Commit Graph

150 Commits

Author SHA1 Message Date
Nicolas Boichat
9586495dc3 ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
This reverts one hunk of
commit ef44a1ec6e ("ALSA: sound/core: use memdup_user()"), which
replaced a number of kmalloc followed by memcpy with memdup calls.

In this case, we are copying from a struct snd_seq_port_info32 to a
struct snd_seq_port_info, but the latter is 4 bytes longer than the
32-bit version, so we need to separate kmalloc and copy calls.

Fixes: ef44a1ec6e ('ALSA: sound/core: use memdup_user()')
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-01-18 14:39:13 +01:00
Takashi Iwai
3567eb6af6 ALSA: seq: Fix race at timer setup and close
ALSA sequencer code has an open race between the timer setup ioctl and
the close of the client.  This was triggered by syzkaller fuzzer, and
a use-after-free was caught there as a result.

This patch papers over it by adding a proper queue->timer_mutex lock
around the timer-related calls in the relevant code path.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-01-12 17:50:41 +01:00
Takashi Iwai
030e2c78d3 ALSA: seq: Fix missing NULL check at remove_events ioctl
snd_seq_ioctl_remove_events() calls snd_seq_fifo_clear()
unconditionally even if there is no FIFO assigned, and this leads to
an Oops due to NULL dereference.  The fix is just to add a proper NULL
check.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-01-12 17:21:48 +01:00
Takashi Iwai
83266b6b60 ALSA: Fix compat_ioctl handling for OSS emulations
The ALSA PCM, mixer and sequencer OSS emulations provide the 32bit
compatible ioctl, but they just call the 64bit native ioctl as is.
Although this works in most cases, passing the argument value as-is
isn't guaranteed to work on all architectures.  We need to convert it
via compat_ptr() instead.

This patch addresses the missing conversions.  Since all relevant
ioctls in these functions take the argument as a pointer, we do the
pointer conversion in each compat_ioctl and pass it as a 64bit value
to the native ioctl.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-12-03 17:40:21 +01:00
Julia Lawall
efdbe3c3ed ALSA: midi: constify snd_rawmidi_global_ops structures
The snd_rawmidi_global_ops structures are never modified, so declare them
as const.

Done with the help of Coccinelle.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-11-22 09:21:16 +01:00
Kosuke Tatsukawa
694470273d ALSA: seq_oss: fix waitqueue_active without memory barrier in snd-seq-oss
snd_seq_oss_readq_put_event() seems to be missing a memory barrier which
might cause the waker to not notice the waiter and miss sending a
wake_up as in the following figure.

    snd_seq_oss_readq_put_event		    snd_seq_oss_readq_wait
------------------------------------------------------------------------
					/* wait_event_interruptible_timeout */
					 /* __wait_event_interruptible_timeout */
					  /* ___wait_event */
					  for (;;) {									 prepare_to_wait_event(&wq, &__wait,
					    state);
spin_lock_irqsave(&q->lock, flags);
if (waitqueue_active(&q->midi_sleep))
/* The CPU might reorder the test for
   the waitqueue up here, before
   prior writes complete */
					  if ((q->qlen>0 || q->head==q->tail)
					  ...
					  __ret = schedule_timeout(__ret)
if (q->qlen >= q->maxlen - 1) {
memcpy(&q->q[q->tail], ev, sizeof(*ev));
q->tail = (q->tail + 1) % q->maxlen;
q->qlen++;
------------------------------------------------------------------------

There are two other place in sound/core/seq/oss/ which have similar
code.  The attached patch removes the call to waitqueue_active() leaving
just wake_up() behind.  This fixes the problem because the call to
spin_lock_irqsave() in wake_up() will be an ACQUIRE operation.

I found this issue when I was looking through the linux source code
for places calling waitqueue_active() before wake_up*(), but without
preceding memory barriers, after sending a patch to fix a similar
issue in drivers/tty/n_tty.c  (Details about the original issue can be
found here: https://lkml.org/lkml/2015/9/28/849).

Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-10-09 09:45:52 +02:00
Takashi Iwai
b816db9d36 ALSA: core: Fix randconfig build wrt CONFIG_PROC_FS
There are a few leftover CONFIG_PROC_FS forgotten to replace with
CONFIG_SND_PROC_FS.

Fixes: cd6a65036f ('ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS')
Reported-by: Jim Davis <jim.epost@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-05-29 07:21:02 +02:00
Jie Yang
cd6a65036f ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS
We may disable proc fs only for sound part, to reduce ALSA
memory footprint. So add CONFIG_SND_PROC_FS and replace the
old CONFIG_PROC_FSs in alsa code.

With sound proc fs disabled, we can save about 9KB memory
size on X86_64 platform.

Signed-off-by: Jie Yang <yang.jie@intel.com>
Reviewed-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-05-27 21:25:19 +02:00
Takashi Iwai
85d1431807 ALSA: core: Build conditionally and remove superfluous ifdefs
Minor cleanups of Makefile to build some codes conditionally so that
a few ifdefs can be reduced.

Acked-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-04-24 17:31:07 +02:00
Takashi Iwai
b591b6e9e9 ALSA: core: Don't ignore errors at creating proc files
So far we've ignored the errors at creating proc files in many places.
But they should be rather treated seriously.

Also, by assuring the error handling, we can get rid of superfluous
snd_info_free_entry() calls as they will be removed by the parent in
the caller side.

This patch fixes the missing error checks and reduces the superfluous
free calls.

Acked-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-04-24 17:31:06 +02:00
Takashi Sakamoto
3e21a19d1d ALSA: seq: fill client ID in return value of pool operation
The returned value of 'get/seq client pool' operation has zeroed value
for its client ID, against requested client ID.

This commit fix the bug by filling it with index value of referred
client object.

Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-04-11 09:11:19 +02:00
Takashi Iwai
4945f1fdc1 ALSA: seq: Fix init order of snd_seq_device stuff
When the sequencer driver is built in kernel, it may panic at boot
because of the uninitialized snd_seq_bus_type.  Initialize it properly
via subsys_initcall() instead of module_init() to assure that the bus
is registered beforehand.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Fixes: 7c37ae5c62 ('ALSA: seq: Rewrite sequencer device binding with standard bus')
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-11 12:53:52 +01:00
Takashi Iwai
24db8bbaa3 ALSA: seq: Drop superfluous error/debug messages after malloc failures
The kernel memory allocators already report the errors when the
requested allocation fails, thus we don't need to warn it again in
each caller side.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-10 15:41:18 +01:00
Takashi Iwai
8d98a0673f ALSA: seq_oss: Drop superfluous error/debug messages after malloc failures
The kernel memory allocators already report the errors when the
requested allocation fails, thus we don't need to warn it again in
each caller side.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-10 15:39:55 +01:00
Takashi Iwai
54a721abd7 ALSA: seq: Drop snd_seq_autoload_lock() and _unlock()
The autoload lock became already superfluous due to the recent rework
of autoload code.  Let's drop them now.  This allows us to simplify a
few codes nicely.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 14:42:31 +01:00
Takashi Iwai
056622053b ALSA: seq: Define driver object in each driver
This patch moves the driver object initialization and allocation to
each driver's module init/exit code like other normal drivers.  The
snd_seq_driver struct is now published in seq_device.h, and each
driver is responsible to define it with proper driver attributes
(name, probe and remove) with snd_seq_driver specific attributes as id
and argsize fields.  The helper functions snd_seq_driver_register(),
snd_seq_driver_unregister() and module_snd_seq_driver() are used for
simplifying codes.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 14:15:54 +01:00
Takashi Iwai
af03c243a1 ALSA: seq: Clean up device and driver structs
Use const string pointer instead of copying the id string to each
object.  Also drop the status and list fields of snd_seq_device struct
that are no longer used.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 14:13:47 +01:00
Takashi Iwai
7c37ae5c62 ALSA: seq: Rewrite sequencer device binding with standard bus
We've used the old house-made code for binding the sequencer device
and driver.  This can be far better implemented with the standard
bus nowadays.

This patch refactors the whole sequencer binding code with the bus
/sys/bus/snd_seq.  The devices appear as id-card-device on this bus
and are bound with the drivers corresponding to the given id like the
former implementation.  The module autoload is also kept like before.

There is no change in API functions by this patch, and almost all
transitions are kept inside seq_device.c.  The proc file output will
change slightly but kept compatible as much as possible.

Further integration works will follow in later patches.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 11:35:11 +01:00
Takashi Iwai
72496edcf8 ALSA: seq: Don't compile snd_seq_device_load_drivers() for built-in
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 11:35:11 +01:00
Takashi Iwai
b6a42670e0 ALSA: seq: Move EXPORT_SYMBOL() after each function
... to follow the standard coding style.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 11:35:11 +01:00
Dan Carpenter
0b444af8da ALSA: seq: potential out of bounds in do_control()
Smatch complains that "control" is user specifigy and needs to be
capped.  The call tree to understand this warning is quite long.

snd_seq_write()  <-- get the event from the user
  snd_seq_client_enqueue_event()
    snd_seq_deliver_event()
      deliver_to_subscribers()
        snd_seq_deliver_single_event()
          snd_opl3_oss_event_input()
            snd_midi_process_event()
              do_control()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-12 11:07:48 +01:00
Takashi Iwai
3fe9cf390f Merge branch 'topic/snd-device' into for-next 2015-02-03 17:57:16 +01:00
Takashi Iwai
40a4b26385 ALSA: Simplify snd_device_register() variants
Now that all callers have been replaced with
snd_device_register_for_dev(), let's drop the obsolete device
registration code and concentrate only on the code handling struct
device directly.  That said,

- remove the old snd_device_register(),
- rename snd_device_register_for_dev() with snd_device_register(),
- drop superfluous arguments from snd_device_register(),
- change snd_unregister_device() to pass the device pointer directly

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 17:01:26 +01:00
Takashi Iwai
5205388d2d ALSA: seq: Handle the device directly
Like the previous change for the timer device, this patch changes the
device management for the ALSA sequencer device using the struct
device directly.

Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-02-02 14:42:45 +01:00
Clemens Ladisch
a55bdf1ec5 ALSA: seq: remove unused callback_all field
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-26 13:56:58 +01:00
Clemens Ladisch
de20b572a3 ALSA: seq: fix off-by-one error in port limit check
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-26 13:54:47 +01:00
Clemens Ladisch
467be357c6 ALSA: seq: correctly report maximum number of ports
Due to SNDRV_SEQ_ADDRESS_BROADCAST, not all 256 port number values can
be used.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-26 13:54:39 +01:00
Takashi Iwai
7533185eee Merge branch 'for-linus' into for-next
Sync with the latest 3.19-rc state for applying other ALSA sequencer
core fixes.
2015-01-26 13:53:41 +01:00
Clemens Ladisch
0767e95bb9 ALSA: seq-dummy: remove deadlock-causing events on close
When the last subscriber to a "Through" port has been removed, the
subscribed destination ports might still be active, so it would be
wrong to send "all sounds off" and "reset controller" events to them.
The proper place for such a shutdown would be the closing of the actual
MIDI port (and close_substream() in rawmidi.c already can do this).

This also fixes a deadlock when dummy_unuse() tries to send events to
its own port that is already locked because it is being freed.

Reported-by: Peter Billam <peter@www.pjb.com.au>
Cc: <stable@vger.kernel.org>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-26 13:53:13 +01:00
Markus Elfring
57dca36ee2 ALSA: seq: Deletion of unnecessary checks before the function call "snd_midi_event_free"
The snd_midi_event_free() function tests whether its argument is NULL and then
returns immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-01-04 15:11:05 +01:00
Markus Elfring
d712eaf29d ALSA: core: Deletion of unnecessary checks before two function calls
The functions snd_seq_oss_timer_delete() and vunmap() perform also input
parameter validation. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-11-21 20:06:57 +01:00
Takashi Iwai
d5129f33a0 Subject: ALSA: seq: Remove autoload locks in driver registration
Since we're calling request_module() asynchronously now, we can get
rid of the autoload lock in snd_seq_device_register_driver(), as well
as in the snd-seq driver registration itself.  This enables the
automatic loading of dependent sequencer modules, such as
snd-seq-virmidi from snd-emu10k1-synth.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-10-18 20:25:19 +02:00
Takashi Iwai
68ab61084d ALSA: seq: bind seq driver automatically
Currently the sequencer module binding is performed independently from
the card module itself.  The reason behind it is to keep the sequencer
stuff optional and allow the system running without it (e.g. for using
PCM or rawmidi only).  This works in most cases, but a remaining
problem is that the binding isn't done automatically when a new driver
module is probed.  Typically this becomes visible when a hotplug
driver like usb audio is used.

This patch tries to address this and other potential issues.  First,
the seq-binder (seq_device.c) tries to load a missing driver module at
creating a new device object.  This is done asynchronously in a workq
for avoiding the deadlock (modprobe call in module init path).

This action, however, should be enabled only when the sequencer stuff
was already initialized, i.e. snd-seq module was already loaded.  For
that, a new function, snd_seq_autoload_init() is introduced here; this
clears the blocking of autoloading, and also tries to load all pending
driver modules.

Reported-by: Adam Goode <agoode@chromium.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-10-18 20:25:12 +02:00
Takashi Iwai
54841a06c5 ALSA: seq: Use atomic ops for autoload refcount
... just to robustify for races.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-10-15 14:00:16 +02:00
Rasmus Villemoes
b245a822a4 ALSA: seq: seq_memory.c: Fix closing brace followed by if
Add a newline and, while at it, remove a space and redundant braces.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-06-23 17:58:33 +02:00
Adam Goode
27423257b7 ALSA: seq: Continue broadcasting events to ports if one of them fails
Sometimes PORT_EXIT messages are lost when a process is exiting.
This happens if you subscribe to the announce port with client A,
then subscribe to the announce port with client B, then kill client A.
Client B will not see the PORT_EXIT message because client A's port is
closing and is earlier in the announce port subscription list. The
for each loop will try to send the announcement to client A and fail,
then will stop trying to broadcast to other ports. Killing B works fine
since the announcement will already have gone to A. The CLIENT_EXIT
message does not get lost.

How to reproduce problem:

*** termA
$ aseqdump -p 0:1
  0:1   Port subscribed            0:1 -> 128:0

*** termB
$ aseqdump -p 0:1

*** termA
  0:1   Client start               client 129
  0:1   Port start                 129:0
  0:1   Port subscribed            0:1 -> 129:0

*** termB
  0:1   Port subscribed            0:1 -> 129:0

*** termA
^C

*** termB
  0:1   Client exit                client 128
   <--- expected Port exit as well (before client exit)

Signed-off-by: Adam Goode <agoode@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-06-04 17:30:58 +02:00
Adam Goode
21fd3e956e ALSA: seq: correctly detect input buffer overflow
snd_seq_event_dup returns -ENOMEM in some buffer-full conditions,
but usually returns -EAGAIN. Make -EAGAIN trigger the overflow
condition in snd_seq_fifo_event_in so that the fifo is cleared
and -ENOSPC is returned to userspace as stated in the alsa-lib docs.

Signed-off-by: Adam Goode <agoode@google.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-06-04 07:12:12 +02:00
Masanari Iida
53403a8013 ALSA: core: Fix format string mismatch in seq_midi.c
Fix format string mismatch in snd_seq_midisynth_register_port().
Argument type of p is unsigned int.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-04-28 12:18:47 +02:00
Takashi Iwai
bb343e7969 ALSA: seq_oss: Use standard printk helpers
Use the standard pr_xxx() helpers instead of home-baked snd_print*().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-14 08:14:18 +01:00
Takashi Iwai
04cc79a048 ALSA: seq: Use standard printk helpers
Use the standard pr_xxx() helpers instead of home-baked snd_print*().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-14 08:14:18 +01:00
Takashi Iwai
f2f9307a4f ALSA: core: Use standard printk helpers
Use dev_err() & co as much as possible.  If not available (no device
assigned at the calling point), use pr_xxx() helpers instead.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-14 08:14:15 +01:00
Takashi Iwai
a67ca25b6c ALSA: seq_oss: Drop debug prints
The debug prints in snd-seq-oss module are rather useless.
Let's clean up before further modifications.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-14 08:14:13 +01:00
Takashi Iwai
80d7d771ae ALSA: Drop unused name argument in snd_register_oss_device()
The last argument, name, of snd_oss_register_device() is nowhere
referred in the function in the current code.  Let's drop it.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2014-02-12 10:58:19 +01:00
Takashi Iwai
256ca9c3ad ALSA: seq-oss: Initialize MIDI clients asynchronously
We've got bug reports that the module loading stuck on Debian system
with 3.10 kernel.  The debugging session revealed that the initial
registration of OSS sequencer clients stuck at module loading time,
which involves again with request_module() at the init phase.  This is
triggered only by special --install stuff Debian is using, but it's
still not good to have such loops.

As a workaround, call the registration part asynchronously.  This is a
better approach irrespective of the hang fix, in anyway.

Reported-and-tested-by: Philipp Matthias Hahn <pmhahn@pmhahn.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-07-17 09:19:24 +02:00
Takashi Iwai
66efdc71d9 ALSA: seq: Fix missing error handling in snd_seq_timer_open()
snd_seq_timer_open() didn't catch the whole error path but let through
if the timer id is a slave.  This may lead to Oops by accessing the
uninitialized pointer.

 BUG: unable to handle kernel NULL pointer dereference at 00000000000002ae
 IP: [<ffffffff819b3477>] snd_seq_timer_open+0xe7/0x130
 PGD 785cd067 PUD 76964067 PMD 0
 Oops: 0002 [#4] SMP
 CPU 0
 Pid: 4288, comm: trinity-child7 Tainted: G      D W 3.9.0-rc1+ #100 Bochs Bochs
 RIP: 0010:[<ffffffff819b3477>]  [<ffffffff819b3477>] snd_seq_timer_open+0xe7/0x130
 RSP: 0018:ffff88006ece7d38  EFLAGS: 00010246
 RAX: 0000000000000286 RBX: ffff88007851b400 RCX: 0000000000000000
 RDX: 000000000000ffff RSI: ffff88006ece7d58 RDI: ffff88006ece7d38
 RBP: ffff88006ece7d98 R08: 000000000000000a R09: 000000000000fffe
 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
 R13: ffff8800792c5400 R14: 0000000000e8f000 R15: 0000000000000007
 FS:  00007f7aaa650700(0000) GS:ffff88007f800000(0000) GS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 00000000000002ae CR3: 000000006efec000 CR4: 00000000000006f0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process trinity-child7 (pid: 4288, threadinfo ffff88006ece6000, task ffff880076a8a290)
 Stack:
  0000000000000286 ffffffff828f2be0 ffff88006ece7d58 ffffffff810f354d
  65636e6575716573 2065756575712072 ffff8800792c0030 0000000000000000
  ffff88006ece7d98 ffff8800792c5400 ffff88007851b400 ffff8800792c5520
 Call Trace:
  [<ffffffff810f354d>] ? trace_hardirqs_on+0xd/0x10
  [<ffffffff819b17e9>] snd_seq_queue_timer_open+0x29/0x70
  [<ffffffff819ae01a>] snd_seq_ioctl_set_queue_timer+0xda/0x120
  [<ffffffff819acb9b>] snd_seq_do_ioctl+0x9b/0xd0
  [<ffffffff819acbe0>] snd_seq_ioctl+0x10/0x20
  [<ffffffff811b9542>] do_vfs_ioctl+0x522/0x570
  [<ffffffff8130a4b3>] ? file_has_perm+0x83/0xa0
  [<ffffffff810f354d>] ? trace_hardirqs_on+0xd/0x10
  [<ffffffff811b95ed>] sys_ioctl+0x5d/0xa0
  [<ffffffff813663fe>] ? trace_hardirqs_on_thunk+0x3a/0x3f
  [<ffffffff81faed69>] system_call_fastpath+0x16/0x1b

Reported-and-tested-by: Tommi Rantala <tt.rantala@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-03-11 09:40:36 +01:00
Dan Carpenter
85c50a5899 ALSA: seq: seq_oss_event: missing range checks
The "dev" variable could be out of bounds.  Calling
snd_seq_oss_synth_is_valid() checks that it is is a valid device
which has been opened.  We check this inside set_note_event() so
this function can't succeed without a valid "dev".  But we need to
do the check earlier to prevent invalid dereferences and memory
corruption.

One call tree where "dev" could be out of bounds is:
-> snd_seq_oss_oob_user()
   -> snd_seq_oss_process_event()
      -> extended_event()
         -> note_on_event()

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2013-03-04 16:39:50 +01:00
Adam Buchbinder
d93cf0687c various: Fix spelling of "registered" in comments.
Some comments misspell "registered"; this fixes them. No code changes.

Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2012-11-19 14:29:46 +01:00
Andi Kleen
8dea9d382a ALSA: lto, sound: Fix export symbols for !CONFIG_MODULES
The new LTO EXPORT_SYMBOL references symbols even without CONFIG_MODULES.
Since these functions are macros in this case this doesn't work.
Add a ifdef to fix the build.

Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-08-20 11:53:10 +02:00
Lucas De Marchi
970e248649 Documentation: remove references to /etc/modprobe.conf
Usage of /etc/modprobe.conf file was deprecated by module-init-tools and
is no longer parsed by new kmod tool. References to this file are
replaced in Documentation, comments and Kconfig according to the
context.

There are also some references to the old /etc/modules.conf from 2.4
kernels that are being removed.

Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
Acked-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-03-30 16:03:15 -07:00
Paul Gortmaker
51990e8254 device.h: cleanup users outside of linux/include (C files)
For files that are actively using linux/device.h, make sure
that they call it out.  This will allow us to clean up some
of the implicit uses of linux/device.h within include/*
without introducing build regressions.

Yes, this was created by "cheating" -- i.e. the headers were
cleaned up, and then the fallout was found and fixed, and then
the two commits were reordered.  This ensures we don't introduce
build regressions into the git history.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
2012-03-11 14:27:37 -04:00