution); + + snd_timer_interrupt(stime->timer, ticks); + + spin_lock(&t->lock); + if (t->running) { + hrtimer_add_expires_ns(hrt, t->sticks * resolution); + ret = HRTIMER_RESTART; + } - if (!atomic_read(&stime->running)) - return HRTIMER_NORESTART; - return HRTIMER_RESTART; + stime->in_callback = false; + out: + spin_unlock(&t->lock); + return ret; } static int snd_hrtimer_open(struct snd_timer *t) { struct snd_hrtimer *stime; - stime = kmalloc(sizeof(*stime), GFP_KERNEL); + stime = kzalloc(sizeof(*stime), GFP_KERNEL); if (!stime) return -ENOMEM; hrtimer_init(&stime->hrt, CLOCK_MONOTONIC, HRTIMER_MODE_REL); stime->timer = t; stime->hrt.function = snd_hrtimer_callback; - atomic_set(&stime->running, 0); t->private_data = stime; return 0; } @@ -78,6 +94,11 @@ static int snd_hrtimer_close(struct snd_timer *t) struct snd_hrtimer *stime = t->private_data; if (stime) { + spin_lock_irq(&t->lock); + t->running = 0; /* just to be sure */ + stime->in_callback = 1; /* skip start/stop */ + spin_unlock_irq(&t->lock); + hrtimer_cancel(&stime->hrt); kfree(stime); t->private_data = NULL; @@ -89,18 +110,19 @@ static int snd_hrtimer_start(struct snd_timer *t) { struct snd_hrtimer *stime = t->private_data; - atomic_set(&stime->running, 0); - hrtimer_try_to_cancel(&stime->hrt); + if (stime->in_callback) + return 0; hrtimer_start(&stime->hrt, ns_to_ktime(t->sticks * resolution), HRTIMER_MODE_REL); - atomic_set(&stime->running, 1); return 0; } static int snd_hrtimer_stop(struct snd_timer *t) { struct snd_hrtimer *stime = t->private_data; - atomic_set(&stime->running, 0); + + if (stime->in_callback) + return 0; hrtimer_try_to_cancel(&stime->hrt); return 0; } -- cgit v1.2.3 From cec8f96e49d9be372fdb0c3836dcf31ec71e457e Mon Sep 17 00:00:00 2001 From: Kangjie Lu Date: Tue, 3 May 2016 16:44:07 -0400 Subject: ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The stack object “tread” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Signed-off-by: Kangjie Lu Signed-off-by: Takashi Iwai --- sound/core/timer.c | 1 + 1 file changed, 1 insertion(+) (limited to 'sound/core') diff --git a/sound/core/timer.c b/sound/core/timer.c index 0cfc028c1193..306a93dea20a 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1737,6 +1737,7 @@ static int snd_timer_user_params(struct file *file, if (tu->timeri->flags & SNDRV_TIMER_IFLG_EARLY_EVENT) { if (tu->tread) { struct snd_timer_tread tread; + memset(&tread, 0, sizeof(tread)); tread.event = SNDRV_TIMER_EVENT_EARLY; tread.tstamp.tv_sec = 0; tread.tstamp.tv_nsec = 0; -- cgit v1.2.3 From 9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6 Mon Sep 17 00:00:00 2001 From: Kangjie Lu Date: Tue, 3 May 2016 16:44:20 -0400 Subject: ALSA: timer: Fix leak in events via snd_timer_user_ccallback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Signed-off-by: Kangjie Lu Signed-off-by: Takashi Iwai --- sound/core/timer.c | 1 + 1 file changed, 1 insertion(+) (limited to 'sound/core') diff --git a/sound/core/timer.c b/sound/core/timer.c index 306a93dea20a..cc3c08d17ab1 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1223,6 +1223,7 @@ static void snd_timer_user_ccallback(struct snd_timer_instance *timeri, tu->tstamp = *tstamp; if ((tu->filter & (1 << event)) == 0 || !tu->tread) return; + memset(&r1, 0, sizeof(r1)); r1.event = event; r1.tstamp = *tstamp; r1.val = resolution; -- cgit v1.2.3 From e4ec8cc8039a7063e24204299b462bd1383184a5 Mon Sep 17 00:00:00 2001 From: Kangjie Lu Date: Tue, 3 May 2016 16:44:32 -0400 Subject: ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized. Signed-off-by: Kangjie Lu Signed-off-by: Takashi Iwai --- sound/core/timer.c | 1 + 1 file changed, 1 insertion(+) (limited to 'sound/core') diff --git a/sound/core/timer.c b/sound/core/timer.c index cc3c08d17ab1..e722022d325d 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -1266,6 +1266,7 @@ static void snd_timer_user_tinterrupt(struct snd_timer_instance *timeri, } if ((tu->filter & (1 << SNDRV_TIMER_EVENT_RESOLUTION)) && tu->last_resolution != resolution) { + memset(&r1, 0, sizeof(r1)); r1.event = SNDRV_TIMER_EVENT_RESOLUTION; r1.tstamp = tstamp; r1.val = resolution; -- cgit v1.2.3 From e099aeea639ce491d3cd1c3802fe34d98045ffd8 Mon Sep 17 00:00:00 2001 From: Charles Keepax Date: Wed, 4 May 2016 14:59:07 +0100 Subject: ALSA: pcm: Fix poll error return codes We can't return a negative error code from the poll callback the return type is unsigned and is checked against the poll specific flags we need to return POLLERR if we encounter an error. Signed-off-by: Charles Keepax Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai --- sound/core/pcm_native.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sound/core') diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index 9106d8e2300e..c61fd50f771f 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3161,7 +3161,7 @@ static unsigned int snd_pcm_playback_poll(struct file *file, poll_table * wait) substream = pcm_file->substream; if (PCM_RUNTIME_CHECK(substream)) - return -ENXIO; + return POLLOUT | POLLWRNORM | POLLERR; runtime = substream->runtime; poll_wait(file, &runtime->sleep, wait); @@ -3200,7 +3200,7 @@ static unsigned int snd_pcm_capture_poll(struct file *file, poll_table * wait) substream = pcm_file->substream; if (PCM_RUNTIME_CHECK(substream)) - return -ENXIO; + return POLLIN | POLLRDNORM | POLLERR; runtime = substream->runtime; poll_wait(file, &runtime->sleep, wait); -- cgit v1.2.3 From 0b92b0cdbe419575b2233c08192b2ad28e7dbcfa Mon Sep 17 00:00:00 2001 From: Charles Keepax Date: Wed, 4 May 2016 14:59:08 +0100 Subject: ALSA: compress: Use snd_compr_get_poll on error path We have a function that returns the appropriate flags for the stream direction, so we should use it. Signed-off-by: Charles Keepax Acked-by: Vinod Koul Signed-off-by: Takashi Iwai --- sound/core/compress_offload.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'sound/core') diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index a9933c07a6bf..5268546d6935 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -421,10 +421,7 @@ static unsigned int snd_compr_poll(struct file *f, poll_table *wait) retval = snd_compr_get_poll(stream); break; default: - if (stream->direction == SND_COMPRESS_PLAYBACK) - retval = POLLOUT | POLLWRNORM | POLLERR; - else - retval = POLLIN | POLLRDNORM | POLLERR; + retval = snd_compr_get_poll(stream) | POLLERR; break; } out: -- cgit v1.2.3 From 5bd05390ff084d7a1ea7efa8f8dc111c24b2454c Mon Sep 17 00:00:00 2001 From: Charles Keepax Date: Wed, 4 May 2016 14:59:09 +0100 Subject: ALSA: compress: Remove pointless NULL check stream can't be NULL here as we have just taken the address of it, so no need for the check. Signed-off-by: Charles Keepax Acked-by: Vinod Koul Signed-off-by: Takashi Iwai --- sound/core/compress_offload.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'sound/core') diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 5268546d6935..5215df2940b3 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -392,9 +392,8 @@ static unsigned int snd_compr_poll(struct file *f, poll_table *wait) if (snd_BUG_ON(!data)) return -EFAULT; + stream = &data->stream; - if (snd_BUG_ON(!stream)) - return -EFAULT; mutex_lock(&stream->device->lock); if (stream->runtime->state == SNDRV_PCM_STATE_OPEN) { @@ -799,9 +798,9 @@ static long snd_compr_ioctl(struct file *f, unsigned int cmd, unsigned long arg) if (snd_BUG_ON(!data)) return -EFAULT; + stream = &data->stream; - if (snd_BUG_ON(!stream)) - return -EFAULT; + mutex_lock(&stream->device->lock); switch (_IOC_NR(cmd)) { case _IOC_NR(SNDRV_COMPRESS_IOCTL_VERSION): -- cgit v1.2.3 From 1d03f2bd56f3a45123a7572fb536c063068cfb83 Mon Sep 17 00:00:00 2001 From: Charles Keepax Date: Wed, 4 May 2016 14:59:10 +0100 Subject: ALSA: compress: Fix poll error return codes We can't return a negative error code from the poll callback the return type is unsigned and is checked against the poll specific flags we need to return POLLERR if we encounter an error. Signed-off-by: Charles Keepax Acked-by: Vinod Koul Signed-off-by: Takashi Iwai --- sound/core/compress_offload.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sound/core') diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index 5215df2940b3..f56f4e358b76 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -391,13 +391,13 @@ static unsigned int snd_compr_poll(struct file *f, poll_table *wait) int retval = 0; if (snd_BUG_ON(!data)) - return -EFAULT; + return POLLERR; stream = &data->stream; mutex_lock(&stream->device->lock); if (stream->runtime->state == SNDRV_PCM_STATE_OPEN) { - retval = -EBADFD; + retval = snd_compr_get_poll(stream) | POLLERR; goto out; } poll_wait(f, &stream->runtime->sleep, wait); -- cgit v1.2.3 From 875f6fffa2e09b48fa07ecbf2e28dd2425b5ce01 Mon Sep 17 00:00:00 2001 From: Charles Keepax Date: Wed, 4 May 2016 14:59:11 +0100 Subject: ALSA: compress: Replace complex if statement with switch A switch statement looks a bit cleaner than an if statement spread over 3 lines, as such update this to a switch. Signed-off-by: Charles Keepax Acked-by: Vinod Koul Signed-off-by: Takashi Iwai --- sound/core/compress_offload.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'sound/core') diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c index f56f4e358b76..9b3334be9df2 100644 --- a/sound/core/compress_offload.c +++ b/sound/core/compress_offload.c @@ -288,9 +288,12 @@ static ssize_t snd_compr_write(struct file *f, const char __user *buf, stream = &data->stream; mutex_lock(&stream->device->lock); /* write is allowed when stream is running or has been steup */ - if (stream->runtime->state != SNDRV_PCM_STATE_SETUP && - stream->runtime->state != SNDRV_PCM_STATE_PREPARED && - stream->runtime->state != SNDRV_PCM_STATE_RUNNING) { + switch (stream->runtime->state) { + case SNDRV_PCM_STATE_SETUP: + case SNDRV_PCM_STATE_PREPARED: + case SNDRV_PCM_STATE_RUNNING: + break; + default: mutex_unlock(&stream->device->lock); return -EBADFD; } -- cgit v1.2.3 From 8d879be882ba5a8bd4c2bc39bd2c336392564e13 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Tue, 10 May 2016 16:07:40 +0200 Subject: ALSA: pcm: Bail out when chmap is already present When snd_pcm_add_chmap_ctls() is called to the PCM stream to which a chmap has been already assigned, it returns as an error due to the conflicting snd_ctl_add() result. However, this also clears the already assigned chmap_kctl field via pcm_chmap_ctl_private_free(), and becomes inconsistent in the later operation. This patch adds the check of the conflicting chmap kctl before actually trying to allocate / assign. The check failure is treated as a kernel warning, as the double call of snd_pcm_add_chmap_ctls() is basically a driver bug and having the stack trace would help developers to figure out the bad code path. Signed-off-by: Takashi Iwai --- sound/core/pcm_lib.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sound/core') diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c index 0aca39762ed0..bb1261591a1f 100644 --- a/sound/core/pcm_lib.c +++ b/sound/core/pcm_lib.c @@ -2595,6 +2595,8 @@ int snd_pcm_add_chmap_ctls(struct snd_pcm *pcm, int stream, }; int err; + if (WARN_ON(pcm->streams[stream].chmap_kctl)) + return -EBUSY; info = kzalloc(sizeof(*info), GFP_KERNEL); if (!info) return -ENOMEM; -- cgit v1.2.3