Add mutex lock to protect private data in _put() and
get() calls.
Change-Id: I776ba5739fec4f1ff6542ef48de79ad3873f1161
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Add mutex lock to protect private data in _put() and
get() calls.
Change-Id: I92f5a6515b6d1c4ad650a7dcf22a0a231a84dd30
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
There is race condition around private data used in put() and get()
of few mixer ctls with close() callback.Add global mutex lock and
code changes to protect such critical section by accessing such lock.
Change-Id: I276c2a234cfcbef88b4272b945e5c3f121e8eb32
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Payload size is not checked before payload access. Check it
to avoid out-of-boundary memory access.
Change-Id: I913e37ba8eaa3451934b88de1e6b14a5e83f493b
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
APPS crashes randomly due to invalid memory allocation
in q6asm_audio_client_buf_free_contiguous.
Added check to return error if memory allocation size is 0.
Change-Id: I40f49aa147d513b29b56224a5ee77ccbb2dcc110
CRs-Fixed: 2285272
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
There is no need for the power down work to be done on a per CPU workqueue
especially considering the fairly long delay before powerdown.
Signed-off-by: Mark Brown <broonie@linaro.org>
Acked-by: Vinod Koul <vinod.koul@intel.com>
There is no need to use a normal per-CPU workqueue for delayed power downs
as they're not timing or performance critical and waking up a core for them
would defeat some of the point.
Signed-off-by: Mark Brown <broonie@linaro.org>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
The accessory detect debounce work is not performance sensitive so let
the scheduler run it wherever is most efficient rather than in a per CPU
workqueue by using the system power efficient workqueue.
Signed-off-by: Mark Brown <broonie@linaro.org>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Expected buffer size to read is 2 bytes.
Corrected the size check to return error
when count is not 2.
Change-Id: I43b572d191f6f98a8a790b5ae77b43fabcd7329a
Signed-off-by: Soumya Managoli <smanag@codeaurora.org>
Payload size is not checked before payload access. Check size
to avoid out-of-boundary memory access.
Change-Id: Iaa39ee4ea5489bb5579e7b7d5dfada12d88c5809
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Check if payload data is big enough before accessing
the data in it.
Change-Id: I939f205a8cebf6ef4859f81fae5429bca013d540
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
Token from DSP might be invalid for array index. Validate
the token before being used as array index.
Change-Id: I9f47e1328d75d9f9acf7e85ddb452019b6eced0a
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Validate buffer index obtained from ADSP token before using it.
CRs-Fixed: 2372302
Change-Id: I5c3b1634bd08b516844638dd67f726a882edfc17
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Payload size validity is not checked before using it in array index.
Check payload size to avoid out-of-boundary memory.
Change-Id: Ic0b06bb331fc1753ff7543bb218ab12d6a4a3ca8
Signed-off-by: Kunlei Zhang <kunleiz@codeaurora.org>
Check the size of ADSP payload before accessing it.
CRs-Fixed: 2380694
Change-Id: I52e74e5a86499ea61f8426f767948ce940d4d59c
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
Check buffer size in qdsp_cvs_callback before access in
ul_pkt.
Change-Id: Ic19994b46086709231656ec747d2df988b7a512f
Signed-off-by: Vatsal Bucha <vbucha@codeaurora.org>
With commit f6896ad1b5966405e87ef668922cadddad52f2eb, an incorrectly ordered
memset() command was present. This causes compilation to fail on GCC 5+.
Fix the order of the passed parameters to properly set requested memory.
BUG=38500815
TEST= Kernel compiles and boots bullhead.
Change-Id: Ic7cc759bb19385ad6839d2003358c7ead6df94be
Tested-by: Aun-Ali Zaidi <admin@kodeit.net>
Signed-off-by: Aun-Ali Zaidi <admin@kodeit.net>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Currently we set CONFIG_CC_OPTIMIZE_FOR_SIZE which suppressed the compiler
warning of unused variables which can lead undefined behavior e.g. memory
corruption and panic. See https://lkml.org/lkml/2013/3/25/347.
This patch fixes all the uninitilized variables in kernel
Bug: 33353384
Test: On device
Signed-off-by: Wei Wang <wvw@google.com>
Change-Id: I0ae1082f447b435d71156d471878ba71aa16c378
Send compress data by q6asm_run callback when user resumes music,
if the write_done event has been callback at offload pause state.
Bug: 30101878
Signed-off-by: Eric Laurent <elaurent@google.com>
Add pointer validation checks to prevent sending
invalid handles to ADSP as part of unmap memory
regions command.
CRs-Fixed: 1018367
Change-Id: I0dfb2fccb4414ed82ee10d73576fda66a273043d
Signed-off-by: Karthik Reddy Katta <a_katta@codeaurora.org>
Use smaller fragment sizes at DSP interface than at
user space interface.
This allows to write earlier to the DSP without waiting for
a full user space fragement in case of underrun or gapless
transition.
Bug: 28545177
Signed-off-by: Eric Laurent <elaurent@google.com>
Change the HW delay debug print so it does not
seem like an error. Adds comments in the code
describing the HW delay feature.
Change-Id: I0955623a7bdb0f4180c908ba079cf6f900e496a5
Signed-off-by: Ben Romberger <bromberg@codeaurora.org>
Add range check to make sure the received audio port index
from ADSP is within the valid range.
Change-Id: Ief647df1659f7f349a843f666d8f92f34a9a43be
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
ac could get freed during the execution of q6asm_callback.
And kernel panic happens. Add spinlock to protect ac to avoid
kernel panic.
Change-Id: Ie49c8a3979231552ba7d5f207aab0d95ffdc2a72
Signed-off-by: Meng Wang <mwang@codeaurora.org>
Add size check to make sure the data sizes from WDSP
ELF metadata and the split firmware ELF are the same.
Change-Id: Ic2f7dc04dfc95608302cba23461c519378619db0
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
Check for debugfs ops buf size passed before reading
to eliminate the possibility of reading out of bounds.
Bug: 77528653
Change-Id: I28fd60ce93256b6b0bad62b449092a891cc15463
Signed-off-by: Karthikeyan Mani <kmani@codeaurora.org>
commit 4efda5f2130da033aeedc5b3205569893b910de2 upstream.
soc_cleanup_card_resources() call snd_card_free() at the last of its
procedure. This turned out to lead to a use-after-free.
PCM runtimes have been already removed via soc_remove_pcm_runtimes(),
while it's dereferenced later in soc_pcm_free() called via
snd_card_free().
The fix is simple: just move the snd_card_free() call to the beginning
of the whole procedure. This also gives another benefit: it
guarantees that all operations have been shut down before actually
releasing the resources, which was racy until now.
Reported-and-tested-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mark Brown <broonie@kernel.org>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Set freed pointers to NULL to avoid double free
in msm_compr_playback_open and msm_compr_playback_free
functions of the compress driver.
CRs-Fixed: 2142216
Change-Id: Ifd011dd85dd9f610c7b69dd460f73d26e006cd66
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
Add size check to ensure cal data bytes size fits inside
the cal date when copying to user space buffer.
CRs-Fixed: 2110256
Change-Id: I511999984684a9db4aaf1cf2c65eb1495c36980f
Signed-off-by: kunleiz <kunleiz@codeaurora.org>
Fix access of a dangling pointer by assigning it to NULL.
CRs-Fixed: 2096407
Change-Id: I22c1d55ea611ac59cdca51924787f6831bad8c2b
Signed-off-by: Aditya Bavanari <abavanar@codeaurora.org>
While reporting the jack status snd_soc_jack_report() invokes snd_soc_dapm_sync()
always. This should be required when we have pins associated with jack and
reporting enables or disables these.
So add a check for this case
Change-Id: I02a8663f0e42e6bdf7454f760dbba08b59410a40
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Signed-off-by: smanag <smanag@codeaurora.org>
Git-commit: 30a765d6433413c0eba90c969eecf12dfa2d111a
Git-repo: https://source.codeaurora.org/quic/la/kernel/msm-3.10
A copy_from_user is not always expected to succeed. Therefore, check
for an error before operating on the buffer post copy.
CRs-Fixed: 1116070
Change-Id: I21032719e6e85f280ca0cda875c84ac8dee8916b
Signed-off-by: Siena Richard <sienar@codeaurora.org>
Before calling audio calibration ioctl functions, compare the
allocated buffer size to the size of the header and cal type header
to ensure the buffer is big enough.
Change-Id: I601bb37ddcc34d459c207cf579f29744fe912d7b
Signed-off-by: Vidyakumar Athota <vathota@codeaurora.org>
msm-compr-q6-v2.c and msm-compr-q6-v2.h are no longer used.
CRs-Fixed: 2022953
Change-Id: I856d90a212a3e123a2c8b80092aff003f7c608c7
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>