The "info.index" variable can be 31 in "1 << info.index".
This might trigger an undefined behavior since 1 is signed.
Fix this by casting 1 to 1u just to be sure "1u << 31" is defined.
Signed-off-by: Changming Liu <liu.changm@northeastern.edu>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/BL0PR06MB4548170B842CB055C9AF695DE5B00@BL0PR06MB4548.namprd06.prod.outlook.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
There is a corner case that ALSA keeps increasing the hw_ptr but DMA
already stop working/updating the position for a long time.
In following log we can see the position returned from DMA driver does
not move at all but the hw_ptr got increased at some point of time so
snd_pcm_avail() will return a large number which seems to be a buffer
underrun event from user space program point of view. The program
thinks there is space in the buffer and fill more data.
[ 418.510086] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 4096 avail 12368
[ 418.510149] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 6910 avail 9554
...
[ 418.681052] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 15102 avail 1362
[ 418.681130] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
[ 418.726515] sound pcmC0D5p: pos 96 hw_ptr 16464 appl_ptr 16464 avail 16368
This is because the hw_base will be increased by runtime->buffer_size
frames unconditionally if the hw_ptr is not updated for over half of
buffer time. As the hw_base increases, so does the hw_ptr increased
by the same number.
The avail value returned from snd_pcm_avail() could exceed the limit
(buffer_size) easily becase the hw_ptr itself got increased by same
buffer_size samples when the corner case happens. In following log,
the buffer_size is 16368 samples but the avail is 21810 samples so
CRAS server complains about it.
[ 418.851755] sound pcmC0D5p: pos 96 hw_ptr 16464 appl_ptr 27390 avail 5442
[ 418.926491] sound pcmC0D5p: pos 96 hw_ptr 32832 appl_ptr 27390 avail 21810
cras_server[1907]: pcm_avail returned frames larger than buf_size:
sof-glkda7219max: :0,5: 21810 > 16368
By updating runtime->hw_ptr_jiffies each time the HWSYNC is called,
the hw_base will keep the same when buffer stall happens at long as
the interval between each HWSYNC call is shorter than half of buffer
time.
Following is a log captured by a patched kernel. The hw_base/hw_ptr
value is fixed in this corner case and user space program should be
aware of the buffer stall and handle it.
[ 293.525543] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 4096 avail 12368
[ 293.525606] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 6880 avail 9584
[ 293.525975] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 10976 avail 5488
[ 293.611178] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 15072 avail 1392
[ 293.696429] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
...
[ 381.139517] sound pcmC0D5p: pos 96 hw_ptr 96 appl_ptr 16464 avail 0
Signed-off-by: Brent Lu <brent.lu@intel.com>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/1589776238-23877-1-git-send-email-brent.lu@intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertently introduced[3] to the codebase from now on.
Also, notice that, dynamic memory allocations won't be affected by
this change:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."[1]
sizeof(flexible-array-member) triggers a warning because flexible array
members have incomplete type[1]. There are some instances of code in
which the sizeof operator is being incorrectly/erroneously applied to
zero-length arrays and the result is zero. Such instances may be hiding
some bugs. So, this work (flexible-array member conversions) will also
help to get completely rid of those sorts of issues.
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit 7649773293 ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20200507192223.GA16335@embeddedor
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The rawmidi core allows user to resize the runtime buffer via ioctl,
and this may lead to UAF when performed during concurrent reads or
writes: the read/write functions unlock the runtime lock temporarily
during copying form/to user-space, and that's the race window.
This patch fixes the hole by introducing a reference counter for the
runtime buffer read/write access and returns -EBUSY error when the
resize is performed concurrently against read/write.
Note that the ref count field is a simple integer instead of
refcount_t here, since the all contexts accessing the buffer is
basically protected with a spinlock, hence we need no expensive atomic
ops. Also, note that this busy check is needed only against read /
write functions, and not in receive/transmit callbacks; the race can
happen only at the spinlock hole mentioned in the above, while the
whole function is protected for receive / transmit callbacks.
Reported-by: butt3rflyh4ck <butterflyhuangxx@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/CAFcO6XMWpUVK_yzzCpp8_XP7+=oUpQvuBeCbMffEDkpe8jWrfg@mail.gmail.com
Link: https://lore.kernel.org/r/s5heerw3r5z.wl-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
[ This is again a forward-port of the fix applied for 5.6-base code
(commit 4285de0725) to 5.7-base, hence neither Fixes nor
Cc-to-stable tags are included here -- tiwai ]
The checks of the plugin buffer overflow in the previous fix by commit
f2ecf903ef ("ALSA: pcm: oss: Avoid plugin buffer overflow")
are put in the wrong places mistakenly, which leads to the expected
(repeated) sound when the rate plugin is involved. Fix in the right
places.
Also, at those right places, the zero check is needed for the
termination node, so added there as well, and let's get it done,
finally.
Link: https://lore.kernel.org/r/20200424193843.20397-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
A collection of small fixes gathered since the previous update.
* ALSA core:
- Regression fix for OSS PCM emulation
* ASoC:
- Trivial fixes in reg bit mask ops, DAPM, DPCM and topology
- Lots of fixes for Intel-based devices
- Minor fixes for AMD, STM32, Qualcomm, Realtek
* Others
- Fixes for the bugs in mixer handling in HD-audio and ice1724
drivers that were caught by the recent kctl validator
- New quirks for HD-audio and USB-audio
Also this contains a fix for EDD firmware fix, which slipped
from anyone's hands.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl6PLNAOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE9Dww//S7LOszzp3CczyVzNzR6XHGArnpWHmQrol+ab
cwL+Vs30vnlvLTnbyER6q5DeGpBhMfQozp8Ac/LeTd0g3hdh4pIOT2K7oF4MWrk8
rVlZXI/Q8fKRC5jQR1MedA+naH+1JRKnY7+WqjKlUoDDJaZTygCFADHY4OMtfa7a
n93d1cAbiUMF+q8CAnxHsNcs6/7rUQiY7HcKrUcNyj8BNaWhWYffMhA8cY6S+8Q7
9fnjOOc/m5Wy3xTnXHeHlaaqRri8y9t21wXX4vPQZtPPqZ280qqlGcl2nGH4rAVn
Hl8I6W7Z/fFZao6oZPf8bBDGFiBjb3/6Q8593xB+m85xqfepgbqP0vHDpqOU5hUR
2rYZIrJOrlYPslIyujhNtCw4OTy6OqbHoZ5iWe0JMXH6u0Ht/XwVx3GCHaupe9gG
km7FsHfjDw9kkfwImIE7qJTvvTt9l8EZbeCR4zAn204kJkkumlogMYIlcYO2noN4
dItCeeF7iMhUlgFehsbLw9MEz1bHxMsjKedF97hAlKXwKoz2tM00du84pEs3JaGX
BCcUke/smVeFUOV8hLOZx1G2e9kR/dHESOOp/1pGJgvNlbboXSyoZNyk9zIlvntx
uLGon2qYAVXwEmfqQkSAwc/dxuyaYYZVhlXNBQXX6hQC+zw1e9yYddnpY+HX/1r0
6qDJW4k=
=mFJY
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of small fixes gathered since the previous update.
ALSA core:
- Regression fix for OSS PCM emulation
ASoC:
- Trivial fixes in reg bit mask ops, DAPM, DPCM and topology
- Lots of fixes for Intel-based devices
- Minor fixes for AMD, STM32, Qualcomm, Realtek
Others:
- Fixes for the bugs in mixer handling in HD-audio and ice1724
drivers that were caught by the recent kctl validator
- New quirks for HD-audio and USB-audio
Also this contains a fix for EDD firmware fix, which slipped from
anyone's hands"
* tag 'sound-fix-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (35 commits)
ALSA: hda: Add driver blacklist
ALSA: usb-audio: Add mixer workaround for TRX40 and co
ALSA: hda/realtek - Add quirk for MSI GL63
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: hda: Fix potential access overflow in beep helper
ASoC: cs4270: pull reset GPIO low then high
ALSA: hda/realtek - Add HP new mute led supported for ALC236
ALSA: hda/realtek - Add supported new mute Led for HP
ASoC: rt5645: Add platform-data for Medion E1239T
ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet
ASoC: stm32: sai: Add missing cleanup
ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S
ASoC: Intel: atom: Fix uninitialized variable compiler warning
ASoC: Intel: atom: Check drv->lock is locked in sst_fill_and_send_cmd_unlocked
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
ASoC: SOF: Turn "firmware boot complete" message into a dbg message
ALSA: usb-audio: Add Pioneer DJ DJM-250MK2 quirk
ALSA: pcm: oss: Fix regression by buffer overflow fix (again)
ALSA: pcm: oss: Fix regression by buffer overflow fix
edd: Use scnprintf() for avoiding potential buffer overflow
...
[ This is essentially the same fix as commit ae769d3556, but it's
adapted to the latest code for 5.7; hence it contains no Fixes or
other tags for avoid backport confusion -- tiwai ]
The recent fix for the OOB access in PCM OSS plugins (commit
f2ecf903ef: "ALSA: pcm: oss: Avoid plugin buffer overflow") caused a
regression on OSS applications. The patch introduced the size check
in client and slave size calculations to limit to each plugin's buffer
size, but I overlooked that some code paths call those without
allocating the buffer but just for estimation.
This patch fixes the bug by skipping the size check for those code
paths while keeping checking in the actual transfer calls.
Link: https://lore.kernel.org/r/20200403073818.27943-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This became again a busy development cycle. There are a few ALSA
core updates (merely API cleanups and sparse fixes), while majority
of other changes are found in ASoC scene.
Here are some highlights:
* ALSA core:
- More helper macros for sparse warning fixes (e.g. bitwise types)
- Slight optimization of PCM OSS locks
- Make common handling for PCM / compress buffers (for SOF)
* ASoC:
- Lots of code refactoring and modernization for (still ongoing)
componentization works
- Conversion of SND_SOC_ALL_CODECS to use imply
- Continued refactoring and fixing of the Intel SOF/SST support,
including the initial (but still incomplete) SoundWire support
- SoundWire and more advanced clocking support for Realtek RT5682
- Support for amlogic GX, Meson 8, Meson 8B and T9015 DAC, Broadcom
DSL/PON, Ingenic JZ4760 and JZ4770, Realtek RL6231, and TI TAS2563
and TLV320ADCX140
* HD-audio:
- Optimizations in HDMI jack handling
- A few new quirks and fixups for Realtek codecs
* USB-audio:
- Delayed registration support
- New quirks for Motu, Kingston, Presonus
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl6Fr0oOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+MFA//XZD6a6sVDCp1JvcT4yLn+xcpXPgT/HC/pUJb
fH4T629gGUG2OGmEQXWf86c8UkrKjNsdkK5ZNjg6PlYagGZEO5RlQA35EV0/6QTK
hQuRu8ALuVUnQBrB+knQRnlfa8hzXIaXWkriNi0s6V04iAlLJB1XqZ8/ckq3kWs2
UqQ7vkTRODRAivdH0a4KcN2hENSvPfBkNTjhTn+Gp86FC3PIGbN6XqcZWM0rpXQ7
qi9H9jVbavRCpHTPiV5DSZ6JyqqL/pT3LQ4GZIAf+i+frMGTIurB/7VUVIIuCFGT
hf1MRrEFo47ox+7RyhJpgPPJxHhNdY+z7uUQDc/hoN1tDlLhGeS2Wjmy3soLZ172
yVbun2z6jfVgm5lyHMqDnY71nCUVAgSWZwFbBtKMroLkw06X3P8ahTmad7Pnnut0
XbrYt29aKOkuf+ejeMaUAtuyW0nKUg68DqlX8wP1RvO1bvY4kGrEkVj3K3ktNZEr
GeZFLDDSMumxxXduX8vv/O5Z6MOGhq/toGjnYwnIOyzKR8uLEbUI4DIptUMoelgK
b7zIMbLjeoZ4ckeUKNdbmEuhbrWZ3oM6owKCPt4D9EBunK9nu//cq2nsfGuJGBbT
Swa+POYH89Au/22pYS0q3/fMAbEHctove/hvFiWoMRa3fNA2My2rMWwyaIAeW1Gl
CAwOXk8=
=fAMQ
-----END PGP SIGNATURE-----
Merge tag 'sound-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound updates from Takashi Iwai:
"This became again a busy development cycle. There are few ALSA core
updates (merely API cleanups and sparse fixes), with the majority of
other changes are found in ASoC scene.
Here are some highlights:
ALSA core:
- More helper macros for sparse warning fixes (e.g. bitwise types)
- Slight optimization of PCM OSS locks
- Make common handling for PCM / compress buffers (for SOF)
ASoC:
- Lots of code refactoring and modernization for (still ongoing)
componentization works
- Conversion of SND_SOC_ALL_CODECS to use imply
- Continued refactoring and fixing of the Intel SOF/SST support,
including the initial (but still incomplete) SoundWire support
- SoundWire and more advanced clocking support for Realtek RT5682
- Support for amlogic GX, Meson 8, Meson 8B and T9015 DAC, Broadcom
DSL/PON, Ingenic JZ4760 and JZ4770, Realtek RL6231, and TI TAS2563
and TLV320ADCX140
HD-audio:
- Optimizations in HDMI jack handling
- A few new quirks and fixups for Realtek codecs
USB-audio:
- Delayed registration support
- New quirks for Motu, Kingston, Presonus"
* tag 'sound-5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (415 commits)
ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
Revert "ALSA: uapi: Drop asound.h inclusion from asoc.h"
ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
ALSA: hda/realtek - a fake key event is triggered by running shutup
ALSA: hda: default enable CA0132 DSP support
ASoC: amd: acp3x-pcm-dma: clean up two indentation issues
ASoC: tlv320adcx140: Remove undocumented property
ASoC: Intel: sof_sdw: Add Volteer support with RT5682 SNDW helper function
ASoC: Intel: common: add match table for TGL RT5682 SoundWire driver
ASoC: Intel: boards: add sof_sdw machine driver
ASoC: Intel: soc-acpi: update topology and driver name for SoundWire platforms
ASoC: rt5682: move DAI clock registry to I2S mode
ASoC: pxa: magician: convert to use i2c_new_client_device()
ASoC: SOF: Intel: hda-ctrl: add reset cycle before parsing capabilities
Asoc: SOF: Intel: hda: check SoundWire wakeen interrupt in irq thread
ASoC: SOF: Intel: hda: add WAKEEN interrupt support for SoundWire
ASoC: SOF: Intel: hda: add parameter to control SoundWire clock stop quirks
ASoC: SOF: Intel: hda: merge IPC, stream and SoundWire interrupt handlers
...
This is a very big update for the core since Morimoto-san has been
rather busy continuing his refactorings to clean up a lot of the cruft
that we have accumilated over the years. We've also gained several new
drivers, including initial (but still not complete) parts of the Intel
SoundWire support.
- Lots of refactorings to modernize the code from Morimoto-san.
- Conversion of SND_SOC_ALL_CODECS to use imply from Geert Uytterhoeven.
- Continued refactoring and fixing of the Intel support.
- Soundwire and more advanced clocking support for Realtek RT5682.
- Support for amlogic GX, Meson 8, Meson 8B and T9015 DAC, Broadcom
DSL/PON, Ingenic JZ4760 and JZ4770, Realtek RL6231, and TI TAS2563 and
TLV320ADCX140.
-----BEGIN PGP SIGNATURE-----
iQFHBAABCgAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAl6B03sTHGJyb29uaWVA
a2VybmVsLm9yZwAKCRAk1otyXVSH0Jm5B/4pb6Hz1ifM+ikR4qB7BOdm/UGzxWlD
Mng+qN3kh6Tx+x8/xnQRmfOnhFoKnDSTnlxcDr6ujAtz3bH+CKXbo2jjfvmagQrW
j87tYGdh6T38E6mf6543Eth3zJGphZYUY70REXt0HsaQ8bA912nrs5H8LTFiD2i+
lBJd/MmlCYL3gb/ftN9dpTfYYdxLy9HH9j5tR5zpLN3AD3Hew9jHqqX+ioAk+6lA
Nisbx5grP10pWFklYXyJlUFQOqMOYMtPMblLRA9bjqcEtL3quIXPXKkPNtTh+0Kf
5t7Q39RtVXJAk0DcatjMJUGAGQyM9r5g1Nk8WLB1LLv+NfLcO6cUpLAc
=+z/q
-----END PGP SIGNATURE-----
Merge tag 'asoc-v5.7' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Updates for v5.7
This is a very big update for the core since Morimoto-san has been
rather busy continuing his refactorings to clean up a lot of the cruft
that we have accumilated over the years. We've also gained several new
drivers, including initial (but still not complete) parts of the Intel
SoundWire support.
- Lots of refactorings to modernize the code from Morimoto-san.
- Conversion of SND_SOC_ALL_CODECS to use imply from Geert Uytterhoeven.
- Continued refactoring and fixing of the Intel support.
- Soundwire and more advanced clocking support for Realtek RT5682.
- Support for amlogic GX, Meson 8, Meson 8B and T9015 DAC, Broadcom
DSL/PON, Ingenic JZ4760 and JZ4770, Realtek RL6231, and TI TAS2563 and
TLV320ADCX140.
A new small helper to get the current state of the device registration
for the given object. It'll be used for USB-audio driver to check the
delayed device registrations.
Link: https://lore.kernel.org/r/20200323170643.19181-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The virmidi driver handles sysex event exceptionally in a short-cut
snd_seq_dump_var_event() call, but this missed the reset of the
running status. As a result, it may lead to an incomplete command
right after the sysex when an event with the same running status was
queued.
Fix it by clearing the running status properly via alling
snd_midi_event_reset_decode() for that code path.
Reported-by: Andreas Steinmetz <ast@domdv.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/3b4a4e0f232b7afbaf0a843f63d0e538e3029bfd.camel@domdv.de
Link: https://lore.kernel.org/r/20200316090506.23966-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
show_pcm_class() returns obviously a short string that can't overflow
PAGE_SIZE. And even if it were to overflow, using snprintf() there is
just wrong, as it doesn't return the correct size.
So simplify with sprintf() instead.
Link: https://lore.kernel.org/r/20200313130223.8908-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The return value checks in snd_pcm_plug_alloc() are covered with
snd_BUG_ON() macro that may trigger a kernel WARNING depending on the
kconfig. But since the error condition can be triggered by a weird
user space parameter passed to OSS layer, we shouldn't give the kernel
stack trace just for that. As it's a normal error condition, let's
remove snd_BUG_ON() macro usage there.
Reported-by: syzbot+2a59ee7a9831b264f45e@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200312155730.7520-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Both snd_pcm_plug_client_size() and snd_pcm_plug_slave_size() do the
almost same calculations of calling src_frames() and dst_frames() in
the chain, but just to the different directions with each other.
This patch simplifies those functions. Now they return -EINVAL for
the invalid direction, but practically seen, there is no functional
changes at all.
Link: https://lore.kernel.org/r/20200309185855.15693-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Each OSS PCM plugins allocate its internal buffer per pre-calculation
of the max buffer size through the chain of plugins (calling
src_frames and dst_frames callbacks). This works for most plugins,
but the rate plugin might behave incorrectly. The calculation in the
rate plugin involves with the fractional position, i.e. it may vary
depending on the input position. Since the buffer size
pre-calculation is always done with the offset zero, it may return a
shorter size than it might be; this may result in the out-of-bound
access as spotted by fuzzer.
This patch addresses those possible buffer overflow accesses by simply
setting the upper limit per the given buffer size for each plugin
before src_frames() and after dst_frames() calls.
Reported-by: syzbot+e1fe9f44fb8ecf4fb5dd@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/000000000000b25ea005a02bcf21@google.com
Link: https://lore.kernel.org/r/20200309082148.19855-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
We are currently using simple-audio-card on the Allwinner A64 SoC.
The digital audio codec there (sun8i-codec) has 3 AIFs, one each for the
CPU, the modem, and Bluetooth. Adding support for the secondary AIFs
requires adding codec2codec DAI links.
Since the modem and bt-sco codec DAI drivers only have one set of
possible PCM parameters (namely, 8kHz mono S16LE), there's no real
need for a machine driver to specify the DAI link configuration. The
parameters for these "simple" DAI links can be chosen automatically.
This series adds codec2codec DAI link support to simple-audio-card.
Codec to codec links are automatically detected when all DAIs in the
link belong to codec components.
I tried to reuse as much code as possible, so the first two patches
refactor a couple of helper functions to be more generic.
The last patch adds the new feature and its documentation.
Changes in v4:
- Rebased on top of asoc/for-next, several changes to patch 2
- Removed unused variable from patch 3
Changes in v3:
- Update use of for_each_rtd_components for v5.6
Changes in v2:
- Drop patch 1 as it was merged
- Automatically detect codec2codec links instead of using a DT property
Samuel Holland (3):
ALSA: pcm: Add a standalone version of snd_pcm_limit_hw_rates
ASoC: pcm: Export parameter intersection logic
ASoC: simple-card: Add support for codec2codec DAI links
Documentation/sound/soc/codec-to-codec.rst | 9 +++-
include/sound/pcm.h | 9 +++-
include/sound/soc.h | 3 ++
sound/core/pcm_misc.c | 18 +++----
sound/soc/generic/simple-card-utils.c | 48 ++++++++++++++++++
sound/soc/soc-pcm.c | 59 ++++++++++++++--------
6 files changed, 114 insertions(+), 32 deletions(-)
--
2.24.1
The runtime pointer has been taken in functional level so there is no need
to take it again under the if () case.
Fixes: 9d789dc047 ("ALSA: dmaengine_pcm: Consider DMA cache caused delay in pointer callback")
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Link: https://lore.kernel.org/r/20200227093544.27723-1-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
It can be useful to derive min/max rates of a snd_pcm_hardware without
having a snd_pcm_runtime, such as before constructing an ASoC DAI link.
Create a new helper that takes a pointer to a snd_pcm_hardware directly,
and refactor the original function as a wrapper around it, to avoid
needing to update any call sites.
Signed-off-by: Samuel Holland <samuel@sholland.org>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200305051143.60691-2-samuel@sholland.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Merging the UAC2 effect unit parser improvement. As it's based on the
previous usb-audio driver fix, it was deviated from for-next branch.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA PCM OSS layer calls the generic __snd_pcm_lib_xfer() helper for
the actual transfer of the audio data. The xfer helper may sleep long
for waiting for the enough space becoming empty for read/write, and
it does unlock/relock for the substream lock. This works fine, so
far, but a slight problem specific to OSS layer is that OSS layer
wraps yet more mutex (runtime->oss.params_lock) over
__snd_pcm_lib_xfer() call; so this mutex is still locked during a
possible long sleep, and it prevents the whole ioctl and other actions
applied to the given stream.
This patch adds the temporarily unlock and relock of the mutex around
__snd_pcm_lib_xfer() call in the OSS layer to be more friendly to the
concurrent accesses. The long mutex protection itself shouldn't be a
real issue for the normal systems, and its influence appears only on
strange things like fuzzers.
Link: https://lore.kernel.org/r/20200214171643.26212-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_seq_check_queue() passes the current tick and time of the given
queue as a pointer to snd_seq_prioq_cell_out(), but those might be
updated concurrently by the seq timer update.
Fix it by retrieving the current tick and time via the proper helper
functions at first, and pass those values to snd_seq_prioq_cell_out()
later in the loops.
snd_seq_timer_get_cur_time() takes a new argument and adjusts with the
current system time only when it's requested so; this update isn't
needed for snd_seq_check_queue(), as it's called either from the
interrupt handler or right after queuing.
Also, snd_seq_timer_get_cur_tick() is changed to read the value in the
spinlock for the concurrency, too.
Reported-by: syzbot+fd5e0eaa1a32999173b2@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200214111316.26939-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The queue flags are represented in bit fields and the concurrent
access may result in unexpected results. Although the current code
should be mostly OK as it's only reading a field while writing other
fields as KCSAN reported, it's safer to cover both with a proper
spinlock protection.
This patch fixes the possible concurrent read by protecting with
q->owner_lock. Also the queue owner field is protected as well since
it's the field to be protected by the lock itself.
Reported-by: syzbot+65c6c92d04304d0a8efc@syzkaller.appspotmail.com
Reported-by: syzbot+e60ddfa48717579799dd@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/20200214111316.26939-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Call cpu_latency_qos_add/update/remove_request() and
cpu_latency_qos_request_active() instead of
pm_qos_add/update/remove_request() and pm_qos_request_active(),
respectively, because the latter are going to be dropped.
No intentional functional impact.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Mark Brown <broonie@kernel.org>
Acked-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Amit Kucheria <amit.kucheria@linaro.org>
Tested-by: Amit Kucheria <amit.kucheria@linaro.org>
The commit 66f2d19f81 ("ALSA: pcm: Fix memory leak at closing a
stream without hw_free") tried to fix the regression wrt the missing
hw_free call at closing without SNDRV_PCM_IOCTL_HW_FREE ioctl.
However, the code change dropped mistakenly the state check, resulting
in calling hw_free twice when SNDRV_PCM_IOCTL_HW_FRE got called
beforehand. For most drivers, this is almost harmless, but the
drivers like SOF show another regression now.
This patch adds the state condition check before calling do_hw_free()
at releasing the stream for avoiding the double hw_free calls.
Fixes: 66f2d19f81 ("ALSA: pcm: Fix memory leak at closing a stream without hw_free")
Reported-by: Bard Liao <yung-chuan.liao@linux.intel.com>
Reported-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Tested-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/s5hd0ajyprg.wl-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The current codebase makes use of the zero-length array language
extension to the C90 standard, but the preferred mechanism to declare
variable-length types such as these ones is a flexible array member[1][2],
introduced in C99:
struct foo {
int stuff;
struct boo array[];
};
By making use of the mechanism above, we will get a compiler warning
in case the flexible array does not occur last in the structure, which
will help us prevent some kind of undefined behavior bugs from being
inadvertenly introduced[3] to the codebase from now on.
This issue was found with the help of Coccinelle.
[1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
[2] https://github.com/KSPP/linux/issues/21
[3] commit 7649773293 ("cxgb3/l2t: Fix undefined behaviour")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Link: https://lore.kernel.org/r/20200211193910.GA4596@embeddedor
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some DMA engines can have big FIFOs which adds to the latency.
The DMAengine framework can report the FIFO utilization in bytes. Use this
information for the delay reporting.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200210153336.10218-1-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Some DMA engines can have big FIFOs which adds to the latency.
The DMAengine framework can report the FIFO utilization in bytes. Use this
information for the delay reporting.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200210151402.29634-1-peter.ujfalusi@ti.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Variable c is being assigned with the value -1 that is never read,
it is assigned a new value in a following while-loop. The assignment
is redundant and can be removed.
Addresses-Coverity: ("Unused value")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Link: https://lore.kernel.org/r/20200208224206.38540-1-colin.king@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Make a common helper for validating the format type.
This reduces the number of cast in the code that are needed for
suppressing sparse warnings.
No functional changes, just minor refactoring.
Link: https://lore.kernel.org/r/20200206163945.6797-9-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The new macro can fix the sparse warnings gracefully:
sound/core/pcm_dmaengine.c:429:50: warning: restricted snd_pcm_format_t degrades to integer
sound/core/pcm_dmaengine.c:429:55: warning: restricted snd_pcm_format_t degrades to integer
sound/core/pcm_dmaengine.c:429:79: warning: restricted snd_pcm_format_t degrades to integer
No functional changes, just sparse warning fixes.
Link: https://lore.kernel.org/r/20200206163945.6797-8-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The parameter bit mask needs often explicit cast with __force,
e.g. for the PCM subformat type. Instead of adding __force at each
place, which is error prone, this patch introduces a new macro and
replaces the all bit shift with it. This fixes the sparse warnings
like the following:
sound/core/pcm_native.c:2508:30: warning: restricted snd_pcm_access_t degrades to integer
No functional changes, just sparse warning fixes.
Link: https://lore.kernel.org/r/20200206163945.6797-7-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Simplify the code with the new macros for PCM format type iterations.
This fixes the sparse warnings nicely:
sound/core/pcm_native.c:2302:26: warning: restricted snd_pcm_format_t degrades to integer
sound/core/pcm_native.c:2306:54: warning: incorrect type in argument 1 (different base types)
sound/core/pcm_native.c:2306:54: expected restricted snd_pcm_format_t [usertype] format
sound/core/pcm_native.c:2306:54: got unsigned int [assigned] k
....
No functional changes, just sparse warning fixes.
Link: https://lore.kernel.org/r/20200206163945.6797-6-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
A collection of pending small fixes since the previous PR.
ALSA core:
- PCM memory leak fix
ASoC:
- Lots of SOF and Intel driver fixes
- Addition of COMMON_CLK for wcd934x
- Regression fixes for AMD and Tegra platforms
HD-audio:
- DP-MST HDMI regression fix, Tegra workarounds, HP quirk fix
Others:
- A few fixes relevant with the recent uapi-updates
- Sparse warnings and endianness fixes
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAl47+oEOHHRpd2FpQHN1
c2UuZGUACgkQLtJE4w1nLE+GYg//dNu8r2M6y60btHjaWxblmdhHF3XQ5EwSxvSX
QT1gm3pg8PMefJNOSD5IhD7Spll6SYz89YpKpPr3NneV5bcDSozdAt50vbtZvqry
notOqSpL4DubIcYIrhLWI6mq9cIOXIgGnY1cs2KIkoDdNUSDD44nCG1FoUu163tI
mBPDgjZqAAMseCu4jwRInfE2iUJHGNrkQBDc3+1yZFPog/APoLocRKF7paF1N73f
A8kGDCoWUmk8mGb93lUxiDg09gK0aCHNmcjIR4Q4MPD16Yg+o1RgGwY81xdyKjs1
neNCfSCyhYgkON8rvJIsE46qGbqax6/JT7QxCqbyy/Vj4s5MfUivqnWRFwnUisB+
OoQa37Vd893gjxz1+JvmjrqKTWPmSbHMiuqFj5e1X+HqEVxdKDJMMPwzqlVjRq4K
Ma18ACK1EQmb4Hsh2U488EjZp/n/FoOmqFSjE6qaHpfdq7YT0bv2lV+f8QFNmliF
aeJ+ktp6GU2FFV2U4/iZmRUeTZgJpz6m2mLix++Jn11RbSewxj4uyZPKbBYPj7JZ
NK2l/OgMUxj4qM3ZkgQUOnihIWSqdx0lySgXPWe7fLokMTPNsVr5X2ztD9m1uyX8
lbJuZsXNGMUS6v3aAy8zoCp2sc1G8heM5Z/WUiZQtUtjpUJ3DATK7sEdv3hLJpFB
sYw41vs=
=Mcey
-----END PGP SIGNATURE-----
Merge tag 'sound-fix-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A collection of pending small fixes:
ALSA core:
- PCM memory leak fix
ASoC:
- Lots of SOF and Intel driver fixes
- Addition of COMMON_CLK for wcd934x
- Regression fixes for AMD and Tegra platforms
HD-audio:
- DP-MST HDMI regression fix, Tegra workarounds, HP quirk fix
Others:
- A few fixes relevant with the recent uapi-updates
- Sparse warnings and endianness fixes"
* tag 'sound-fix-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (35 commits)
ALSA: hda: Clear RIRB status before reading WP
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
ASoC: wcd934x: Add missing COMMON_CLK dependency to SND_SOC_ALL_CODECS
ALSA: hda - Fix DP-MST support for NVIDIA codecs
ASoC: wcd934x: Add missing COMMON_CLK dependency
MAINTAINERS: Remove the Bard Liao from the MAINTAINERS of Realtek CODECs
ASoC: tegra: Revert 24 and 32 bit support
ASoC: SOF: Intel: add PCI ID for JasperLake
ALSA: hdsp: Make the firmware loading ioctl a bit more readable
ALSA: emu10k1: Fix annotation and cast for the recent uapi header change
ALSA: dummy: Fix PCM format loop in proc output
ALSA: usb-audio: Annotate endianess in Scarlett gen2 quirk
ALSA: usb-audio: Fix endianess in descriptor validation
ALSA: hda: Add JasperLake PCI ID and codec vid
ALSA: pcm: Fix sparse warnings wrt snd_pcm_state_t
ALSA: pcm: Fix memory leak at closing a stream without hw_free
ALSA: uapi: Fix sparse warning
ASoC: rt715: Add __maybe_unused to PM callbacks
ASoC: rt711: Add __maybe_unused to PM callbacks
ASoC: rt700: Add __maybe_unused to PM callbacks
...
Since we have a bitwise definition of snd_pcm_state_t and use it for
certain struct fields, a few new (and years old) sparse warnings came
up. This patch is an attempt to cover them.
- The state fields in snd_pcm_mmap_status* and co are all defined as
snd_pcm_state_t type now
- The PCM action callbacks take snd_pcm_state_t argument as well;
some actions taking special values got the explicit cast and
comments
- For the PCM action that doesn't need an extra argument receives
ACTION_ARG_IGNORE instead of ambiguous 0
While we're at it, the boolean argument is also properly changed to
bool and true/false, as well as a slight refactoring of PCM pause
helper function to make easier to read.
No functional changes, just shutting up chatty sparse.
Fixes: 46b770f720 ("ALSA: uapi: Fix sparse warning")
Reported-by: kbuild test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20200131152214.11698-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
ALSA PCM core recently introduced a new managed PCM buffer allocation
mode that does allocate / free automatically at hw_params and
hw_free. However, it overlooked the code path directly calling
hw_free PCM ops at releasing the PCM substream, and it may result in a
memory leak as spotted by syzkaller when no buffer preallocation is
used (e.g. vmalloc buffer).
This patch papers over it with a slight refactoring. The hw_free ops
call and relevant tasks are unified in a new helper function, and call
it from both places.
Fixes: 0dba808eae ("ALSA: pcm: Introduce managed buffer allocation mode")
Reported-by: syzbot+30edd0f34bfcdc548ac4@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200129195907.12197-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Currently, the available buffer allocation size for a PCM stream
depends on the preallocated size; when a buffer has been preallocated,
the max buffer size is set to that size, so that application won't
re-allocate too much memory. OTOH, when no preallocation is done,
each substream may allocate arbitrary size of buffers as long as
snd_pcm_hardware.buffer_bytes_max allows -- which can be quite high,
HD-audio sets 1GB there.
It means that the system may consume a high amount of pages for PCM
buffers, and they are pinned and never swapped out. This can lead to
OOM easily.
For avoiding such a situation, this patch adds the upper limit per
card. Each snd_pcm_lib_malloc_pages() and _free_pages() calls are
tracked and it will return an error if the total amount of buffers
goes over the defined upper limit. The default value is set to 32MB,
which should be really large enough for usual operations.
If larger buffers are needed for any specific usage, it can be
adjusted (also dynamically) via snd_pcm.max_alloc_per_card option.
Setting zero there means no chceck is performed, and again, unlimited
amount of buffers are allowed.
Link: https://lore.kernel.org/r/20200120124423.11862-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Both snd_pcm_hw_constraints_init() and _complete() functions are
called only from pcm_native.c, hence they can be static for further
optimization.
Link: https://lore.kernel.org/r/20200116162825.24792-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_seq_info_timer_read() reads the information of the timer assigned
for each queue, but it's done in a racy way which may lead to UAF as
spotted by syzkaller.
This patch applies the missing q->timer_mutex lock while accessing the
timer object as well as a slight code change to adapt the standard
coding style.
Reported-by: syzbot+2b2ef983f973e5c40943@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200115203733.26530-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
GCC reports a warning with W=1:
sound/core/timer.c: In function ‘snd_timer_user_read’:
sound/core/timer.c:2219:19: warning: initialized field overwritten
[-Woverride-init]
2219 | .tstamp_sec = tread->tstamp_nsec,
| ^~~~~
sound/core/timer.c:2219:19: note: (near initialization for
‘(anonymous).tstamp_sec’)
Assigning nsec values to sec fields is problematic in general, even
more so when the initial goal was to survive the 2030 timer
armageddon.
Fix by using the proper field in the initialization
Cc: Baolin Wang <baolin.wang@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Fixes: 07094ae6f9 ("ALSA: Avoid using timespec for struct snd_timer_tread")
Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200111203325.20498-1-pierre-louis.bossart@linux.intel.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
