linux-dev/sound/core/seq/oss, branch master

ALSA: seq: oss: Fix data-race for max_midi_devs access

2022-08-23T15:00:12Z

ALSA OSS sequencer refers to a global variable max_midi_devs at creating a new port, storing it to its own field. Meanwhile this variable may be changed by other sequencer events at snd_seq_oss_midi_check_exit_port() in parallel, which may cause a data race. OTOH, this data race itself is almost harmless, as the access to the MIDI device is done via get_mdev() and it's protected with a refcount, hence its presence is guaranteed. Though, it's sill better to address the data-race from the code sanity POV, and this patch adds the proper spinlock for the protection. Reported-by: Abhishek Shah Cc: Link: https://lore.kernel.org/r/CAEHB2493pZRXs863w58QWnUTtv3HHfg85aYhLn5HJHCwxqtHQg@mail.gmail.com Link: https://lore.kernel.org/r/20220823072717.1706-1-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: oss: fix typo

2022-03-14T06:51:22Z

Fix typo in "announcement". Reported-by: Joe Perches Signed-off-by: Julia Lawall Link: https://lore.kernel.org/r/20220313085635.102123-1-Julia.Lawall@inria.fr Signed-off-by: Takashi Iwai

ALSA: seq: oss: use kzalloc

2022-03-13T08:09:37Z

Use kzalloc instead of kmalloc + memset. The semantic patch that makes this change is: (https://coccinelle.gitlabpages.inria.fr/website/) // @@ expression res, size, flag; @@ - res = kmalloc(size, flag); + res = kzalloc(size, flag); ... - memset(res, 0, size); // Signed-off-by: Julia Lawall Link: https://lore.kernel.org/r/20220312102705.71413-4-Julia.Lawall@inria.fr Signed-off-by: Takashi Iwai

ALSA: seq: oss: Fix error check at system port creation

2021-06-17T14:02:26Z

The system port creation in ALSA OSS sequencer was wrongly checked against to the port number that can be never negative. The error code should be checked rather against the ioctl call. This patch corrects the error check. Reported-by: Dan Carpenter Link: https://lore.kernel.org/r/20210617134742.6321-1-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: Fix assignment in if condition

2021-06-09T15:30:26Z

There are lots of places doing assignments in if condition in ALSA sequencer core, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-57-tiwai@suse.de Signed-off-by: Takashi Iwai

Merge branch 'for-linus' into for-next

2021-01-18T16:39:23Z

Back-merge of 5.11 devel branch for more works on USB-audio. Signed-off-by: Takashi Iwai

ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()

2021-01-15T09:35:17Z

snd_seq_oss_synth_make_info() didn't check the error code from snd_seq_oss_midi_make_info(), and this leads to the call of strlcpy() with the uninitialized string as the source, which may lead to the access over the limit. Add the proper error check for avoiding the failure. Reported-by: syzbot+e42504ff21cff05a595f@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20210115093428.15882-1-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: Convert strlcpy to strscpy when return value is unused

2021-01-08T08:30:05Z

strlcpy is deprecated. see: Documentation/process/deprecated.rst Change the calls that do not use the strlcpy return value to the preferred strscpy. Done with cocci script: @@ expression e1, e2, e3; @@ - strlcpy( + strscpy( e1, e2, e3); This cocci script leaves the instances where the return value is used unchanged. After this patch, sound/ has 3 uses of strlcpy() that need to be manually inspected for conversion and changed one day. $ git grep -w strlcpy sound/ sound/usb/card.c: len = strlcpy(card->longname, s, sizeof(card->longname)); sound/usb/mixer.c: return strlcpy(buf, p->name, buflen); sound/usb/mixer.c: return strlcpy(buf, p->names[index], buflen); Miscellenea: o Remove trailing whitespace in conversion of sound/core/hwdep.c Link: https://lore.kernel.org/lkml/CAHk-=wgfRnXz0W3D37d01q3JFkr_i_uTL=V6A6G1oUZcprmknw@mail.gmail.com/ Signed-off-by: Joe Perches Acked-by: Mark Brown Link: https://lore.kernel.org/r/22b393d1790bb268769d0bab7bacf0866dcb0c14.camel@perches.com Signed-off-by: Takashi Iwai

ALSA: seq: oss: Avoid mutex lock for a long-time ioctl

2020-09-23T12:45:14Z

Recently we applied a fix to cover the whole OSS sequencer ioctls with the mutex for dealing with the possible races. This works fine in general, but in theory, this may lead to unexpectedly long stall if an ioctl like SNDCTL_SEQ_SYNC is issued and an event with the far future timestamp was queued. For fixing such a potential stall, this patch changes the mutex lock applied conditionally excluding such an ioctl command. Also, change the mutex_lock() with the interruptible version for user to allow escaping from the big-hammer mutex. Fixes: 80982c7e834e ("ALSA: seq: oss: Serialize ioctls") Suggested-by: Pavel Machek Link: https://lore.kernel.org/r/20200922083856.28572-1-tiwai@suse.de Signed-off-by: Takashi Iwai

ALSA: seq: oss: Serialize ioctls

2020-08-05T06:27:39Z

Some ioctls via OSS sequencer API may race and lead to UAF when the port create and delete are performed concurrently, as spotted by a couple of syzkaller cases. This patch is an attempt to address it by serializing the ioctls with the existing register_mutex. Basically OSS sequencer API is an obsoleted interface and was designed without much consideration of the concurrency. There are very few applications with it, and the concurrent performance isn't asked, hence this "big hammer" approach should be good enough. Reported-by: syzbot+1a54a94bd32716796edd@syzkaller.appspotmail.com Reported-by: syzbot+9d2abfef257f3e2d4713@syzkaller.appspotmail.com Suggested-by: Hillf Danton Cc: Link: https://lore.kernel.org/r/20200804185815.2453-1-tiwai@suse.de Signed-off-by: Takashi Iwai