Clean up the driver with the new managed buffer allocation API.
The hw_params and hw_free callbacks became superfluous and got
dropped.
Link: https://lore.kernel.org/r/20191209094943.14984-9-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Clean up the driver with the new managed buffer allocation API.
The superfluous snd_pcm_lib_malloc_pages() and
snd_pcm_lib_free_pages() are dropped.
Link: https://lore.kernel.org/r/20191209094943.14984-8-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Clean up the driver with the new managed buffer allocation API.
The hw_params and hw_free callbacks became superfluous (they were only
useless debug prints) and got dropped.
Link: https://lore.kernel.org/r/20191209094943.14984-7-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Static analysis tools (cppcheck and PVS Studio) report an error
in loopback_snd_timer_period_elapsed() regarding dpcm_play pointer
dereference earlier than its null-check. And although this is a result
of a formal check, and the pointer correctness is also protected
by having a corresponding bit set in the "running" mask, re-ordering
of the lines can imake the code even formally correct and eliminate
those static analysis error reports.
Fixes: 26c53379f9 ("ALSA: aloop: Support selection of snd_timer instead of jiffies")
Reported-by: Eugeniu Rosca <erosca@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191127110622.26105-1-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
An explicit Kconfig dependency is missing for the recent addition of
the timer support. CONFIG_SND_TIMER isn't always selected by SND_PCM.
Fixes: 26c53379f9 ("ALSA: aloop: Support selection of snd_timer instead of jiffies")
Reported-by: kbuild test robot <lkp@intel.com>
Link: https://lore.kernel.org/r/20191124083924.14049-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
loopback_snd_timer_close_cable() function waits until all
scheduled tasklets are completed, but the timer is closed after that
and can generate more event callbacks, scheduling new tasklets,
that will not be synchronized with cable closing.
Move tasklet_kill() call to be executed after snd_timer_close()
call to avoid such case.
Fixes: 26c53379f9 ("ALSA: aloop: Support selection of snd_timer instead of jiffies")
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191122175218.17187-2-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
loopback_parse_timer_id() uses snd_card_ref(), that can lock on mutex,
also snd_timer_instance_new() uses non-atomic allocation, that can sleep.
So, both functions can not be called from loopback_snd_timer_open()
with cable->lock spinlock locked.
Moreover, most part of loopback_snd_timer_open() function body works
when the opposite stream of the same cable does not yet exist, and
the current stream is not yet completely open and can't be running,
so existing locking of loopback->cable_lock mutex is enough to protect
from conflicts with simultaneous opening or closing.
Locking of cable->lock spinlock is not needed in this case.
Fixes: 26c53379f9 ("ALSA: aloop: Support selection of snd_timer instead of jiffies")
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191122175218.17187-1-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Show and change sound card timer source with read-write info
file in proc filesystem. Initial string can still be set as
module parameter.
The timer source string value can be changed at any time,
but it is latched by PCM substream open callback (the first one
for a particular cable). At this point it is actually used, that
is the string is parsed, and the timer is looked up and opened.
The timer source is set for a loopback card (the same as initial
setting by module parameter), but every cable uses the value,
current at the moment of open.
Setting the value to empty string switches the timer to jiffies.
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-8-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
to do synchronous audio forwarding between hardware sound card and aloop
devices. Such an audio route could look like the following:
Sound card -> Loopback application -> ALSA loop device -> arecord
In this case the loopback device should use the sound timer of the sound
card. Without this patch the loopback application has to implement an
adaptive sample rate converter to align the different clocks of the
different ALSA devices.
The used timer can be selected by referring to a sound card, its device
and subdevice, when loading the module:
$ modprobe snd_aloop enable=1 timer_source=[<card>[.<dev>[.<subdev>]]]
<card> is the name (id) of the sound card or a card number.
<dev> and <subdev> are device and subdevice numbers (defaults are 0).
Empty string as a value of timer_source= parameter enables previous
functionality (using jiffies timer).
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-7-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit does not change the behaviour. It only separates the jiffies
timer specific implementation from the generic part.
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-5-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This commit only refactors the implementation. It does not change the
behaviour.
It is required to support other timers (e.g sound timer).
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-4-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This is required for additional timer implementations which could detect
errors and want to throw them.
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-3-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Describe the unit of the variables used to calculate the hw pointer
depending on jiffies ticks.
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Link: https://lore.kernel.org/r/20191120174955.6410-2-andrew_gabbasov@mentor.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The recent change (*) in the ALSA memalloc core allows us to drop the
special vmalloc-specific allocation and page handling. This patch
coverts to the common code.
(*) 1fe7f397cf: ALSA: memalloc: Add vmalloc buffer allocation
support
7e8edae39f: ALSA: pcm: Handle special page mapping in the
default mmap handler
Since the driver requires the DMA32 allocation, it passes the
specially encoded device to snd_pcm_lib_preallocate_pages().
Link: https://lore.kernel.org/r/20191105151856.10785-16-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The recent change (*) in the ALSA memalloc core allows us to drop the
special vmalloc-specific allocation and page handling. This patch
coverts to the common code.
(*) 1fe7f397cf: ALSA: memalloc: Add vmalloc buffer allocation
support
7e8edae39f: ALSA: pcm: Handle special page
mapping in the default mmap handler
Link: https://lore.kernel.org/r/20191105151856.10785-10-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The recent change (commit 08422d2c55: "ALSA: memalloc: Allow NULL
device for SNDRV_DMA_TYPE_CONTINUOUS type") made the PCM preallocation
helper accepting NULL as the device pointer for the default usage.
Drop the snd_dma_continuous_data() usage that became superfluous from
the callers.
Link: https://lore.kernel.org/r/20191105151856.10785-2-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Adjust indentation from spaces to tab (+optional two spaces) as in
coding style with command like:
$ sed -e 's/^ /\t/' -i */Kconfig
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20191004144931.3851-1-krzk@kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Based on 2 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license version 2 as
published by the free software foundation #
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference in 4122 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Enrico Weigelt <info@metux.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Allison Randal <allison@lohutok.net>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version this program is distributed in the
hope that it will be useful but without any warranty without even
the implied warranty of merchantability or fitness for a particular
purpose see the gnu general public license for more details you
should have received a copy of the gnu general public license along
with this program if not write to the free software foundation inc
59 temple place suite 330 boston ma 02111 1307 usa
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 1334 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version this program is distributed in the
hope that it will be useful but without any warranty without even
the implied warranty of merchantability or fitness for a particular
purpose see the gnu general public license for more details you
should have received a copy of the gnu general public license along
with this program if not write to the free software foundation inc
51 franklin st fifth floor boston ma 02110 1301 usa
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 50 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190523091649.499889647@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Based on 1 normalized pattern(s):
this program is free software you can redistribute it and or modify
it under the terms of the gnu general public license as published by
the free software foundation either version 2 of the license or at
your option any later version this program is distributed in the
hope that it will be useful but without any warranty without even
the implied warranty of merchantability or fitness for a particular
purpose see the gnu general public license for more details you
should have received a copy of the gnu general public license along
with this program if not write to the free software foundation inc
675 mass ave cambridge ma 02139 usa
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-or-later
has been chosen to replace the boilerplate/reference in 441 file(s).
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Reviewed-by: Richard Fontana <rfontana@redhat.com>
Reviewed-by: Allison Randal <allison@lohutok.net>
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Cc: linux-spdx@vger.kernel.org
Link: https://lkml.kernel.org/r/20190520071858.739733335@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add SPDX license identifiers to all Make/Kconfig files which:
- Have no license information of any form
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add SPDX license identifiers to all files which:
- Have no license information of any form
- Have MODULE_LICENCE("GPL*") inside which was used in the initial
scan/conversion to ignore the file
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Currently snd_aloop supports only S16 and S32 audio sample formats. With
this patch the S24 formats are also supported.
Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The function snd_opl3_drum_switch declaration in the header file
has the order of the two arguments on_off and vel swapped when
compared to the definition arguments of vel and on_off. Fix this
by swapping them around to match the definition.
This error predates the git history, so no idea when this error
was introduced.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Simplify the proc fs creation code with new helper functions,
snd_card_ro_proc_new() and snd_card_rw_proc_new().
Just a code refactoring and no functional changes.
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The calls of snd_info_register() are superfluous and should be avoided
at the procfs creation time. They are called at the end of the whole
initialization via snd_card_register(). This patch drops such
superfluous calls.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The call of snd_pcm_suspend_all() & co became superfluous since we
call it in the PCM PM ops. Let's remove them.
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
In preparation to enabling -Wimplicit-fallthrough, mark switch cases
where we are expecting to fall through.
Addresses-Coverity-ID: 114878 ("Missing break in switch")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
For a sake of code simplification, remove the init and the exit
entries that do nothing.
Notes for readers: actually it's OK to remove *both* init and exit,
but not OK to remove the exit entry. By removing only the exit while
keeping init, the module becomes permanently loaded; i.e. you cannot
unload it any longer!
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Move the declarations of common variables into opl3_voice.h instead of
declaring at each file multiple times, which was error-prone.
This fixes sparse warnings like:
sound/drivers/opl3/opl3_synth.c:51:6: warning: symbol 'snd_opl3_regmap' was not declared. Should it be static?
Signed-off-by: Takashi Iwai <tiwai@suse.de>
snd_pcm_lib_mmap_vmalloc() was supposed to be implemented with
somewhat special for vmalloc handling, but in the end, this turned to
just the default handler, i.e. NULL. As the situation has never
changed over decades, let's rip it off.
Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Variable opl3 is being assigned but is never used hence it is
redundant and can be removed.
Cleans up several clang warnings:
warning: variable 'opl3' set but not used [-Wunused-but-set-variable]
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
As we move stuff around, some doc references are broken. Fix some of
them via this script:
./scripts/documentation-file-ref-check --fix
Manually checked if the produced result is valid, removing a few
false-positives.
Acked-by: Takashi Iwai <tiwai@suse.de>
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Stephen Boyd <sboyd@kernel.org>
Acked-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Acked-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Reviewed-by: Coly Li <colyli@suse.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Acked-by: Jonathan Corbet <corbet@lwn.net>
Convert the S_<FOO> symbolic permissions to their octal equivalents as
using octal and not symbolic permissions is preferred by many as more
readable.
see: https://lkml.org/lkml/2016/8/2/1945
Done with automated conversion via:
$ ./scripts/checkpatch.pl -f --types=SYMBOLIC_PERMS --fix-inplace <files...>
Miscellanea:
o Wrapped one multi-line call to a single line
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Some control API callbacks in aloop driver are too lazy to take the
loopback->cable_lock and it results in possible races of cable access
while it's being freed. It eventually lead to a UAF, as reported by
fuzzer recently.
This patch covers such control API callbacks and add the proper mutex
locks.
Reported-by: DaeRyong Jeong <threeearcat@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
As recently Smatch suggested, one place in OPL3 driver may expand the
array directly from the user-space value with speculation:
sound/drivers/opl3/opl3_synth.c:476 snd_opl3_set_voice() warn: potential spectre issue 'snd_opl3_regmap'
This patch puts array_index_nospec() for hardening against it.
BugLink: https://marc.info/?l=linux-kernel&m=152411496503418&w=2
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Show paused ALSA aloop device as inactive, i.e. the control
"PCM Slave Active" set as false. Notification sent upon state change.
This makes it possible for client capturing from aloop device to know if
data is expected. Without it the client expects data even if playback
is paused.
Signed-off-by: Robert Rosengren <robert.rosengren@axis.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
In loopback_open() and loopback_close(), we assign and release the
substream object to the corresponding cable in a racy way. It's
neither locked nor done in the right position. The open callback
assigns the substream before its preparation finishes, hence the other
side of the cable may pick it up, which may lead to the invalid memory
access.
This patch addresses these: move the assignment to the end of the open
callback, and wrap with cable->lock for avoiding concurrent accesses.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The aloop driver tries to stop the pending timer via timer_del() in
the trigger callback and in the close callback. The former is
correct, as it's an atomic operation, while the latter expects that
the timer gets really removed and proceeds the resource releases after
that. But timer_del() doesn't synchronize, hence the running timer
may still access the released resources.
A similar situation can be also seen in the prepare callback after
trigger(STOP) where the prepare tries to re-initialize the things
while a timer is still running.
The problems like the above are seen indirectly in some syzkaller
reports (although it's not 100% clear whether this is the only cause,
as the race condition is quite narrow and not always easy to
trigger).
For addressing these issues, this patch adds the explicit alls of
timer_del_sync() in some places, so that the pending timer is properly
killed / synced.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Pull timer updates from Thomas Gleixner:
"The timer departement presents:
- A rather large rework of the hrtimer infrastructure which
introduces softirq based hrtimers to replace the spread of
hrtimer/tasklet combos which force the actual callback execution
into softirq context. The approach is completely different from the
initial implementation which you cursed at 10 years ago rightfully.
The softirq based timers have their own queues and there is no
nasty indirection and list reshuffling in the hard interrupt
anymore. This comes with conversion of some of the hrtimer/tasklet
users, the rest and the final removal of that horrible interface
will come towards the end of the merge window or go through the
relevant maintainer trees.
Note: The top commit merged the last minute bugfix for the 10 years
old CPU hotplug bug as I wanted to make sure that I fatfinger the
merge conflict resolution myself.
- The overhaul of the STM32 clocksource/clockevents driver
- A new driver for the Spreadtrum SC9860 timer
- A new driver dor the Actions Semi S700 timer
- The usual set of fixes and updates all over the place"
* 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (53 commits)
usb/gadget/NCM: Replace tasklet with softirq hrtimer
ALSA/dummy: Replace tasklet with softirq hrtimer
hrtimer: Implement SOFT/HARD clock base selection
hrtimer: Implement support for softirq based hrtimers
hrtimer: Prepare handling of hard and softirq based hrtimers
hrtimer: Add clock bases and hrtimer mode for softirq context
hrtimer: Use irqsave/irqrestore around __run_hrtimer()
hrtimer: Factor out __hrtimer_next_event_base()
hrtimer: Factor out __hrtimer_start_range_ns()
hrtimer: Remove the 'base' parameter from hrtimer_reprogram()
hrtimer: Make remote enqueue decision less restrictive
hrtimer: Unify remote enqueue handling
hrtimer: Unify hrtimer removal handling
hrtimer: Make hrtimer_force_reprogramm() unconditionally available
hrtimer: Make hrtimer_reprogramm() unconditional
hrtimer: Make hrtimer_cpu_base.next_timer handling unconditional
hrtimer: Make the remote enqueue check unconditional
hrtimer: Use accesor functions instead of direct access
hrtimer: Make the hrtimer_cpu_base::hres_active field unconditional, to simplify the code
hrtimer: Make room in 'struct hrtimer_cpu_base'
...
The tasklet is used to defer the execution of snd_pcm_period_elapsed() to
the softirq context. Using the HRTIMER_MODE_SOFT mode invokes the timer
callback in softirq context as well which renders the tasklet useless.
[o-takashi: avoid stall due to a call of hrtimer_cancel() on a callback of hrtimer]
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Anna-Maria Gleixner <anna-maria@linutronix.de>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Cc: alsa-devel@alsa-project.org
Cc: keescook@chromium.org
Link: http://lkml.kernel.org/r/20171221104205.7269-35-anna-maria@linutronix.de
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The aloop driver tries to update the hw constraints of the connected
target on the cable of the opened PCM substream. This is done by
adding the extra hw constraints rules referring to the substream
runtime->hw fields, while the other substream may update the runtime
hw of another side on the fly.
This is, however, racy and may result in the inconsistent values when
both PCM streams perform the prepare concurrently. One of the reason
is that it overwrites the other's runtime->hw field; which is not only
racy but also broken when it's called before the open of another side
finishes. And, since the reference to runtime->hw isn't protected,
the concurrent write may give the partial value update and become
inconsistent.
This patch is an attempt to fix and clean up:
- The prepare doesn't change the runtime->hw of other side any longer,
but only update the cable->hw that is referred commonly.
- The extra rules refer to the loopback_pcm object instead of the
runtime->hw. The actual hw is deduced from cable->hw.
- The extra rules take the cable_lock to protect against the race.
Fixes: b1c73fc8e6 ("ALSA: snd-aloop: Fix hw_params restrictions and checking")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The extra hw constraint rule for the formats the aloop driver
introduced has a slight flaw, where it doesn't return a positive value
when the mask got changed. It came from the fact that it's basically
a copy&paste from snd_hw_constraint_mask64(). The original code is
supposed to be a single-shot and it modifies the mask bits only once
and never after, while what we need for aloop is the dynamic hw rule
that limits the mask bits.
This difference results in the inconsistent state, as the hw_refine
doesn't apply the dependencies fully. The worse and surprisingly
result is that it causes a crash in OSS emulation when multiple
full-duplex reads/writes are performed concurrently (I leave why it
triggers Oops to readers as a homework).
For fixing this, replace a few open-codes with the standard
snd_mask_*() macros.
Reported-by: syzbot+3902b5220e8ca27889ca@syzkaller.appspotmail.com
Fixes: b1c73fc8e6 ("ALSA: snd-aloop: Fix hw_params restrictions and checking")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>