linux-stable/include/sound
Takashi Iwai a91d66129f ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal
The commit 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
converted the get_kctl_0dB_offset() call for killing set_fs() usage in
HD-audio codec code.  The conversion assumed that the TLV callback
used in HD-audio code is only snd_hda_mixer_amp() and applies the TLV
calculation locally.

Although this assumption is correct, and all slave kctls are actually
with that callback, the current code is still utterly buggy; it
doesn't hit this condition and falls back to the next check.  It's
because the function gets called after adding slave kctls to vmaster.
By assigning a slave kctl, the slave kctl object is faked inside
vmaster code, and the whole kctl ops are overridden.  Thus the
callback op points to a different value from what we've assumed.

More badly, as reported by the KERNEXEC and UDEREF features of PaX,
the code flow turns into the unexpected pitfall.  The next fallback
check is SNDRV_CTL_ELEM_ACCESS_TLV_READ access bit, and this always
hits for each kctl with TLV.  Then it evaluates the callback function
pointer wrongly as if it were a TLV array.  Although currently its
side-effect is fairly limited, this incorrect reference may lead to an
unpleasant result.

For addressing the regression, this patch introduces a new helper to
vmaster code, snd_ctl_apply_vmaster_slaves().  This works similarly
like the existing map_slaves() in hda_codec.c: it loops over the slave
list of the given master, and applies the given function to each
slave.  Then the initializer function receives the right kctl object
and we can compare the correct pointer instead of the faked one.

Also, for catching the similar breakage in future, give an error
message when the unexpected TLV callback is found and bail out
immediately.

Fixes: 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
Reported-by: PaX Team <pageexec@freemail.hu>
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-10-18 12:27:00 +02:00
..
ac97_codec.h ASoC: ac97: add gpio chip 2015-11-18 18:08:54 +00:00
aci.h
ad1816a.h ALSA: ad1816a: Remove always NULL parameters 2015-01-02 16:26:20 +01:00
ad1843.h
adau1373.h
aess.h
ak4xxx-adda.h
ak4113.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4114.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4117.h ALSA: ak411x: Use array instead of offsetof() 2017-05-17 07:13:03 +02:00
ak4531_codec.h
ak4641.h
alc5623.h
asequencer.h
asound.h
asoundef.h
compress_driver.h ALSA: compress: Fix kernel-doc warnings 2016-11-15 07:28:15 +01:00
control.h ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal 2017-10-18 12:27:00 +02:00
core.h ALSA: Get rid of card power_lock 2017-08-30 20:44:29 +02:00
cs35l33.h ASoC: cs35l33: Initial commit of the cs35l33 CODEC driver. 2016-06-27 17:39:06 +01:00
cs35l34.h ASoC: cs35l34: Initial commit of the cs35l34 CODEC driver. 2016-10-21 12:02:44 +01:00
cs35l35.h ASoC: cs35l35: Add Boost Inductor Calculation 2017-05-19 17:31:34 +01:00
cs42l52.h ASoC: cs42l52: Make MICA/B mixer dependent on mic config 2013-11-28 10:20:51 +00:00
cs42l56.h ASoC: Add support for CS42L56 CODEC 2014-05-05 18:20:22 -07:00
cs42l73.h ASoC: cs42l73: Add platform data support for cs42l73 codec 2013-10-18 00:37:29 +01:00
cs4231-regs.h
cs4271.h
cs8403.h
cs8427.h ALSA: cs8427: separate HW initialization 2014-04-03 14:59:48 +02:00
da7213.h ASoC: da7213: Add support to handle mclk data provided to driver 2015-10-07 15:11:34 +01:00
da7218.h ASoC: da7218: Add da7218 codec driver 2015-11-30 12:24:12 +00:00
da7219-aad.h ASoC: codecs: Add da7219 codec driver 2015-10-02 18:11:27 +01:00
da7219.h ASoC: da7219: Disable AAD if codec is not a wake-up source 2016-09-26 09:39:50 -07:00
da9055.h
designware_i2s.h ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc driver 2017-06-28 19:01:12 +01:00
dmaengine_pcm.h ASoC: Revert "Drop SND_DMAENGINE_PCM_FLAG_CUSTOM_CHANNEL_NAME flag" 2017-01-23 18:16:33 +00:00
emu10k1.h ALSA: emu10k1: Use workqueue instead of kthread for emu1010 fw polling 2016-11-15 08:21:19 +01:00
emu10k1_synth.h
emu8000.h
emu8000_reg.h
emux_legacy.h
emux_synth.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
es1688.h ALSA: es1688: Remove almost always NULL parameter 2015-01-02 16:27:03 +01:00
gus.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
hda_chmap.h ALSA: hda - Update chmap tlv to report sink's capability 2016-04-04 16:04:24 +02:00
hda_hwdep.h
hda_i915.h drm/i915/dp: DP audio API changes for MST 2016-09-22 09:01:55 -07:00
hda_register.h ALSA: hda - add more ML register definitions 2017-04-07 10:39:18 +02:00
hda_regmap.h ALSA: hda - Fix possible race on regmap bypass flip 2016-04-21 17:59:17 +02:00
hda_verbs.h ALSA: hda - program ICT bits to support HBR audio 2017-09-20 12:01:01 +02:00
hdaudio.h ALSA: hda - Avoid tricky macros 2017-04-03 08:42:43 +02:00
hdaudio_ext.h ALSA - Ext hda: remove bus_parse_capabilities 2016-08-09 08:53:56 +02:00
hdmi-codec.h ASoC: hdmi-codec: add .get_dai_id support 2017-05-24 18:45:29 +01:00
hwdep.h ALSA: hwdep: Embed struct device 2015-02-02 14:42:42 +01:00
i2c.h ALSA: i2c: constify snd_i2c_ops structures 2015-11-30 11:40:08 +01:00
info.h ALSA: replace CONFIG_PROC_FS with CONFIG_SND_PROC_FS 2015-05-27 21:25:19 +02:00
initval.h
jack.h ALSA: jack: Allow building the jack layer without input device 2016-02-23 09:03:07 +01:00
l3.h ASoC: L3 bus: Add default gpio ops 2016-08-08 11:55:20 +01:00
max9768.h
max98088.h
max98090.h
max98095.h
memalloc.h ALSA: Remove memory reservation code from memalloc helper 2014-01-09 07:32:10 +01:00
minors.h
mixer_oss.h ALSA: Use IS_ENABLED() in common headers 2017-05-17 07:13:04 +02:00
mpu401.h
omap-hdmi-audio.h drm: omapdrm: hdmi: Pass HDMI core version as integer to HDMI audio 2017-08-16 12:52:41 +03:00
omap-pcm.h ASoC: omap-pcm: Move omap-pcm under include/sound 2014-05-26 15:32:32 +01:00
opl3.h ALSA: seq: Allow the tristate build of OSS emulation 2017-06-09 22:09:45 +02:00
opl4.h
pcm-indirect.h ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers 2017-05-25 23:34:45 +02:00
pcm.h ALSA: pcm: Add an ioctl to specify the supported protocol version 2017-06-27 13:55:46 +02:00
pcm_drm_eld.h ALSA: pcm: add DRM ELD helper 2015-05-22 16:01:44 +02:00
pcm_iec958.h ALSA: pcm: add IEC958 channel status helper for hw_params 2016-04-06 11:47:48 -07:00
pcm_oss.h
pcm_params.h ALSA: Add params_set_format helper 2015-02-24 00:43:18 +09:00
pt2258.h
pxa2xx-lib.h ASoC: pxa: pxa-pcm-lib: switch over to snd-soc-dmaengine-pcm 2015-09-30 23:21:16 +01:00
rawmidi.h ALSA: Use IS_ENABLED() in common headers 2017-05-17 07:13:04 +02:00
rt286.h ASoC: add RT286 CODEC driver 2014-07-04 18:50:51 +01:00
rt298.h ASoC: add rt298 codec driver 2015-07-09 12:00:11 +01:00
rt5514.h ASoC: rt5514: Add the DMIC initial delay to wait it ready. 2016-10-25 14:25:36 +01:00
rt5640.h ASoC: rt5640: Fill up the IN3's support 2015-10-22 13:33:00 +01:00
rt5645.h ASoC: rt5645: add inv_jd1_1 flag 2017-06-28 18:33:31 +01:00
rt5651.h ASoC: add RT5651 CODEC driver 2014-04-18 18:52:18 +01:00
rt5659.h ASoC: rt5659: add rt5659 codec driver 2015-11-18 12:55:25 +00:00
rt5660.h ASoC: rt5660: add rt5660 codec driver 2016-09-24 19:51:57 +01:00
rt5663.h ASoC: rt5663: Seprate the DC offset between headphone and headset 2017-08-02 11:20:50 +01:00
rt5665.h treewide: Remove remaining executable attributes from source files 2017-02-25 12:12:50 -08:00
rt5670.h ASoC: rt5670: Add IRQ function 2015-03-11 12:08:20 +00:00
s3c24xx_uda134x.h ASoC: s3c24xx_uda134x: Remove unused power() callback 2016-08-08 11:55:20 +01:00
sb.h ALSA: Include linux/io.h instead of asm/io.h 2015-01-28 16:49:33 +01:00
sb16_csp.h
seq_device.h ALSA: seq: Define driver object in each driver 2015-02-12 14:15:54 +01:00
seq_kernel.h ALSA: seq: Drop snd_seq_autoload_lock() and _unlock() 2015-02-12 14:42:31 +01:00
seq_midi_emul.h
seq_midi_event.h
seq_oss.h
seq_oss_legacy.h
seq_virmidi.h ALSA: seq: Fix copy_from_user() call inside lock 2017-10-09 14:10:13 +02:00
sh_dac_audio.h
sh_fsi.h
simple_card.h ASoC: simple-card: use asoc_simple_card_parse_daifmt() 2016-07-01 17:34:02 +02:00
simple_card_utils.h ASoC: make clock direction configurable in asoc-simple 2017-09-01 11:34:23 +01:00
snd_wavefront.h ALSA: isa: Constify snd_rawmidi_ops 2017-01-12 12:50:16 +01:00
soc-dai.h ASoC: core: add optional pcm_new callback for DAI driver 2017-01-20 15:16:23 +00:00
soc-dapm.h ASoC: dapm: Add new widget type for constructing DAPM graphs on DSPs. 2017-06-30 11:55:20 +01:00
soc-dpcm.h ASoC: Make soc_dpcm_debugfs_add() non-fatal 2015-04-09 11:32:29 +01:00
soc-topology.h ASoC: topology: Allow bespoke configuration post widget creation 2017-06-09 18:46:08 +01:00
soc.h Merge remote-tracking branch 'asoc/topic/core' into asoc-next 2017-09-01 12:12:18 +01:00
soundfont.h
spear_dma.h ASoC: Update email-id of Rajeev Kumar 2015-04-28 16:31:01 +01:00
spear_spdif.h
sta32x.h ASoC: sta32x: add device tree binding. 2015-01-27 17:13:25 +00:00
sta350.h ASoC: sta350: add support for bits in miscellaneous registers 2014-05-05 12:52:59 -07:00
tas2552-plat.h ASoC: tas2552: Support TI TAS2552 Amplifier 2014-07-17 17:57:05 +01:00
tas5086.h
tea6330t.h
timer.h ALSA: timer: Introduce disconnect op to snd_timer_instance 2016-01-21 17:51:42 +01:00
tlv.h ALSA: control: cage TLV_DB_RANGE_HEAD in kernel land because it was obsoleted 2016-09-25 22:16:49 +02:00
tlv320aic3x.h
tlv320aic32x4.h ASoC: tlv320aic32x4: Add gpio configuration to the codec 2017-07-17 16:22:28 +01:00
tlv320dac33-plat.h
tpa6130a2-plat.h
uda134x.h ASoC: uda134x: Remove is_powered_on_standby from platform data 2014-11-24 18:04:49 +00:00
uda1380.h
util_mem.h
vx_core.h ALSA: vx: Use nonatomic PCM ops 2014-09-15 15:52:03 +02:00
wavefront.h
wm0010.h
wm1250-ev1.h
wm2000.h
wm2200.h
wm5100.h
wm8903.h
wm8904.h ASoC: wm8904: Correct number of EQ registers 2015-10-20 15:46:09 +01:00
wm8955.h
wm8960.h
wm8962.h ASoC: wm8962: Let CODEC driver enable and disable its own MCLK 2014-07-31 20:51:26 +01:00
wm8993.h
wm8996.h
wm9081.h
wm9090.h
wss.h ALSA: wss: Remove (almost) always NULL parameters 2015-01-02 16:30:08 +01:00