linux/sound/pci
Takashi Iwai a91d66129f ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal
The commit 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
converted the get_kctl_0dB_offset() call for killing set_fs() usage in
HD-audio codec code.  The conversion assumed that the TLV callback
used in HD-audio code is only snd_hda_mixer_amp() and applies the TLV
calculation locally.

Although this assumption is correct, and all slave kctls are actually
with that callback, the current code is still utterly buggy; it
doesn't hit this condition and falls back to the next check.  It's
because the function gets called after adding slave kctls to vmaster.
By assigning a slave kctl, the slave kctl object is faked inside
vmaster code, and the whole kctl ops are overridden.  Thus the
callback op points to a different value from what we've assumed.

More badly, as reported by the KERNEXEC and UDEREF features of PaX,
the code flow turns into the unexpected pitfall.  The next fallback
check is SNDRV_CTL_ELEM_ACCESS_TLV_READ access bit, and this always
hits for each kctl with TLV.  Then it evaluates the callback function
pointer wrongly as if it were a TLV array.  Although currently its
side-effect is fairly limited, this incorrect reference may lead to an
unpleasant result.

For addressing the regression, this patch introduces a new helper to
vmaster code, snd_ctl_apply_vmaster_slaves().  This works similarly
like the existing map_slaves() in hda_codec.c: it loops over the slave
list of the given master, and applies the given function to each
slave.  Then the initializer function receives the right kctl object
and we can compare the correct pointer instead of the faked one.

Also, for catching the similar breakage in future, give an error
message when the unexpected TLV callback is found and bail out
immediately.

Fixes: 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
Reported-by: PaX Team <pageexec@freemail.hu>
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-10-18 12:27:00 +02:00
..
ac97 scripts/spelling.txt: add "swith" pattern and fix typo instances 2017-02-27 18:43:46 -08:00
ali5451 ALSA: ali5451: constify snd_pcm_ops structures 2017-08-10 17:56:04 +02:00
asihpi ALSA: asihpi: fix a potential double-fetch bug when copying puhm 2017-09-19 22:03:59 +02:00
au88x0 ALSA: pci: make snd_pcm_hardware const 2017-08-17 12:44:16 +02:00
aw2 ALSA: aw2: make snd_pcm_hardware const 2017-08-12 23:31:39 +02:00
ca0106 ALSA: ca0106: Delete an error message for a failed memory allocation in snd_ca0106_pcm_open_capture_channel() 2017-08-12 23:33:54 +02:00
cs46xx ALSA: cs46xx: make snd_pcm_hardware const 2017-08-12 23:31:41 +02:00
cs5535audio ALSA: cs5535audio: make snd_pcm_hardware const 2017-08-12 23:31:44 +02:00
ctxfi ALSA: ctxfi: Remove null check before kfree 2017-08-31 20:10:30 +02:00
echoaudio Revert "ALSA: echoaudio: purge contradictions between dimension matrix members and total number of members" 2017-10-02 14:30:43 +02:00
emu10k1 Merge branch 'for-linus' into for-next 2017-08-22 15:44:45 +02:00
hda ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal 2017-10-18 12:27:00 +02:00
ice1712 ALSA: ice1712: Add support for STAudio ADCIII 2017-08-22 16:58:59 +02:00
korg1212 ALSA: korg1212: make snd_pcm_hardware const 2017-08-12 23:31:42 +02:00
lola ALSA: lola: make snd_pcm_hardware const 2017-08-12 23:31:46 +02:00
lx6464es ALSA: lx6464es: make snd_pcm_hardware const 2017-08-12 23:31:48 +02:00
mixart ALSA: mixart: Delete an error message for a failed memory allocation in snd_mixart_create() 2017-08-12 23:33:20 +02:00
nm256 ALSA: nm256: constify snd_ac97_res_table 2017-08-24 09:13:43 +02:00
oxygen ALSA: oxygen: simply setting of the shortname for Xonar DG cards 2017-03-29 21:14:20 +02:00
pcxhr ALSA: pcxhr: make snd_kcontrol_new const 2017-08-16 14:29:07 +02:00
riptide ALSA: riptide: make snd_pcm_hardware const 2017-08-12 23:31:53 +02:00
rme9652 ALSA: hdspm: Use common error handling code in snd_hdspm_probe() 2017-09-07 10:26:19 +02:00
trident ALSA: trident: make snd_pcm_hardware const 2017-08-12 23:31:55 +02:00
vx222 ALSA: vx222: Use container_of() 2017-05-15 11:21:05 +02:00
ymfpci ALSA: ymfpci: Use common error handling code in snd_ymfpci_create() 2017-09-07 10:33:28 +02:00
ad1889.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
ad1889.h
ak4531_codec.c ALSA: pci: Drop superfluous ifdef CONFIG_PROC_FS 2015-05-29 08:00:06 +02:00
als300.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
als4000.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
atiixp_modem.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
atiixp.c ALSA: atiixp: constify ac97_pcm structures 2017-08-23 15:53:39 +02:00
azt3328.c ALSA: azt3328: Constify hw_constraints 2017-06-09 10:42:49 +02:00
azt3328.h
bt87x.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
cmipci.c ALSA: cmipci: Use common error handling code in snd_cmipci_probe() 2017-08-22 20:06:10 +02:00
cs4281.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
cs5530.c
ens1370.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
ens1371.c
es1938.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
es1968.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
fm801.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
intel8x0.c ALSA: intel8x0: constify ac97_pcm structures 2017-08-23 15:53:40 +02:00
intel8x0m.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
Kconfig ALSA: seq: Allow the modular sequencer registration 2017-06-12 08:43:33 +02:00
maestro3.c ALSA: maestro3: Use common error handling code in two functions 2017-09-07 10:23:47 +02:00
Makefile
rme32.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
rme96.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
sis7019.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
sis7019.h
sonicvibes.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
via82xx_modem.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00
via82xx.c ALSA: pci: make snd_pcm_hardware const 2017-08-12 23:31:58 +02:00