12 Sep, 2017
2 commits
-
ALSA sequencer core has a mechanism to load the enumerated devices
automatically, and it's performed in an off-load work. This seems
causing some race when a sequencer is removed while the pending
autoload work is running. As syzkaller spotted, it may lead to some
use-after-free:
BUG: KASAN: use-after-free in snd_rawmidi_dev_seq_free+0x69/0x70
sound/core/rawmidi.c:1617
Write of size 8 at addr ffff88006c611d90 by task kworker/2:1/567CPU: 2 PID: 567 Comm: kworker/2:1 Not tainted 4.13.0+ #29
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Workqueue: events autoload_drivers
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0x192/0x22c lib/dump_stack.c:52
print_address_description+0x78/0x280 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report+0x230/0x340 mm/kasan/report.c:409
__asan_report_store8_noabort+0x1c/0x20 mm/kasan/report.c:435
snd_rawmidi_dev_seq_free+0x69/0x70 sound/core/rawmidi.c:1617
snd_seq_dev_release+0x4f/0x70 sound/core/seq_device.c:192
device_release+0x13f/0x210 drivers/base/core.c:814
kobject_cleanup lib/kobject.c:648 [inline]
kobject_release lib/kobject.c:677 [inline]
kref_put include/linux/kref.h:70 [inline]
kobject_put+0x145/0x240 lib/kobject.c:694
put_device+0x25/0x30 drivers/base/core.c:1799
klist_devices_put+0x36/0x40 drivers/base/bus.c:827
klist_next+0x264/0x4a0 lib/klist.c:403
next_device drivers/base/bus.c:270 [inline]
bus_for_each_dev+0x17e/0x210 drivers/base/bus.c:312
autoload_drivers+0x3b/0x50 sound/core/seq_device.c:117
process_one_work+0x9fb/0x1570 kernel/workqueue.c:2097
worker_thread+0x1e4/0x1350 kernel/workqueue.c:2231
kthread+0x324/0x3f0 kernel/kthread.c:231
ret_from_fork+0x25/0x30 arch/x86/entry/entry_64.S:425The fix is simply to assure canceling the autoload work at removing
the device.Reported-by: Andrey Konovalov
Tested-by: Andrey Konovalov
Cc:
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai
07 Sep, 2017
10 commits
-
BUG_ON() is the worst choice for a trivial sanity check.
Either it should be removed or replaced with a softer one like
WARN_ON() if still really needed.Signed-off-by: Takashi Iwai
-
The debug functions uses wrongly the %pF instead of the %pS printk format
specifier for printing symbols for the address returned by
_builtin_return_address(0). Fix it for the ia64, ppc64 and parisc64
architectures.Signed-off-by: Helge Deller
Signed-off-by: Takashi Iwai -
* Add a jump target so that a bit of exception handling can be better
reused at the end of this function.This issue was detected by using the Coccinelle software.
* The script "checkpatch.pl" pointed information out like the following.
ERROR: do not use assignment in if condition
Thus fix a few source code places.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
* Add a jump target so that a bit of exception handling can be better
reused at the end of this function.This issue was detected by using the Coccinelle software.
* The script "checkpatch.pl" pointed information out like the following.
ERROR: do not use assignment in if condition
Thus fix a few source code places.
[ This also fixed a potential use-after-free at error path of
snd_opl3_hwdep_new(), too -- tiwai ]Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of exception handling can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add a jump target so that a bit of common code can be better reused
at the end of this function.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai -
Add jump targets so that a bit of exception handling can be better reused
at the end of these functions.This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring
Signed-off-by: Takashi Iwai
05 Sep, 2017
1 commit
-
…broonie/sound into for-linus
ASoC: Fixes for the CS43130 driver
A couple of warning fixes for the newly added CS43130 driver.
04 Sep, 2017
10 commits
-
The CA0132 codec driver doesn't call the free function at its error
path of the probe, which leaves the allocated memory. Call
ca0132_free() properly at the error handling.Fixes: a73d511c4867 ("ALSA: hda/ca0132: Add unsol handler for DSP and jack detection")
Signed-off-by: Takashi Iwai -
When hda_codec_driver_probe meet error and return failure, we need
to free resource with patch_ops.free, or we will get resource leak.Signed-off-by: Wang YanQing
Signed-off-by: Takashi Iwai -
Add __maybe_unused prefix for addressing the following warnings:
sound/soc/codecs/cs43130.c:2615:12: warning: ‘cs43130_runtime_resume’ defined but not used [-Wunused-function]
sound/soc/codecs/cs43130.c:2596:12: warning: ‘cs43130_runtime_suspend’ defined but not used [-Wunused-function]Fixes: 8f1e5bf9b440 ("ASoC: cs43130: Add support for CS43130 codec")
Signed-off-by: Takashi Iwai
Signed-off-by: Mark Brown -
As compiler spotted out, there is the potential NULL-dereference in
the code when dc-measure OF is given for other than 43130/43131:
sound/soc/codecs/cs43130.c:2089:18: warning: ‘hpload_seq’ may be used uninitialized in this function [-Wmaybe-uninitialized]Warn it and return before triggering Oops.
Fixes: 8f1e5bf9b440 ("ASoC: cs43130: Add support for CS43130 codec")
Signed-off-by: Takashi Iwai
Signed-off-by: Mark Brown -
ASoC: Updates for v4.14
This is quite a large release by volume of patches and diff, a lot of
that is mechanical cleanup patches but it's great to also see a range of
vendors actively working on adding new features and fixing issues in
their drivers. Intel and Realtek have been especially active here.- Continued work towards moving everything to the component model from
Morimoto-san.
- Use of devres for jack detection GPIOs, eliminating some potential
resource leaks.
- Jack detection support for Qualcomm MSM8916.
- Support for Allwinner H3, Cirrus Logic CS43130, Intel Kabylake
systems with RT5663, Realtek RT274, TI TLV320AIC32x6 and Wolfson
WM8523. -
Trivial fix to spelling mistake in variable name
Signed-off-by: Colin Ian King
Signed-off-by: Mark Brown -
The ALSA related include header files are left overs after the commit
020c5260c2b1 ("ALSA: atmel: Remove AVR32 bits from the driver")
Fixes: 020c5260c2b1 ("ALSA: atmel: Remove AVR32 bits from the driver")
Signed-off-by: Andy Shevchenko
Signed-off-by: Takashi Iwai -
Convert the driver to use GPIO descriptor API.
Signed-off-by: Andy Shevchenko
Signed-off-by: Takashi Iwai -
Intel ALC 700 needs this patch for jack detection function.
Because ALC700's jack detect function defaults is disable.
So alc700 needs pathc to enable jack detection function.Signed-off-by: PeiSen Hou
Signed-off-by: Takashi Iwai
03 Sep, 2017
1 commit
-
Commit fb087eaaef72 ("ALSA: hda - hdmi eld control created based on pcm")
forget to filter out invalid pcm numbers, if there is only one invalid pcm
number, then this issue causes we create eld control for invalid pcm silently,
but when there are more than one invalid pcm numbers, then this issue bring
probe error looks like below dmesg:
"
kernel: [ 1.647283] snd_hda_intel 0000:00:03.0: bound 0000:00:02.0 (ops 0xc2967540)
kernel: [ 1.651192] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [ 1.651195] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [ 1.651197] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [ 1.651199] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [ 1.651201] snd_hda_intel 0000:00:03.0: Too many HDMI devices
kernel: [ 1.651203] snd_hda_intel 0000:00:03.0: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
kernel: [ 1.651676] snd_hda_intel 0000:00:03.0: control 3:0:0:ELD:0 is already present
kernel: [ 1.651787] snd_hda_codec_hdmi: probe of hdaudioC0D0 failed with error -16
"This patch add invalid pcm number filter before calling hdmi_create_eld_ctl.
Fixes: fb087eaaef72 ("ALSA: hda - hdmi eld control created based on pcm")
Signed-off-by: Wang YanQing
Signed-off-by: Takashi Iwai
01 Sep, 2017
16 commits
-
…c/topic/zte' into asoc-next
-
…pic/utils', 'asoc/topic/ux500' and 'asoc/topic/wm8523' into asoc-next
-
…/topic/tegra', 'asoc/topic/tlv320aic32x4' and 'asoc/topic/tlv320aic3x' into asoc-next
-
…pic/sta32x', 'asoc/topic/stm32' and 'asoc/topic/sunxi' into asoc-next
-
…opic/rt5677' and 'asoc/topic/samsung' into asoc-next
-
…opic/rt5645', 'asoc/topic/rt5659' and 'asoc/topic/rt5663' into asoc-next
-
…/topic/rt274' and 'asoc/topic/rt5514' into asoc-next
-
…c/topic/pxa' into asoc-next
-
…au8825', 'asoc/topic/nuc900' and 'asoc/topic/of-graph' into asoc-next
-
…c/topic/max98926' and 'asoc/topic/max98927' into asoc-next
-
…jack' and 'asoc/topic/jz4740' into asoc-next
-
…c/fsi', 'asoc/topic/fsl' and 'asoc/topic/hdmi' into asoc-next
-
…/topic/cygnus' and 'asoc/topic/davinci' into asoc-next
-
…soc/topic/cs42l42' into asoc-next
-
…topic/cirrus' and 'asoc/topic/compress' into asoc-next
-
…c/topic/atmel', 'asoc/topic/au1x' and 'asoc/topic/bcm' into asoc-next