Eric Lee / smarc-fsl-linux-kernel

24 Jun, 2016

1 commit

  • d5dbbe656   ALSA: dummy: Fix a use-after-free at closing ... Browse Code »

    syzkaller fuzzer spotted a potential use-after-free case in snd-dummy
    driver when hrtimer is used as backend:
    > ==================================================================
    > BUG: KASAN: use-after-free in rb_erase+0x1b17/0x2010 at addr ffff88005e5b6f68
    > Read of size 8 by task syz-executor/8984
    > =============================================================================
    > BUG kmalloc-192 (Not tainted): kasan: bad access detected
    > -----------------------------------------------------------------------------
    >
    > Disabling lock debugging due to kernel taint
    > INFO: Allocated in 0xbbbbbbbbbbbbbbbb age=18446705582212484632
    > ....
    > [< none >] dummy_hrtimer_create+0x49/0x1a0 sound/drivers/dummy.c:464
    > ....
    > INFO: Freed in 0xfffd8e09 age=18446705496313138713 cpu=2164287125 pid=-1
    > [< none >] dummy_hrtimer_free+0x68/0x80 sound/drivers/dummy.c:481
    > ....
    > Call Trace:
    > [] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:333
    > [< inline >] rb_set_parent include/linux/rbtree_augmented.h:111
    > [< inline >] __rb_erase_augmented include/linux/rbtree_augmented.h:218
    > [] rb_erase+0x1b17/0x2010 lib/rbtree.c:427
    > [] timerqueue_del+0x78/0x170 lib/timerqueue.c:86
    > [] __remove_hrtimer+0x90/0x220 kernel/time/hrtimer.c:903
    > [< inline >] remove_hrtimer kernel/time/hrtimer.c:945
    > [] hrtimer_try_to_cancel+0x22a/0x570 kernel/time/hrtimer.c:1046
    > [] hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1066
    > [] dummy_hrtimer_stop+0x91/0xb0 sound/drivers/dummy.c:417
    > [] dummy_pcm_trigger+0x17f/0x1e0 sound/drivers/dummy.c:507
    > [] snd_pcm_do_stop+0x160/0x1b0 sound/core/pcm_native.c:1106
    > [] snd_pcm_action_single+0x76/0x120 sound/core/pcm_native.c:956
    > [] snd_pcm_action+0x231/0x290 sound/core/pcm_native.c:974
    > [< inline >] snd_pcm_stop sound/core/pcm_native.c:1139
    > [] snd_pcm_drop+0x12d/0x1d0 sound/core/pcm_native.c:1784
    > [] snd_pcm_common_ioctl1+0xfae/0x2150 sound/core/pcm_native.c:2805
    > [] snd_pcm_capture_ioctl1+0x2a1/0x5e0 sound/core/pcm_native.c:2976
    > [] snd_pcm_kernel_ioctl+0x11c/0x160 sound/core/pcm_native.c:3020
    > [] snd_pcm_oss_sync+0x3a4/0xa30 sound/core/oss/pcm_oss.c:1693
    > [] snd_pcm_oss_release+0x1ad/0x280 sound/core/oss/pcm_oss.c:2483
    > .....

    A workaround is to call hrtimer_cancel() in dummy_hrtimer_sync() which
    is called certainly before other blocking ops.

    Reported-by: Dmitry Vyukov
    Tested-by: Dmitry Vyukov
    Cc:
    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

19 Mar, 2016

1 commit

  • 814a2bf95   Merge branch 'akpm' (patches from Andrew) ... Browse Code »

    Merge second patch-bomb from Andrew Morton:

    - a couple of hotfixes

    - the rest of MM

    - a new timer slack control in procfs

    - a couple of procfs fixes

    - a few misc things

    - some printk tweaks

    - lib/ updates, notably to radix-tree.

    - add my and Nick Piggin's old userspace radix-tree test harness to
    tools/testing/radix-tree/. Matthew said it was a godsend during the
    radix-tree work he did.

    - a few code-size improvements, switching to __always_inline where gcc
    screwed up.

    - partially implement character sets in sscanf

    * emailed patches from Andrew Morton : (118 commits)
    sscanf: implement basic character sets
    lib/bug.c: use common WARN helper
    param: convert some "on"/"off" users to strtobool
    lib: add "on"/"off" support to kstrtobool
    lib: update single-char callers of strtobool()
    lib: move strtobool() to kstrtobool()
    include/linux/unaligned: force inlining of byteswap operations
    include/uapi/linux/byteorder, swab: force inlining of some byteswap operations
    include/asm-generic/atomic-long.h: force inlining of some atomic_long operations
    usb: common: convert to use match_string() helper
    ide: hpt366: convert to use match_string() helper
    ata: hpt366: convert to use match_string() helper
    power: ab8500: convert to use match_string() helper
    power: charger_manager: convert to use match_string() helper
    drm/edid: convert to use match_string() helper
    pinctrl: convert to use match_string() helper
    device property: convert to use match_string() helper
    lib/string: introduce match_string() helper
    radix-tree tests: add test for radix_tree_iter_next
    radix-tree tests: add regression3 test
    ...

    Linus Torvalds
     

18 Mar, 2016

1 commit

  • 505f6d22d   sound: query dynamic DEBUG_PAGEALLOC setting ... Browse Code »

    We can disable debug_pagealloc processing even if the code is compiled
    with CONFIG_DEBUG_PAGEALLOC. This patch changes the code to query
    whether it is enabled or not in runtime.

    [akpm@linux-foundation.org: export _debug_pagealloc_enabled to modules]
    Signed-off-by: Joonsoo Kim
    Acked-by: David Rientjes
    Acked-by: Takashi Iwai
    Cc: Benjamin Herrenschmidt
    Cc: Chris Metcalf
    Cc: Christian Borntraeger
    Cc: Christoph Lameter
    Cc: Pekka Enberg
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Joonsoo Kim
     

02 Mar, 2016

1 commit

  • 03367bf7f   ALSA: portman2x4: fix NULL pointer dereference ... Browse Code »

    While registering pardev, the irq_func was also registered. As a result
    when we tried to probe for the card, an interrupt was generated and in
    the ISR we tried to dereference private_data. But private_data is still
    NULL as we have not yet done portman_create(). Lets probe for the device
    after card is created.

    Fixes: e6a1b7e88046 ("ALSA: portman2x4 - use new parport device model")
    Signed-off-by: Sudip Mukherjee
    Signed-off-by: Takashi Iwai

    Sudip Mukherjee
     

29 Feb, 2016

1 commit

  • 0bbf7e025   ALSA: mts64: fix NULL pointer dereference ... Browse Code »

    While registering pardev, the irq_func was also registered. As a
    result when we tried to probe for the card, an interrupt was generated
    and in the ISR we tried to dereference private_data. But private_data
    is still NULL as we have not yet done snd_mts64_create(). Lets probe
    for the card after mts64 is created.

    Reported-by: Fengguang Wu
    Fixes: 94a573500d48 ("ALSA: mts64: use new parport device model")
    Signed-off-by: Sudip Mukherjee
    Signed-off-by: Takashi Iwai

    Sudip Mukherjee
     

22 Feb, 2016

1 commit

  • 94a573500   ALSA: mts64: use new parport device model ... Browse Code »

    Modify mts64 driver to use the new parallel port device model.
    The advantage of using the device model is that the driver gets binded
    to the hardware, we get the feature of hotplug, we can bind/unbind the
    driver at runtime.
    The changes are in the way the driver gets registered with the parallel
    port subsystem and the temporary device to probe mts64 card is removed
    and mts64_probe() is used in the probe callback.

    Signed-off-by: Sudip Mukherjee
    Signed-off-by: Takashi Iwai

    Sudip Mukherjee
     

18 Feb, 2016

1 commit

  • e6a1b7e88   ALSA: portman2x4 - use new parport device model ... Browse Code »

    Modify portman driver to use the new parallel port device model.
    The advantage of using the device model is that the device gets binded
    to the hardware, we get the feature of hotplug, we can bind/unbind
    the driver at runtime.
    The changes are in the way the driver gets registered with the
    parallel port subsystem and the temporary device to probe portman card
    is removed and portman_probe() is used in the probe callback.

    Signed-off-by: Sudip Mukherjee
    Signed-off-by: Takashi Iwai

    Sudip Mukherjee
     

08 Feb, 2016

1 commit

  • ddce57a6f   ALSA: dummy: Implement timer backend switching more safely ... Browse Code »

    Currently the selected timer backend is referred at any moment from
    the running PCM callbacks. When the backend is switched, it's
    possible to lead to inconsistency from the running backend. This was
    pointed by syzkaller fuzzer, and the commit [7ee96216c31a: ALSA:
    dummy: Disable switching timer backend via sysfs] disabled the dynamic
    switching for avoiding the crash.

    This patch improves the handling of timer backend switching. It keeps
    the reference to the selected backend during the whole operation of an
    opened stream so that it won't be changed by other streams.

    Together with this change, the hrtimer parameter is reenabled as
    writable now.

    NOTE: this patch also turned out to fix the still remaining race.
    Namely, ops was still replaced dynamically at dummy_pcm_open:

    static int dummy_pcm_open(struct snd_pcm_substream *substream)
    {
    ....
    dummy->timer_ops = &dummy_systimer_ops;
    if (hrtimer)
    dummy->timer_ops = &dummy_hrtimer_ops;

    Since dummy->timer_ops is common among all streams, and when the
    replacement happens during accesses of other streams, it may lead to a
    crash. This was actually triggered by syzkaller fuzzer and KASAN.

    This patch rewrites the code not to use the ops shared by all streams
    any longer, too.

    BugLink: http://lkml.kernel.org/r/CACT4Y+aZ+xisrpuM6cOXbL21DuM0yVxPYXf4cD4Md9uw0C3dBQ@mail.gmail.com
    Reported-by: Dmitry Vyukov
    Cc:
    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

28 Jan, 2016

1 commit

  • 7ee96216c   ALSA: dummy: Disable switching timer backend via sysfs ... Browse Code »

    ALSA dummy driver can switch the timer backend between system timer
    and hrtimer via its hrtimer module option. This can be also switched
    dynamically via sysfs, but it may lead to a memory corruption when
    switching is done while a PCM stream is running; the stream instance
    for the newly switched timer method tries to access the memory that
    was allocated by another timer method although the sizes differ.

    As the simplest fix, this patch just disables the switch via sysfs by
    dropping the writable bit.

    BugLink: http://lkml.kernel.org/r/CACT4Y+ZGEeEBntHW5WHn2GoeE0G_kRrCmUh6=dWyy-wfzvuJLg@mail.gmail.com
    Reported-by: Dmitry Vyukov
    Cc:
    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

18 Jan, 2016

1 commit

  • a016af2e7   Merge tag 'sound-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound ... Browse Code »

    Pull sound updates from Takashi Iwai:
    "We've had quite busy weeks in this cycle. Looking at ALSA core, the
    significant changes are a few fixes wrt timer and sequencer ioctls
    that have been revealed by fuzzer recently. Other than that, ASoC
    core got a few updates about DAI link handling, but these are rather
    straightforward refactoring.

    In drivers scene, ASoC received quite lots of new drivers in addition
    to bunch of updates for still ongoing Intel Skylake support and
    topology API. HD-audio gained a new HDMI/DP hotplug notification via
    component. FireWire got a pile of code refactoring/updates with
    SCS.1x driver integration.

    More highlights are shown below.

    [ NOTE: this contains also many commits for DRM. This is due to the
    pull of drm stable branch into sound tree, as the base of i915 audio
    component work for HD-audio. The highlights below don't contain
    these DRM changes, as these are supposed to be pulled via drm tree
    in anyway sooner or later. ]

    Core:
    - Handful fixes to harden ALSA timer and sequencer ioctls against
    races reported by syzkaller fuzzer
    - Irq description string can be unique to each card; only for
    HD-audio for now

    ASoC:
    - Conversion of the array of DAI links to a list for supporting
    dynamically adding and removing DAI links
    - Topology API enhancements to make everything more component based
    and being able to specify PCM links via topology
    - Some more fixes for the topology code, though it is still not final
    and ready for enabling in production; we really need to get to the
    point where that can be done
    - A pile of changes for Intel SkyLake drivers which hopefully deliver
    some useful initial functionality for systems with this chipset,
    though there is more work still to come
    - Lots of new features and cleanups for the Renesas drivers
    - ANC support for WM5110
    - New drivers: Imagination Technologies IPs, Atmel class D speaker,
    Cirrus CS47L24 and WM1831, Dialog DA7128, Realtek RT5659 and
    RT56156, Rockchip RK3036, TI PC3168A, and AMD ACP
    - Rename PCM1792a driver to be generic pcm179x

    HD-Audio:
    - Use audio component for i915 HDMI/DP hotplug handling
    - On-demand binding with i915 driver
    - bdl_pos_adj parameter adjustment for Baytrail controllers
    - Enable power_save_node for CX20722; this shouldn't lead to
    regression, hopefully
    - Kabylake HDMI/DP codec support
    - Quirks for Lenovo E50-80, Dell Latitude E-series, and other Dell
    machines
    - A few code refactoring

    FireWire:
    - Lots of code cleanup and refactoring
    - Integrate the support of SCS.1x devices into snd-oxfw driver;
    snd-scs1x driver is obsoleted

    USB-audio:
    - Fix possible NULL dereference at disconnection
    - A regression fix for Native Instruments devices

    Misc:
    - A few code cleanups of fm801 driver"

    * tag 'sound-4.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (722 commits)
    ALSA: timer: Code cleanup
    ALSA: timer: Harden slave timer list handling
    ALSA: hda - Add fixup for Dell Latitidue E6540
    ALSA: timer: Fix race among timer ioctls
    ALSA: hda - add codec support for Kabylake display audio codec
    ALSA: timer: Fix double unlink of active_list
    ALSA: usb-audio: Fix mixer ctl regression of Native Instrument devices
    ALSA: hda - fix the headset mic detection problem for a Dell laptop
    ALSA: hda - Fix white noise on Dell Latitude E5550
    ALSA: hda_intel: add card number to irq description
    ALSA: seq: Fix race at timer setup and close
    ALSA: seq: Fix missing NULL check at remove_events ioctl
    ALSA: usb-audio: Avoid calling usb_autopm_put_interface() at disconnect
    ASoC: hdac_hdmi: remove unused hdac_hdmi_query_pin_connlist
    ASoC: AMD: Add missing include file
    ALSA: hda - Fixup inverted internal mic for Lenovo E50-80
    ALSA: usb: Add native DSD support for Oppo HA-1
    ASoC: Make aux_dev more like a generic component
    ASoC: bcm2835: cleanup includes by ordering them alphabetically
    ASoC: AMD: Manage ACP 2.x SRAM banks power
    ...

    Linus Torvalds
     

31 Dec, 2015

1 commit

08 Dec, 2015

1 commit

26 Jun, 2015

1 commit

  • 4570a3716   Merge tag 'sound-4.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound ... Browse Code »

    Pull sound updates from Takashi Iwai:
    "It was a busy development cycle at this time, as you can see a wide
    range of changes in diffstat. There are no big changes but many
    refactoring and improvements. Here we go some highlights:

    ALSA core:
    - Procfs codes were cleaned up to use seq_file
    - Procfs can be opt out via Kconfig (only for EXPERT)
    - Two types of jack API were unified finally; now both kctl and input
    jack devs are handled via a single function call.

    HD-audio:
    - Continued code restructuring for the future ASoC driver; now HDA
    controller driver is split to a core helper module.
    - Preliminary codes for Skylake audio support in HDA core.
    - Proper i915 gfx power well management for SKL & co
    - Enabled runtime PM as default for Intel HDMI/DP codecs
    - Newer Tegra chip supports
    - More quirks for Dell headsets, Alienware (with CA0132), etc.
    - A couple of DRM ELD helper API functions

    ASoC:
    - Support for loading ASoC topology maps from firmware, intended to
    be used to allow self-describing DSP firmware images to be built
    which can map controls added by the DSP to userspace without the
    kernel needing to know about individual DSP firmwares
    - Lots of refactoring to avoid direct access to snd_soc_codec where
    it's not needed supporting future refactoring
    - Big refactoring, cleanup and enhancement for the Wolfson ADSP
    driver
    - Cleanup series for TI TAS2552 and R-CAR drivers
    - Fixes and improvements on RT56xx codecs
    - Support for TI TAS571x power amplifiers
    - Support for Qualcomm APQ8016 and ZTE ZX296702 SoCs
    - Support for x86 systems with RT5650 and Qualcomm Storm
    - Support for Mediatek AFE (Audio Front End) unit
    - Other various small fixes to ASoC codec drivers

    Firewire:
    - Enhanced to allow non-blocking streams to use timestamp
    synchronization
    - Improve support for DM1500 and BeBoBv3

    Misc:
    - Cleanup of old pci API functions over all PCI sound drivers
    - Fix long-standing regression of the old powermac i2c setup"

    * tag 'sound-4.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (533 commits)
    ALSA: pcm: Fix pcm_class sysfs output
    ALSA: hda-beep: Update authors dead email address
    ASoC: wm_adsp: Move DSP Rate controls into the codec
    ASoC: wm8995: Fix setting sysclk for WM8995_SYSCLK_MCLK2 case
    ALSA: hda: provide default bus io ops extended hdac
    ALSA: hda: add hda link cleanup routine
    ALSA: hda: add hdac_ext stream creation and cleanup routines
    ASoC: rsrc-card: remove unused ret
    ALSA: HDAC: move SND_HDA_PREALLOC_SIZE to core
    ASoC: mediatek: Add machine driver for rt5650 rt5676 codec
    ASoC: mediatek: Add machine driver for MAX98090 codec
    ASoC: mediatek: Add AFE platform driver
    ASoC: rsnd: remove io from rsnd_mod
    ASoC: rsnd: move rsnd_mod_is_working() to rsnd_io_is_working()
    ASoC: rsnd: don't use rsnd_mod_to_io() on snd_kcontrol
    ASoC: rsnd: don't use rsnd_mod_to_io() on rsnd_src_xxx()
    ASoC: rsnd: don't use rsnd_mod_to_io() on rsnd_ssi_xxx()
    ASoC: rsnd: don't use rsnd_mod_to_io() on rsnd_dma_xxx()
    ASoC: rsnd: don't use rsnd_mod_to_io() on rsnd_get_adinr()
    ASoC: rsnd: add common interrupt handler for SSI/SRC/DMA
    ...

    Linus Torvalds
     

29 May, 2015

3 commits

26 May, 2015

1 commit

  • e4c286880   ALSA: dummy: make local data static ... Browse Code »

    Add missing prefix to make some local data static.

    Spotted by sparse:
    sound/drivers/dummy.c:159:20: warning: symbol 'model_emu10k1' was not declared. Should it be static?
    sound/drivers/dummy.c:165:20: warning: symbol 'model_rme9652' was not declared. Should it be static?
    ....

    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

12 May, 2015

1 commit

22 Apr, 2015

1 commit

  • 447fbbdc2   sound: Use hrtimer_resolution instead of hrtimer_get_res() ... Browse Code »

    No point in converting a timespec now that the value is directly
    accessible. Get rid of the null check while at it. Resolution is
    guaranteed to be > 0.

    Signed-off-by: Thomas Gleixner
    Acked-by: Takashi Iwai
    Acked-by: Peter Zijlstra
    Cc: Preeti U Murthy
    Cc: Viresh Kumar
    Cc: Marcelo Tosatti
    Cc: Frederic Weisbecker
    Cc: Jaroslav Kysela
    Cc: alsa-devel@alsa-project.org
    Link: http://lkml.kernel.org/r/20150414203500.799133359@linutronix.de
    Signed-off-by: Thomas Gleixner

    Thomas Gleixner
     

09 Mar, 2015

1 commit

06 Mar, 2015

1 commit

  • d12438067   ALSA: opl3: small array underflow ... Browse Code »

    There is a missing lower bound check on "pitchbend" so it means we can
    read up to 6 elements before the start of the opl3_note_table[] array.

    Thanks to Clemens Ladisch for his help with this patch.

    Signed-off-by: Dan Carpenter
    Signed-off-by: Takashi Iwai

    Dan Carpenter
     

12 Feb, 2015

1 commit

  • 056622053   ALSA: seq: Define driver object in each driver ... Browse Code »

    This patch moves the driver object initialization and allocation to
    each driver's module init/exit code like other normal drivers. The
    snd_seq_driver struct is now published in seq_device.h, and each
    driver is responsible to define it with proper driver attributes
    (name, probe and remove) with snd_seq_driver specific attributes as id
    and argsize fields. The helper functions snd_seq_driver_register(),
    snd_seq_driver_unregister() and module_snd_seq_driver() are used for
    simplifying codes.

    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

29 Jan, 2015

1 commit

28 Jan, 2015

1 commit

19 Jan, 2015

6 commits

04 Jan, 2015

1 commit

02 Jan, 2015

1 commit

15 Dec, 2014

1 commit

  • e6b5be2be   Merge tag 'driver-core-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core ... Browse Code »

    Pull driver core update from Greg KH:
    "Here's the set of driver core patches for 3.19-rc1.

    They are dominated by the removal of the .owner field in platform
    drivers. They touch a lot of files, but they are "simple" changes,
    just removing a line in a structure.

    Other than that, a few minor driver core and debugfs changes. There
    are some ath9k patches coming in through this tree that have been
    acked by the wireless maintainers as they relied on the debugfs
    changes.

    Everything has been in linux-next for a while"

    * tag 'driver-core-3.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (324 commits)
    Revert "ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries"
    fs: debugfs: add forward declaration for struct device type
    firmware class: Deletion of an unnecessary check before the function call "vunmap"
    firmware loader: fix hung task warning dump
    devcoredump: provide a one-way disable function
    device: Add dev__once variants
    ath: ath9k: use debugfs_create_devm_seqfile() helper for seq_file entries
    ath: use seq_file api for ath9k debugfs files
    debugfs: add helper function to create device related seq_file
    drivers/base: cacheinfo: remove noisy error boot message
    Revert "core: platform: add warning if driver has no owner"
    drivers: base: support cpu cache information interface to userspace via sysfs
    drivers: base: add cpu_device_create to support per-cpu devices
    topology: replace custom attribute macros with standard DEVICE_ATTR*
    cpumask: factor out show_cpumap into separate helper function
    driver core: Fix unbalanced device reference in drivers_probe
    driver core: fix race with userland in device_add()
    sysfs/kernfs: make read requests on pre-alloc files use the buffer.
    sysfs/kernfs: allow attributes to request write buffer be pre-allocated.
    fs: sysfs: return EGBIG on write if offset is larger than file size
    ...

    Linus Torvalds
     

01 Dec, 2014

1 commit

  • fc5d3c70f   ALSA: virmidi: Fix wrong error check ... Browse Code »

    While rewriting the code in the previous commit [316638a5030a: ALSA:
    virmidi: fixed code style issues], the error check was wrongly
    converted. This resulted an Oops.

    Fixes: 316638a5030a ('ALSA: virmidi: fixed code style issues')
    Reported-by: Fengguang Wu
    Signed-off-by: Takashi Iwai

    Takashi Iwai
     

30 Nov, 2014

1 commit

11 Nov, 2014

1 commit

21 Oct, 2014

2 commits

20 Oct, 2014

2 commits