Commit Graph

52 Commits

Author SHA1 Message Date
Dan Rosenberg
5591bf0722 ALSA: prevent heap corruption in snd_ctl_new()
The snd_ctl_new() function in sound/core/control.c allocates space for a
snd_kcontrol struct by performing arithmetic operations on a
user-provided size without checking for integer overflow.  If a user
provides a large enough size, an overflow will occur, the allocated
chunk will be too small, and a second user-influenced value will be
written repeatedly past the bounds of this chunk.  This code is
reachable by unprivileged users who have permission to open
a /dev/snd/controlC* device (on many distros, this is group "audio") via
the SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE ioctls.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-28 21:33:16 +02:00
Takashi Iwai
02f4865fa4 ALSA: core - Define llseek fops
Set no_llseek to llseek file ops of each sound component (but for hwdep).
This avoids the implicit BKL invocation via generic_file_llseek() used
as default when fops.llseek is NULL.

Also call nonseekable_open() at each open ops to ensure the file flags
have no seek bit.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-04-13 12:01:21 +02:00
Clemens Ladisch
6123637faf sound: control: fix minimum TLV length
Allow TLV blocks that do not have any values; the smallest possible TLV
is an empty container or one where the information is only in the tag.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-02-01 14:12:12 +01:00
Clemens Ladisch
a75d7a4cf5 sound: control: actually allow TLV command access
Creating a control with TLV_COMMAND access was not possible because
snd_ctl_new1() forgot to include it in the mask of allowable access
bits.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2010-02-01 14:11:52 +01:00
Takashi Iwai
57648cd52b Merge branch 'topic/misc' into for-linus 2009-12-04 16:22:37 +01:00
Dan Carpenter
bec145ae6f ALSA: remove unnecessary null check
This function is only called from snd_ctl_ioctl() and the file parameter
can never be null so there is no need to check it here.

We dereference file at the start of the function:
        struct snd_card *card = file->card;
and it confuses static checkers to dereference a pointer before
checking it.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-18 09:59:40 +01:00
Clemens Ladisch
25d27eded1 control: use reference-counted pid
Instead of storing the PID number, take a reference to the task's pid
structure.  This protects against duplicates due to PID overflows, and
using pid_vnr() ensures that the PID returned by snd_ctl_elem_info() is
correct as seen from the current namespace.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-06 14:32:06 +01:00
Clemens Ladisch
31cef7076e control: remove snd_konctrol_volatile::owner_pid field
We do not need to save the ID of the process that locked a control
because that information is already available in the owner's file data.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-11-06 14:32:03 +01:00
Clemens Ladisch
18dd0aa5af sound: snd_ctl_remove_user_ctl: prevent removal of kernel controls
Ensure that userspace can remove only user controls.  Controls created
by kernel drivers must not be removed because they might be referenced
in calls to snd_ctl_notify().

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-08-17 12:48:21 +02:00
Clemens Ladisch
f217ac59b6 sound: snd_ctl_remove_unlocked_id: simplify user control counting
Move the decrementing of the user controls counter from
snd_ctl_elem_remove to snd_ctl_remove_unlocked_id; this saves the
separate locking of the controls semaphore, and therefore removes
a harmless race.

Since the purpose of the function is to operate on user controls (the
control being unlocked is just a prerequisite), rename it to
snd_ctl_remove_user_ctl.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-08-17 12:48:15 +02:00
Clemens Ladisch
317b80817f sound: snd_ctl_remove_unlocked_id: simplify error paths
Use a common exit path to release the mutex and to return a possible
error.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-08-17 12:48:06 +02:00
Clemens Ladisch
2a031aedf7 sound: snd_ctl_elem_add: fix value count check
Make sure that no user element that has no values can be added.

The check for count>1024 is not needed because the count is checked
later for the individual control types.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-08-17 12:48:00 +02:00
Li Zefan
ef44a1ec6e ALSA: sound/core: use memdup_user()
Remove open-coded memdup_user().

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-04-14 12:39:12 +02:00
Jonathan Corbet
60aa49243d Rationalize fasync return values
Most fasync implementations do something like:

     return fasync_helper(...);

But fasync_helper() will return a positive value at times - a feature used
in at least one place.  Thus, a number of other drivers do:

     err = fasync_helper(...);
     if (err < 0)
             return err;
     return 0;

In the interests of consistency and more concise code, it makes sense to
map positive return values onto zero where ->fasync() is called.

Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
2009-03-16 08:34:35 -06:00
Al Viro
233e70f422 saner FASYNC handling on file close
As it is, all instances of ->release() for files that have ->fasync()
need to remember to evict file from fasync lists; forgetting that
creates a hole and we actually have a bunch that *does* forget.

So let's keep our lives simple - let __fput() check FASYNC in
file->f_flags and call ->fasync() there if it's been set.  And lose that
crap in ->release() instances - leaving it there is still valid, but we
don't have to bother anymore.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-11-01 09:49:46 -07:00
Mark Brown
366840d7e1 ALSA: Warn when control names are truncated
This is likely to confuse user interfaces since the end of the control
name is interpreted (eg, "Volume", "Switch").

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2008-10-29 15:44:04 +01:00
Takashi Iwai
d8009882e9 ALSA: use correct lock in snd_ctl_dev_disconnect()
The lock used in snd_ctl_dev_disconnect() should be card->ctl_files_rwlock
for protection of card->ctl_files entries, instead of card->controls_rwsem.

Reported-by: Vegard Nossum <vegard.nossum@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-09-09 09:11:48 +02:00
Takashi Iwai
7eaa943c8e ALSA: Kill snd_assert() in sound/core/*
Kill snd_assert() in sound/core/*, either removed or replaced with
if () with snd_BUG_ON().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-08-13 11:46:35 +02:00
Takashi Iwai
d3bd67cdbb ALSA: make snd_ctl_elem_read() and snd_ctl_elem_write() static
snd_ctl_elem_read() and snd_ctl_elem_write() are no longer used by
any other drivers.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-06-13 16:48:49 +02:00
Takashi Iwai
9004acc70e [ALSA] Remove sound/driver.h
This header file exists only for some hacks to adapt alsa-driver
tree.  It's useless for building in the kernel.  Let's move a few
lines in it to sound/core.h and remove it.
With this patch, sound/driver.h isn't removed but has just a single
compile warning to include it.  This should be really killed in
future.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-01-31 17:29:48 +01:00
Takashi Iwai
8ace4f3c9d [ALSA] Remove indirect control access
This patch removes the indirect control access to the control elements.
The indirect access has never been used and is even broken on 32bit
ioctl wrapper.  Let's clean it up.
The pointers still remain in snd_ctl_elem_* structs just to make sure
that the struct size won't change.  Once after checking the size
consistency, we can get rid of them, too.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2008-01-31 17:29:46 +01:00
Borislav Petkov
7507e8da2f [ALSA] sound/core/control.c: hard-irq-safe -> hard-irq-unsafe lock warning
The lock grabbed in snd_ctl_empty_read_queue() is hardirq-unsafe but we hold
an hardirq-safe one already, so make the &ctl->read_lock also hard-irq-safe.

Signed-off-by: Borislav Petkov <bbpetkov@yahoo.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-10-23 08:07:55 +02:00
Jaroslav Kysela
c1017a4cdb [ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.cz
Signed-off-by: Jaroslav Kysela <perex@perex.cz>
2007-10-16 16:51:18 +02:00
Adrian Bunk
9ecf60df45 [ALSA] unexport snd_ctl_elem_{read,write}
snd_ctl_elem_{read,write} no longer have any modular users

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-10-16 16:49:19 +02:00
Takashi Iwai
b9ed4f2b68 [ALSA] Add helper functions for frequently used callbacks
Added helper functions for frequenty used callbacks:
  snd_ctl_boolean_mono_info() and snd_ctl_boolean_stereo_info()

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-10-16 15:57:44 +02:00
Randy Dunlap
e63340ae6b header cleaning: don't include smp_lock.h when not used
Remove includes of <linux/smp_lock.h> where it is not used/needed.
Suggested by Al Viro.

Builds cleanly on x86_64, i386, alpha, ia64, powerpc, sparc,
sparc64, and arm (all 59 defconfigs).

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-05-08 11:15:07 -07:00
Arjan van de Ven
9c2e08c592 [PATCH] mark struct file_operations const 9
Many struct file_operations in the kernel can be "const".  Marking them const
moves these to the .rodata section, which avoids false sharing with potential
dirty data.  In addition it'll catch accidental writes at compile time to
these shared resources.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-02-12 09:48:46 -08:00
Adrian Bunk
0b51ba07e2 [ALSA] make sound/core/control.c:snd_ctl_new() static
Now that everyone uses snd_ctl_new1() and noone is using snd_ctl_new()
anymore, we can make it static.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-02-09 09:01:40 +01:00
Johannes Berg
9244b2c307 [ALSA] alsa core: convert to list_for_each_entry*
This patch converts most uses of list_for_each to list_for_each_entry all
across alsa. In some place apparently an item can be on a list with
different pointers so of course that isn't compatible with list_for_each, I
therefore didn't touch those places.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2007-02-09 09:00:10 +01:00
Adrian Bunk
0e5d720ced [ALSA] sound/core/control.c: remove dead code
This patch removes some obviously dead code spotted by the Coverity
checker.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-12-20 08:55:46 +01:00
Takashi Iwai
ef35be7f52 [ALSA] Fix addition of user-defined boolean controls
Fixed the addition of user-defined boolean controls, the private
data size is corrected to be handled properly.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-10-22 10:51:15 +02:00
Takashi Iwai
18c1c3f694 [ALSA] Return error if no user TLV is defined
Retrun error to user TLV_READ ioctl if no TLV is defined.
(Until now, nothing was written and rerunred successfully.)

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:44:21 +02:00
Takashi Iwai
86148e84c2 [ALSA] Fix errors with user TLV_WRITE
Fixed the errors at checking info.access field during user TLV_WRITE
call.  It should have been zero-initialized.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:44:17 +02:00
Takashi Iwai
2529bba760 [ALSA] Fix substream selection in PCM and rawmidi
The PCM and rawmidi substreams can be selected explicitly by opening
control handle and set via *_PREFER_SUBDEVICE ioctl.  But, when
multiple controls are opened, the driver gets confused.
The patch fixes the initialization of prefer_*_subdevice and the
check of multiple controls.  The first set subdevice is picked up
as the valid one.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:39:59 +02:00
Jaroslav Kysela
8aa9b586e4 [ALSA] Control API - more robust TLV implementation
- added callback option
- added READ/WRITE/COMMAND flags to access member
- added WRITE/COMMAND ioctls
- added SNDRV_CTL_EVENT_MASK_TLV for TLV change notifications
- added TLV support to ELEM_ADD ioctl

Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:37:26 +02:00
Takashi Iwai
c461482c80 [ALSA] Unregister device files at disconnection
Orignally proposed by Sam Revitch <sam.revitch@gmail.com>.
Unregister device files at disconnection to avoid the futher accesses.
Also, the dev_unregister callback is removed and replaced with the
combination of disconnect + free.
A new function snd_card_free_when_closed() is introduced, which is
used in USB disconnect callback.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:36:58 +02:00
Jaroslav Kysela
42750b04c5 [ALSA] Control API - TLV implementation for additional information like dB scale
This patch implements a TLV mechanism to transfer an additional information
like dB scale to the user space. The types might be extended in future.
Acked-by: Takashi Iwai <tiwai@suse.de>

Signed-off-by: Jaroslav Kysela <perex@suse.cz>
2006-09-23 10:36:42 +02:00
Takashi Iwai
c0d3fb39e9 [ALSA] Clean up EXPORT_SYMBOL()s in snd module
Move EXPORT_SYMBOL()s to places adjacent to functions/variables.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-06-22 21:32:52 +02:00
Takashi Iwai
cbac4b0cb6 [ALSA] Cleanup unused argument for snd_power_wait()
Removed the unused file argument of snd_power_wait().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-03-31 17:58:56 +02:00
Takashi Iwai
c6077b3000 [ALSA] Fix memory leaks in error path of control.c
Modules: Control Midlevel

Fix memory leaks in error path of control.c (only with CONFIG_SND_DEBUG=y).

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-03-22 10:43:56 +01:00
Giuliano Pochini
646494007b [ALSA] make control.c suspend aware
Modules: Control Midlevel

This patch prevents user-space apps from accessing the hardware via
control interface while the soundcard is suspended.

Signed-off-by: Giuliano Pochini <pochini@shiny.it>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-03-22 10:37:23 +01:00
Takashi Iwai
2fbf182ed0 [PATCH] alsa: fix error paths in snd_ctl_elem_add()
Fix bugs in error paths of snd_ctl_elem_add()
 - NULL reference
 - double free (already freed in snd_ctl_add())

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Cc: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-03-06 18:40:44 -08:00
Clemens Ladisch
f87135f56c [ALSA] dynamic minors (3/6): store device-specific object pointers dynamically
Instead of storing the pointers to the device-specific structures in an
array, put them into the struct snd_minor, and look them up dynamically.

This makes the device type modules independent of the minor number
encoding.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
2006-01-03 12:29:17 +01:00
Clemens Ladisch
2af677fc88 [ALSA] dynamic minors (1/6): store device type in struct snd_minor
Instead of a comment string, store the device type in the snd_minor
structure.  This makes snd_minor more flexible, and has the nice side
effect that we don't need anymore to create a separate snd_minor
template for registering a device but can pass the file_operations
directly to snd_register_device().

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
2006-01-03 12:29:14 +01:00
Takashi Iwai
73e77ba023 [ALSA] Add error messages
Add error messages in the critial error path to be more verbose.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-01-03 12:28:58 +01:00
Takashi Iwai
a381a7a664 [ALSA] Decentralize PM control
Modules: ALSA Core,Control Midlevel,/oss/Makefile

Remove the centralized PM control in the sound core.
Each driver is responsible to get callbacks from bus/driver now.

SND_GENERIC_DRIVER is removed together with this action.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-01-03 12:20:19 +01:00
Takashi Iwai
82e9bae6fd [ALSA] Remove xxx_t typedefs: Controls
Modules: Control Midlevel

Remove xxx_t typedefs from the core controls.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2006-01-03 12:17:32 +01:00
Takashi Iwai
7c22f1aaa2 [ALSA] Remove snd_runtime_check() macro
Remove snd_runtime_check() macro.
This macro worsens the readability of codes.  They should be either
normal if() or removable asserts.

Also, the assert displays stack-dump, instead of only the last caller
pointer.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2005-11-04 13:17:42 +01:00
Takashi Iwai
ca2c096656 [ALSA] Replace with kzalloc() - core stuff
Control Midlevel,ALSA Core,HWDEP Midlevel,PCM Midlevel,RawMidi Midlevel
Timer Midlevel,ALSA<-OSS emulation
Replace kcalloc(1,..) with kzalloc().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2005-09-12 10:47:59 +02:00
Takashi Iwai
b636a71d9b [ALSA] Add const prefix
Control Midlevel
Add const prefix to snd_kcontrol_new_t pointer for better protection.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2005-06-22 12:28:54 +02:00