commit 3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 upstream.
Currently kill_fasync() is called outside the stream lock in
snd_pcm_period_elapsed(). This is potentially racy, since the stream
may get released even during the irq handler is running. Although
snd_pcm_release_substream() calls snd_pcm_drop(), this doesn't
guarantee that the irq handler finishes, thus the kill_fasync() call
outside the stream spin lock may be invoked after the substream is
detached, as recently reported by KASAN.
As a quick workaround, move kill_fasync() call inside the stream
lock. The fasync is rarely used interface, so this shouldn't have a
big impact from the performance POV.
Ideally, we should implement some sync mechanism for the proper finish
of stream and irq handler. But this oneliner should suffice for most
cases, so far.
Reported-by: Baozeng Ding <sploving1@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Willy Tarreau <w@1wt.eu>
* Due to gts210vewifi being unable to register sound
card reliably this method doesn't always work.
Change-Id: Id965d0c653a5318d90fcfe4a3ad4eb2c936213c2
create_fixed_stream_quirk(), snd_usb_parse_audio_interface() and
create_uaxx_quirk() functions allocate the audioformat object by themselves
and free it upon error before returning. However, once the object is linked
to a stream, it's freed again in snd_usb_audio_pcm_free(), thus it'll be
double-freed, eventually resulting in a memory corruption.
This patch fixes these failures in the error paths by unlinking the audioformat
object before freeing it.
Based on a patch by Takashi Iwai <tiwai@suse.de>
[Note for stable backports:
this patch requires the commit 902eb7fd1e4a ('ALSA: usb-audio: Minor
code cleanup in create_fixed_stream_quirk()')]
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Cc: <stable@vger.kernel.org> # see the note above
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Change-Id: Ie36a8b7ce9e03e0db028251ed6ee78ee978ed4f3
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 836b34a935abc91e13e63053d0a83b24dfb5ea78
[rsiddoji@codeaurora.org : resolved some minor confilts ]
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Just a minor code cleanup: unify the error paths.
Change-Id: I2fe930c5d29c88285131f211b2f8e1ecfacd5205
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Git-repo: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 902eb7fd1e4af3ac69b9b30f8373f118c92b9729
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Update machine driver AFE API calls compatible
with adsp version AVS 2.6 and AVS 2.7
Update of mclk flag in suspend call.
Change-Id: Id0b300bcf585895cc659a1882710d825d0e7a808
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
Signed-off-by: Divya Narayanan Poojary <dnaray@codeaurora.org>
In Q6 asm and afe drivers, add API support
for AVS 2.7. Update compress driver to use
ASM volume gain compatible to verion used
Change-Id: I152a3410c99cfa37dca0eadb30b97f121f5d0a89
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
Signed-off-by: Divya Narayanan Poojary <dnaray@codeaurora.org>
Q6 core service provides API to query ADSP
version. Update the apr with get()/set()
to use this adsp version by platform/machine drivers
Change-Id: Icf480991b4b7847cd872ab7286ed1132facff0a4
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
Signed-off-by: Divya Narayanan Poojary <dnaray@codeaurora.org>
Timeout error is observed while waiting for
ADM_CMD_SET_PP_PARAMS_V5 command's response.
Fix the condition logic in wait_event_timeout()
to match the value set in adm_callback() when
response to ADM_CMD_SET_PP_PARAMS_V5 is received.
CRs-Fixed: 1030674
Change-Id: I711c860dc3de479eec0d22369d19615aef572ea1
Signed-off-by: Karthik Reddy Katta <a_katta@codeaurora.org>
validation of the codec variable passed to the snd_soc_read
and snd_soc_write functions are missing and can lead to DoS
as referred in CVE-2016-6690
Bug:28838221
Change-Id: I5020f77e252bade5e97efb592afb71fe1b18d952
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
Signed-off-by: Srinivasa Rao Kuppala <srkupp@codeaurora.org>
Removed 20ms delay in RX chain PMD as it is not required.
This improves device switch and tear down latency.
CRs-Fixed: 1070432
Change-Id: Id6996dff163f390a662f628da710d8bb238f7fca
Signed-off-by: Rohit kumar <rohitkr@codeaurora.org>
Before accessing io mapped address, check if
qdsp6 is ready to avoid dataabort issue.
Change-Id: Ia65875cd1087520befa0d12f928dc3fd1478031a
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>
Set token value with port index and copp id so that
correct wait queue handle can be deduced in the
callback of adm_set_stereo_to_custom_stereo command.
Change-Id: Ica4c1442c1143f46de2baa6eaf1890ad0cb4b742
Signed-off-by: Shiv Maliyappanahalli <smaliyap@codeaurora.org>
The params array is used without initialization, which may cause
security issues. Initialize it as all zero after the definition.
CRs-Fixed: 1062271
Change-Id: If462fe3d82f139d72547f82dc7eb564f83cb35bf
Signed-off-by: Walter Yang <yandongy@codeaurora.org>
Change all audio driver to use %pK instead
of %p. %pK hides addresses when the users doesn't
have kernel permissions. If address information
is needed echo 0 > /proc/sys/kernel/kptr_restrict.
CRs-Fixed: 1052832
Change-Id: I9ff5cf06b019c566973eb609bf5d37969b98d31d
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Change cpe driver to use %pK instead of %p.
%pK hides addresses when the users doesn't
have kernel permissions. If address information
is needed echo 0 > /proc/sys/kernel/kptr_restrict.
CRs-Fixed: 1052832
Change-Id: I741d9e5c5b415011348e862c3f1ee4fe28c3969f
Signed-off-by: Xiaojun Sang <xsang@codeaurora.org>
Initialize param length with user space argument and
check the condition for maximum length in
SND_AUDIOCODEC_EAC3 format.
CRs-Fixed: 1032820
Change-Id: I710c1f743d7502e93989e8cc487078366570e723
Signed-off-by: Surendar karka <sukark@codeaurora.org>
Schmitt trigger result is wrong if PA is enabled.
So, don't check for cross connection when PA is enabled.
CRs-Fixed: 1061507
Change-Id: Iad71abbed72aa40b5c839260f5c297a885f7d128
Signed-off-by: Yeleswarapu Nagaradhesh <nagaradh@codeaurora.org>
Cross connection sometimes gets detected late. The issue faced is
cable is reported as headset initially, cross connection is
detected later. But before confirming cross connection, playback
starts on headset, so checking for cross connection is not
confirmed. Cable remains reported as headset. So check for cross
connection just before reporting headset.
CRs-Fixed: 1028002
Change-Id: Ida4f277f13c9a193cd7c92063b99bcf1104f107e
Signed-off-by: Divya Ojha <dojha@codeaurora.org>
The overflow check is required to ensure that user space data
in kernel may not go beyond buffer boundary.
CRs-Fixed: 1064411
Change-Id: I54c28a8942cf1a6a47a4e8272f3159b35d753ead
Signed-off-by: Karthik Reddy Katta <a_katta@codeaurora.org>
dummy_codec is not initialized before use, which
could cause kernel panic. Initialize dummy_codec before use.
Change-Id: Iedf7a3accbd14138ab7ed9e4e36a98fd7ca9a839
Signed-off-by: Meng Wang <mwang@codeaurora.org>
In lsm-related driver files, some pointers are not set as NULL
after the memory is freed, which will leave many dangling pointers.
Set them to NULL explicitly to avoid potential risk.
CRs-Fixed: 880388
Change-Id: I44925240705608510266a51225cc02611637c571
Signed-off-by: Walter Yang <yandongy@codeaurora.org>
After SSR, observe tones heard with high volume.
compander and hph_mode mixer controls are reset
in post reset callback which will not be in
sync with userspace settings. Avoid reset of
compander and hph_mode controls in post reset
callback.
CRs-Fixed: 1010471
Change-Id: Iacb3e27a35027037613e82e483b10b635d492a75
Signed-off-by: Laxminath Kasam <lkasam@codeaurora.org>