Commit Graph

7922 Commits

Author SHA1 Message Date
Linus Torvalds
d9f73afcd3 Merge branch 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: i2c/other/ak4xx-adda: Fix a compile warning with CONFIG_PROCFS=n
  ALSA: prevent heap corruption in snd_ctl_new()
2010-10-04 11:15:59 -07:00
Takashi Iwai
e913b14649 ALSA: i2c/other/ak4xx-adda: Fix a compile warning with CONFIG_PROCFS=n
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-30 22:59:12 +02:00
Dan Rosenberg
5591bf0722 ALSA: prevent heap corruption in snd_ctl_new()
The snd_ctl_new() function in sound/core/control.c allocates space for a
snd_kcontrol struct by performing arithmetic operations on a
user-provided size without checking for integer overflow.  If a user
provides a large enough size, an overflow will occur, the allocated
chunk will be too small, and a second user-influenced value will be
written repeatedly past the bounds of this chunk.  This code is
reachable by unprivileged users who have permission to open
a /dev/snd/controlC* device (on many distros, this is group "audio") via
the SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE ioctls.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-28 21:33:16 +02:00
Takashi Iwai
3b23cd2875 Merge branch 'fix/hda' into for-linus 2010-09-25 17:57:53 +02:00
Takashi Iwai
b614e38e78 Merge branch 'fix/asoc' into for-linus 2010-09-25 17:57:49 +02:00
Dan Rosenberg
e68d3b316a ALSA: sound/pci/rme9652: prevent reading uninitialized stack memory
The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO and
SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctls in hdspm.c and hdsp.c allow
unprivileged users to read uninitialized kernel stack memory, because
several fields of the hdsp{m}_config_info structs declared on the stack
are not altered or zeroed before being copied back to the user.  This
patch takes care of it.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-25 17:46:22 +02:00
Takashi Iwai
01fdf1801e ALSA: hda - Fix auto-parse of SPDIF input of Realtek codecs
The SPDIF in audio widget must be searched through the list as the widget
that contains the given pin as the connection source.  The current code
was implemented in a reverse way.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-24 09:09:42 +02:00
Mark Brown
0077ca0b5c ASoC: Fix multi-componentism
Spot the build testing.

Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2010-09-22 18:47:40 +01:00
Dimitris Papastamos
d47372e852 ASoC: Fix soc-cache buffer overflow bug
Make sure we stay within the cache boundaries when updating the
register cache.

Signed-off-by: Dimitris Papastamos <dp@opensource.wolfsonmicro.com>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2010-09-22 12:01:05 +01:00
Erik J. Staab
0873a5ae74 ALSA: oxygen: fix analog capture on Claro halo cards
On the HT-Omega Claro halo card, the ADC data must be captured from the
second I2S input.  Using the default first input, which isn't connected
to anything, would result in silence.

Signed-off-by: Erik J. Staab <ejs@insightbb.com>
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-22 10:04:08 +02:00
Luke Yelavich
0f9f1ee9d1 ALSA: hda - Add Dell Latitude E6400 model quirk
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/643891

Set the Dell Latitude E6400 (1028:0233) SSID to use AD1984_DELL_DESKTOP

Cc: stable@kernel.org
Signed-off-by: Luke Yelavich <luke.yelavich@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-21 10:07:45 +02:00
Guennadi Liakhovetski
cbfa5184cc ASoC: fix clkdev API usage in sh/migor.c
The clkdev API doesn't use .name and .id members of struct clk for clock
lookup. Instead clocks should be added to a lookup list. Without this patch
audio om the Migo-R board fails silently.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Acked-by: Liam Girdwood <lrg@slimlogic.co.uk>
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
2010-09-19 16:02:47 +01:00
Takashi Iwai
a1984f4999 Merge branch 'fix/hda' into for-linus 2010-09-17 17:44:20 +02:00
Takashi Iwai
901d46d5a8 ALSA: pcm - Fix race with proc files
The PCM proc files may open a race against substream close, which can
end up with an Oops.  Use the open_mutex to protect for it.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-16 23:06:50 +02:00
Takashi Iwai
8699a0b657 ALSA: pcm - Fix unbalanced pm_qos_request
The pm_qos_request isn't freed properly when OSS PCM emulation is used
because it skips snd_pcm_hw_free() call but directly releases the
stream.  This resulted in Oops later.

Tested-by: Simon Kirby <sim@hostway.ca>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-16 23:04:38 +02:00
David Henningsson
145a902bfe ALSA: HDA: Enable internal speaker on Dell M101z
BugLink: http://launchpad.net/bugs/640254

In some cases a magic processing coefficient is needed to enable
the internal speaker on Dell M101z. According to Realtek, this
processing coefficient is only present on ALC269vb.

Cc: stable@kernel.org
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-16 10:18:54 +02:00
Stephen Warren
3894335876 ALSA: patch_nvhdmi.c: Fix supported sample rate list.
22050 isn't a valid HDMI sample rate. 32000 is.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-By: Wei Ni <wni@nvidia.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-14 23:28:18 +02:00
Joe Perches
147fcf1c21 sound: Remove pr_<level> uses of KERN_<level>
Signed-off-by: Joe Perches <joe@perches.com>
Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-13 23:40:29 +02:00
Anisse Astier
2ca9cac965 ALSA: hda - Add quirk for Toshiba C650D using a Conexant CX20585
Add a quirk for laptop Toshiba Satellite C650D to have proper external HP and
external Mic support.

Signed-off-by: Anisse Astier <anisse@astier.eu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-13 12:33:32 +02:00
Seth Heasley
cea310e8f8 ALSA: hda_intel: ALSA HD Audio patch for Intel Patsburg DeviceIDs
This patch adds the Intel Patsburg (PCH) HD Audio Controller DeviceIDs.

Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-13 08:37:27 +02:00
Takashi Iwai
5431427b1a Merge branch 'fix/hda' into for-linus 2010-09-10 08:27:00 +02:00
Dan Carpenter
a7a13d0676 ALSA: rawmidi: fix the get next midi device ioctl
If we pass in a device which is higher than SNDRV_RAWMIDI_DEVICES then
the "next device" should be -1.  This function just returns device + 1.

But the main thing is that "device + 1" can lead to a (harmless) integer
overflow and that annoys static analysis tools.

[fix the case for device == SNDRV_RAWMIDI_DEVICE by tiwai]

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-09 09:05:21 +02:00
Takashi Iwai
122661b678 ALSA: hda - Fix wrong HP pin detection in snd_hda_parse_pin_def_config()
snd_hda_parse_pin_def_config() has some workaround for re-assigning
some pins declared as headphones to line-outs.  This didn't work properly
for some cases because it used memmove() stupidly wrongly.

Reference: Novell bnc#637263
	https://bugzilla.novell.com/show_bug.cgi?id=637263

Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 14:59:26 +02:00
Takashi Iwai
27f7ad5382 ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
The error handling in snd_seq_oss_open() has several bad codes that
do dereferecing released pointers and double-free of kmalloc'ed data.
The object dp is release in free_devinfo() that is called via
private_free callback.  The rest shouldn't touch this object any more.

The patch changes delete_port() to call kfree() in any case, and gets
rid of unnecessary calls of destructors in snd_seq_oss_open().

Fixes CVE-2010-3080.

Reported-and-tested-by: Tavis Ormandy <taviso@cmpxchg8b.com>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 10:45:34 +02:00
Takashi Iwai
e4ee8dd8af ALSA: msnd-classic: Fix invalid cfg parameter
The driver doesn't probe the device properly because of left-over cfg[]
that isn't used at all for msnd-classic device.  This is only for msnd-
pinnacle.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-08 09:58:12 +02:00