The sanity checks introduced for malformed descriptors loosely check
the given descriptor size, although the size greater than the defined
description is invalid. It was due to a concern of any funky firmware
in the actual products. But this doesn't look hitting, and any sane
products must have the defined descriptors.
So in this patch, we make the validators more strict, allowing only
with the defined descriptor sizes. The value in clock selector
validator is corrected from 5 to 7 to count the two unlisted fields
after baCSourceID[].
Suggested-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Reviewed-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
There are lots of open-coded functions to find a clock source,
selector and multiplier. Now there are both v2 and v3, so six
variants.
This patch refactors the code to use a common helper for the main
loop, and define each validator function for each target.
There is no functional change.
Fixes: 9a2fe9b801 ("ALSA: usb: initial USB Audio Device Class 3.0 support")
Reviewed-by: Ruslan Bilovol <ruslan.bilovol@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The PCM runtime object is created and freed dynamically at PCM stream
open / close time. This is tracked via substream->runtime, and it's
cleared at snd_pcm_detach_substream().
The runtime object assignment is protected by PCM open_mutex, so for
all PCM operations, it's safely handled. However, each PCM substream
provides also an ALSA timer interface, and user-space can access to
this while closing a PCM substream. This may eventually lead to a
UAF, as snd_pcm_timer_resolution() tries to access the runtime while
clearing it in other side.
Fortunately, it's the only concurrent access from the PCM timer, and
it merely reads runtime->timer_resolution field. So, we can avoid the
race by reordering kfree() and wrapping the substream->runtime
clearance with the corresponding timer lock.
Reported-by: syzbot+8e62ff4e07aa2ce87826@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This is a *very* big release for ASoC. Not much change in the core but
there s the transition of all the individual drivers over to components
which is intended to support further core work. The goal is to make it
easier to do further core work by removing the need to special case all
the different driver classes in the core, many of the devices end up
being used in multiple roles in modern systems.
We also have quite a lot of new drivers added this month of all kinds,
quite a few for simple devices but also some more advanced ones with
more substantial code.
- The biggest thing is the huge series from Morimoto-san which
converted everything over to components. This is a huge change by
code volume but was fairly mechanical
- Many fixes for some of the Realtek based Baytrail systems covering
both the CODECs and the CPUs, contributed by Hans de Goode.
- Lots of cleanups for Samsung based Odroid systems from Sylwester
Nawrocki.
- The Freescale SSI driver also got a lot of cleanups from Nicolin
Chen.
- The Blackfin drivers have been removed as part of the removal of the
architecture.
- New drivers for AKM AK4458 and AK5558, several AMD based machines,
several Intel based machines, Maxim MAX9759, Motorola CPCAP,
Socionext Uniphier SoCs, and TI PCM1789 and TDA7419
-----BEGIN PGP SIGNATURE-----
iQFHBAABCgAxFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAlrCUIYTHGJyb29uaWVA
a2VybmVsLm9yZwAKCRAk1otyXVSH0A29B/sGkDyeoSTkvAIIu1cmVAIdpxz/MniC
2/KOVlZkIPV2WqS7wdzadJhTw8Xv/yX+By6w5dYQZyBsw9elYr/AvDomqetEwJfo
229jJGWxFbxNxgSo0gNeo5bL44ISjLK8TUw72YN3M1a15XvxF4NQwxmw3/5FYLHB
i3bxUd+nBTtshnnBTZFCvraF7kgm2OT1wQJgOiD6fWD4eSrIUrnp5kmUzvkrtMEA
PjKWV3k8d4xc1r5IDraX/saUYeoXQ/3cGkktWtc/AmqEf+mLI1iYpdhbAeiEqyNU
mkhcuMwF4E1qaMP0GgifhWnDgEyp4GvMUYkM21EjgKrOxgraMw3NcgX9
=JfFJ
-----END PGP SIGNATURE-----
Merge tag 'asoc-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Updates for v4.17
This is a *very* big release for ASoC. Not much change in the core but
there s the transition of all the individual drivers over to components
which is intended to support further core work. The goal is to make it
easier to do further core work by removing the need to special case all
the different driver classes in the core, many of the devices end up
being used in multiple roles in modern systems.
We also have quite a lot of new drivers added this month of all kinds,
quite a few for simple devices but also some more advanced ones with
more substantial code.
- The biggest thing is the huge series from Morimoto-san which
converted everything over to components. This is a huge change by
code volume but was fairly mechanical
- Many fixes for some of the Realtek based Baytrail systems covering
both the CODECs and the CPUs, contributed by Hans de Goode.
- Lots of cleanups for Samsung based Odroid systems from Sylwester
Nawrocki.
- The Freescale SSI driver also got a lot of cleanups from Nicolin
Chen.
- The Blackfin drivers have been removed as part of the removal of the
architecture.
- New drivers for AKM AK4458 and AK5558, several AMD based machines,
several Intel based machines, Maxim MAX9759, Motorola CPCAP,
Socionext Uniphier SoCs, and TI PCM1789 and TDA7419
We recently made "format" a u64 variable so now static checkers complain
that this shift will wrap around if format is more than 31. I don't
think it makes a difference for runtime, but it's simple to silence the
warning.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>