summaryrefslogtreecommitdiff
path: root/sound/drivers/dummy.c
AgeCommit message (Collapse)Author
2016-06-24ALSA: dummy: Fix a use-after-free at closingTakashi Iwai
syzkaller fuzzer spotted a potential use-after-free case in snd-dummy driver when hrtimer is used as backend: > ================================================================== > BUG: KASAN: use-after-free in rb_erase+0x1b17/0x2010 at addr ffff88005e5b6f68 > Read of size 8 by task syz-executor/8984 > ============================================================================= > BUG kmalloc-192 (Not tainted): kasan: bad access detected > ----------------------------------------------------------------------------- > > Disabling lock debugging due to kernel taint > INFO: Allocated in 0xbbbbbbbbbbbbbbbb age=18446705582212484632 > .... > [< none >] dummy_hrtimer_create+0x49/0x1a0 sound/drivers/dummy.c:464 > .... > INFO: Freed in 0xfffd8e09 age=18446705496313138713 cpu=2164287125 pid=-1 > [< none >] dummy_hrtimer_free+0x68/0x80 sound/drivers/dummy.c:481 > .... > Call Trace: > [<ffffffff8179e59e>] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:333 > [< inline >] rb_set_parent include/linux/rbtree_augmented.h:111 > [< inline >] __rb_erase_augmented include/linux/rbtree_augmented.h:218 > [<ffffffff82ca5787>] rb_erase+0x1b17/0x2010 lib/rbtree.c:427 > [<ffffffff82cb02e8>] timerqueue_del+0x78/0x170 lib/timerqueue.c:86 > [<ffffffff814d0c80>] __remove_hrtimer+0x90/0x220 kernel/time/hrtimer.c:903 > [< inline >] remove_hrtimer kernel/time/hrtimer.c:945 > [<ffffffff814d23da>] hrtimer_try_to_cancel+0x22a/0x570 kernel/time/hrtimer.c:1046 > [<ffffffff814d2742>] hrtimer_cancel+0x22/0x40 kernel/time/hrtimer.c:1066 > [<ffffffff85420531>] dummy_hrtimer_stop+0x91/0xb0 sound/drivers/dummy.c:417 > [<ffffffff854228bf>] dummy_pcm_trigger+0x17f/0x1e0 sound/drivers/dummy.c:507 > [<ffffffff85392170>] snd_pcm_do_stop+0x160/0x1b0 sound/core/pcm_native.c:1106 > [<ffffffff85391b26>] snd_pcm_action_single+0x76/0x120 sound/core/pcm_native.c:956 > [<ffffffff85391e01>] snd_pcm_action+0x231/0x290 sound/core/pcm_native.c:974 > [< inline >] snd_pcm_stop sound/core/pcm_native.c:1139 > [<ffffffff8539754d>] snd_pcm_drop+0x12d/0x1d0 sound/core/pcm_native.c:1784 > [<ffffffff8539d3be>] snd_pcm_common_ioctl1+0xfae/0x2150 sound/core/pcm_native.c:2805 > [<ffffffff8539ee91>] snd_pcm_capture_ioctl1+0x2a1/0x5e0 sound/core/pcm_native.c:2976 > [<ffffffff8539f2ec>] snd_pcm_kernel_ioctl+0x11c/0x160 sound/core/pcm_native.c:3020 > [<ffffffff853d9a44>] snd_pcm_oss_sync+0x3a4/0xa30 sound/core/oss/pcm_oss.c:1693 > [<ffffffff853da27d>] snd_pcm_oss_release+0x1ad/0x280 sound/core/oss/pcm_oss.c:2483 > ..... A workaround is to call hrtimer_cancel() in dummy_hrtimer_sync() which is called certainly before other blocking ops. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-02-08ALSA: dummy: Implement timer backend switching more safelyTakashi Iwai
Currently the selected timer backend is referred at any moment from the running PCM callbacks. When the backend is switched, it's possible to lead to inconsistency from the running backend. This was pointed by syzkaller fuzzer, and the commit [7ee96216c31a: ALSA: dummy: Disable switching timer backend via sysfs] disabled the dynamic switching for avoiding the crash. This patch improves the handling of timer backend switching. It keeps the reference to the selected backend during the whole operation of an opened stream so that it won't be changed by other streams. Together with this change, the hrtimer parameter is reenabled as writable now. NOTE: this patch also turned out to fix the still remaining race. Namely, ops was still replaced dynamically at dummy_pcm_open: static int dummy_pcm_open(struct snd_pcm_substream *substream) { .... dummy->timer_ops = &dummy_systimer_ops; if (hrtimer) dummy->timer_ops = &dummy_hrtimer_ops; Since dummy->timer_ops is common among all streams, and when the replacement happens during accesses of other streams, it may lead to a crash. This was actually triggered by syzkaller fuzzer and KASAN. This patch rewrites the code not to use the ops shared by all streams any longer, too. BugLink: http://lkml.kernel.org/r/CACT4Y+aZ+xisrpuM6cOXbL21DuM0yVxPYXf4cD4Md9uw0C3dBQ@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-01-28ALSA: dummy: Disable switching timer backend via sysfsTakashi Iwai
ALSA dummy driver can switch the timer backend between system timer and hrtimer via its hrtimer module option. This can be also switched dynamically via sysfs, but it may lead to a memory corruption when switching is done while a PCM stream is running; the stream instance for the newly switched timer method tries to access the memory that was allocated by another timer method although the sizes differ. As the simplest fix, this patch just disables the switch via sysfs by dropping the writable bit. BugLink: http://lkml.kernel.org/r/CACT4Y+ZGEeEBntHW5WHn2GoeE0G_kRrCmUh6=dWyy-wfzvuJLg@mail.gmail.com Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-12-30ALSA: dummy: constify dummy_timer_ops structuresJulia Lawall
The dummy_timer_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-05-29ALSA: dummy: Replace CONFIG_PROC_FS with CONFIG_SND_PROC_FSTakashi Iwai
Although there shouldn't be a problem in practice (the compiler should handle well), it's better to follow to the new Kconfig. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-05-26ALSA: dummy: make local data staticTakashi Iwai
Add missing prefix to make some local data static. Spotted by sparse: sound/drivers/dummy.c:159:20: warning: symbol 'model_emu10k1' was not declared. Should it be static? sound/drivers/dummy.c:165:20: warning: symbol 'model_rme9652' was not declared. Should it be static? .... Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-19ALSA: dummy: use setup_timer and mod_timerRoman Kollar
Use setup_timer and mod_timer instead of structure assignments as it is the preferred way to setup and set the timer. Signed-off-by: Roman Kollar <rkollar@mail.muni.cz> Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-10-20ALSA: drivers: drop owner assignment from platform_driversWolfram Sang
A platform_driver does not need to set an owner, it will be populated by the driver core. Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2014-02-12ALSA: drivers: Convert to snd_card_new() with a device pointerTakashi Iwai
Also remove superfluous snd_card_set_dev() calls. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-07-21ALSA: replace strict_strto*() with kstrto*()Jingoo Han
The usage of strict_strto*() is not preferred, because strict_strto*() is obsolete. Thus, kstrto*() should be used. Signed-off-by: Jingoo Han <jg1.han@samsung.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-05-29ALSA: Remove the rest of *_set_drvdata(NULL) callsTakashi Iwai
A few calls are still left in parport drivers after this commit, which I'm not quite sure yet. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-12-07ALSA: drivers: remove __dev* attributesBill Pemberton
CONFIG_HOTPLUG is going away as an option. As result the __dev* markings will be going away. Remove use of __devinit, __devexit_p, __devinitdata, __devinitconst, and __devexit. Signed-off-by: Bill Pemberton <wfp5p@virginia.edu> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-10-20ALSA: dummy: allow disabling mixer controlsClemens Ladisch
To make the testing of deactivated mixer controls easier (and for people with common hardware, possible), add a control that deactivates some other controls. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
2012-08-09ALSA: platform: Check CONFIG_PM_SLEEP instead of CONFIG_PMTakashi Iwai
When CONFIG_PM is set but CONFIG_PM_SLEEP is unset, SIMPLE_DEV_PM_OPS() ignores the given functions, and this leads to compile warnings. For avoiding this, simply check CONFIG_PM_SLEEP instead of CONFIG_PM. Reported-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-07-03ALSA: convert PM ops of platform_driver to new pm opsTakashi Iwai
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-07-02ALSA: Add missing .owner=THIS_MODULE to platform_driver definitionsTakashi Iwai
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-12-19ALSA: module_param: make bool parameters really boolRusty Russell
module_param(bool) used to counter-intuitively take an int. In fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy trick. It's time to remove the int/unsigned int option. For this version it'll simply give a warning, but it'll break next kernel version. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2011-10-31sound: fix drivers needing module.h not moduleparam.hPaul Gortmaker
The implicit presence of module.h lured several users into incorrectly thinking that they only needed/used modparam.h but once we clean up the module.h presence, these will show up as build failures, so fix 'em now. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2010-02-02ALSA: dummy driver - add model parameterJaroslav Kysela
This is a cleanup for the dummy driver. The model kernel module parameter is introduced to select the soundcard emulation. Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2009-11-02ALSA: dummy - Fix descriptions of pcm_substreams parameterTakashi Iwai
Now up to 128 substreams are supported. Reported-by: Adrian Bridgett <adrian@smop.co.uk> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-10-30ALSA: sound: Move dereference after NULL test and drop unnecessary NULL testsJulia Lawall
In pcm.c, if the NULL test on pcm is needed, then the dereference should be after the NULL test. In dummy.c and ali5451.c, the context of the calls to snd_card_dummy_new_mixer and snd_ali_free_voice show that dummy and pvoice, respectively cannot be NULL. A simplified version of the semantic match that detects this problem is as follows (http://coccinelle.lip6.fr/): // <smpl> @match exists@ expression x, E; identifier fld; @@ * x->fld ... when != \(x = E\|&x\) * x == NULL // </smpl> Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-08ALSA: dummy - Increase MAX_PCM_SUBSTREAMS to 128Takashi Iwai
Increase the limit of PCM substreams to 128. The default value is unchanged; only the max accept value is increased. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-08ALSA: dummy - Add debug proc fileTakashi Iwai
Added the debug proc file to see or change the snd_pcm_hardware fields to emulate. The parameters can be changed by writing to a proc file like: # echo periods_min 4 > /proc/asound/card1/dummy_pcm Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-07ALSA: dummy - Fake buffer allocationsTakashi Iwai
Instead of allocating the real buffers, use a fake buffer and ignore read/write in the dummy driver so that we can save the resources. For mmap, a single page (unique to the direction, though) is reused to all buffers. When the app requires to read/write the real buffers, pass fake_buffer=0 module option at loading time. This will get back to the old behavior. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-04ALSA: dummy - Fix the timer calculation in systimer modeTakashi Iwai
Fix the expire-time calculation in the systimer mode when the buffer size isn't aligned to the period size. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-03ALSA: dummy - Better jiffies handlingTakashi Iwai
In the system-timer mode, snd-dummy driver issues each tick to update the position. This is highly inefficient and even inaccurate if the timer can't be triggered at each tick. Now rewritten to wake up only at the period boundary. The position is calculated from the current jiffies. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-09-03ALSA: dummy - Support high-res timer modeTakashi Iwai
Allow snd-dummy driver to use high-res timer as its timing source instead of the system timer. The new module option "hrtimer" is added to turn on/off the high-res timer support. It can be switched even dynamically via sysfs. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-01-12ALSA: Convert to snd_card_create() in other sound/*Takashi Iwai
Convert from snd_card_new() to the new snd_card_create() function in other sound subdirectories. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-10-19ALSA: misc typo fixesMariusz Kozlowski
Fixed typos in disabled codes via #if 0. Signed-off-by: Mariusz Kozlowski <m.kozlowski@tuxland.pl> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-08-15ALSA: dummy driver - do not use assignment in if conditionJaroslav Kysela
checkpatch.pl does not like assignment in if condition Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-08-15sound: Fix esoteric double free in the dummy sound driver.Daniel THOMPSON
The dummy driver uses runtime->private_free but still frees its pcm structures on error paths. This is esoteric because the error paths in question are unreachable. Thus the bug is only a problem when someone copies this code into other drivers. Signed-off-by: Daniel R Thompson <daniel.thompson@st.com> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-08-13ALSA: Kill snd_assert() in other placesTakashi Iwai
Kill snd_assert() in other places, either removed or replaced with if () with snd_BUG_ON(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-04-24[ALSA] sound/drivers/dummy.c: fix negative snd_pcm_format_width() checkRoel Kluin
bps is unsigned, a negative snd_pcm_format_width() return value is not noticed Signed-off-by: Roel Kluin <12o3l@tiscali.nl> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-04-24[ALSA] snd-dummy - better realtime app supportAhmet İnan
when the time interval for a period is smaller than kernel HZ, then snd-aloop and snd-dummy cannot call snd_pcm_period_elapsed as fast enough annymore. this happens for example with games. but the app still needs to see, that the buffer actually did go further, which is provided by these patches. Signed-off-by: Ahmet İnan <ainan <at> mathematik.uni-freiburg.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-04-24[ALSA] snd-dummy - improved timing, silence on prepareAhmet İnan
Signed-off-by: Ahmet İnan <ainan <at> mathematik.uni-freiburg.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-01-31[ALSA] Remove sound/driver.hTakashi Iwai
This header file exists only for some hacks to adapt alsa-driver tree. It's useless for building in the kernel. Let's move a few lines in it to sound/core.h and remove it. With this patch, sound/driver.h isn't removed but has just a single compile warning to include it. This should be really killed in future. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-10-16[ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.czJaroslav Kysela
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-10-16[ALSA] Clean up with common snd_ctl_boolean_*_info callbacksTakashi Iwai
Clean up codes using the new common snd_ctl_boolean_*_info() callbacks. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-07-20[ALSA] more section mismatchesRandy Dunlap
Something about __init_or_module isn't working as expected (?). CONFIG_HOTPLUG=y CONFIG_MODULES=n Fix shared init/exit code helper: WARNING: sound/built-in.o(.exit.text+0x243): Section mismatch: reference to .init.text: (between 'alsa_card_mpu401_exit' and 'ac97_bus_exit') WARNING: sound/built-in.o(.exit.text+0x21b): Section mismatch: reference to .init.text: (between 'alsa_card_dummy_exit' and 'alsa_card_serial_exit') Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-02-14[ALSA] Fix __devinit and __devexit issues with sound driversPrarit Bhargava
Fix __devinit and __devexit issues with sound drivers. Resolves MODPOST warnings similar to: WARNING: sound/drivers/snd-dummy.o - Section mismatch: reference to .init.text:snd_dummy_probe from .data.rel.local between 'snd_dummy_driver' (at offset 0x0) and 'snd_dummy_controls' WARNING: sound/drivers/snd-mtpav.o - Section mismatch: reference to .init.text:snd_mtpav_probe from .data.rel.local between 'snd_mtpav_driver' (at offset 0x0) and 'snd_mtpav_input' WARNING: sound/drivers/snd-virmidi.o - Section mismatch: reference to .init.text:snd_virmidi_probe from .data.rel.local after 'snd_virmidi_driver' (at offset 0x0) Signed-off-by: Prarit Bhargava <prarit@redhat.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-02-09[ALSA] Add even more 'const' to everything related to TLVTakashi Iwai
Mark TLV data as 'const' Signed-of-by: Philipp Matthias Hahn <pmhahn@pmhahn.de> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23[ALSA] Add dB scale information to dummy driverTakashi Iwai
Added the dB scale information to dummy driver. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23[ALSA] Fix some typos in snd-dummy driverTakashi Iwai
Fixed some typos in snd-dummy driver. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-06-22[ALSA] unregister platform device again if probe was unsuccessfulRene Herman
This second one unregisters the platform device again when the probe is unsuccesful for sound/drivers, sound/arm/sa11xx-uda1341.c and sound/ppc/powermac.c. This gets them all. Signed-off-by: Rene Herman <rene.herman@keyaccess.nl> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-04-27[ALSA] continue on IS_ERR from platform device registrationRene Herman
I previously only concerned myself with sound/isa. When I now checked for more platform_device_register_simple() usages in ALSA I found a couple more drivers that needed the same patches as already submitted for all the ISA drivers. This first one is the continue-on-iserr patch for sound/drivers. This gets them all. Signed-off-by: Rene Herman <rene.herman@keyaccess.nl> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-03-22[ALSA] Fix check of enable module optionTakashi Iwai
Fix the check of enable module option in probe of platform_device drivers. It shouldn't break the loop but just ignore if enable[i] is false. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-01-04[ALSA] dummy driver - added CA0106 emulation definesJaroslav Kysela
Modules: Generic drivers Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-01-03[ALSA] unregister platform devicesClemens Ladisch
Call platform_device_unregister() for all platform devices that we've registered. Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
2006-01-03[ALSA] Fix possible races in timer callbacksTakashi Iwai
Fix possible races in timer callbacks. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-01-03[ALSA] dummy - Use platform_deviceTakashi Iwai
Modules: Generic drivers Rewrite the probe/remove code using platform_device. Added the suspend/resume support, too. Signed-off-by: Takashi Iwai <tiwai@suse.de>