So far we use the embedded struct device for each PCM substreams in
struct snd_pcm. This may result in UAF when the delayed kobj release
is used; each corresponding struct device is still accessed at the
(delayed) device release, while the snd_pcm object may be already
gone.
As a workaround, detach the struct device from the snd_pcm object by
allocating via the new snd_device_alloc() helper.
A caveat is that we store the PCM substream pointer to drvdata since
the device resume and others require the access to it.
This patch is based on the fix Curtis posted initially. In this
patch, the changes are split and use the new helper function instead.
Link: https://lore.kernel.org/r/20230801171928.1460120-1-cujomalainey@chromium.org
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Tested-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230816160252.23396-4-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Embedding the ctl_dev in the snd_card object may result in UAF when
the delayed kobj release is used; at the delayed kobj release, it
still accesses the struct device itself while the card memory (that
embeds the struct device) may be already gone.
As a workaround, detach the struct device from the card object by
allocating via the new snd_device_alloc() helper. The rest are just
replacing ctl_dev access to the pointer.
This is based on the fix Curtis posted initially. In this patch, the
changes are split and use the new helper function instead.
Link: https://lore.kernel.org/r/20230801171928.1460120-1-cujomalainey@chromium.org
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Signed-off-by: Curtis Malainey <cujomalainey@chromium.org>
Tested-by: Curtis Malainey <cujomalainey@chromium.org>
Link: https://lore.kernel.org/r/20230816160252.23396-3-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Media Device Allocator API to allows multiple drivers share a media device.
This API solves a very common use-case for media devices where one physical
device (an USB stick) provides both audio and video. When such media device
exposes a standard USB Audio class, a proprietary Video class, two or more
independent drivers will share a single physical USB bridge. In such cases,
it is necessary to coordinate access to the shared resource.
Using this API, drivers can allocate a media device with the shared struct
device as the key. Once the media device is allocated by a driver, other
drivers can get a reference to it. The media device is released when all
the references are released.
Change the ALSA driver to use the Media Controller API to share media
resources with DVB, and V4L2 drivers on a AU0828 media device.
The Media Controller specific initialization is done after sound card is
registered. ALSA creates Media interface and entity function graph nodes
for Control, Mixer, PCM Playback, and PCM Capture devices.
snd_usb_hw_params() will call Media Controller enable source handler
interface to request the media resource. If resource request is granted,
it will release it from snd_usb_hw_free(). If resource is busy, -EBUSY is
returned.
Media specific cleanup is done in usb_audio_disconnect().
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Shuah Khan <shuah@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Unfortunately, this patch caused several regressions at au0828 and
snd-usb-audio, like this one:
https://bugzilla.kernel.org/show_bug.cgi?id=115561
It also showed several troubles at the MC core that handles pretty
poorly the memory protections and data lifetime management.
So, better to revert it and fix the core before reapplying this
change.
This reverts commit aebb2b89bf ("[media] sound/usb: Use Media
Controller API to share media resources")'
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Change ALSA driver to use Media Controller API to share media resources
with DVB and V4L2 drivers on a AU0828 media device. Media Controller
specific initialization is done after sound card is registered. ALSA
creates Media interface and entity function graph nodes for Control,
Mixer, PCM Playback, and PCM Capture devices.
snd_usb_hw_params() will call Media Controller enable source handler
interface to request the media resource. If resource request is
granted, it will release it from snd_usb_hw_free(). If resource is
busy, -EBUSY is returned.
Media specific cleanup is done in usb_audio_disconnect().
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Acked-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>