linux-toradex.git/sound/oss, branch v3.0.52

SOUND: OSS: Remove Au1550 driver.

2011-05-20T09:33:39+00:00

This driver does no longer build since at least 2.6.30 and there is a
modern ALSA replacement for it.  RIP, Rot In Pieces.

Signed-off-by: Ralf Baechle 
Signed-off-by: Takashi Iwai

Fix common misspellings

2011-03-31T14:26:23+00:00

Fixes generated by 'codespell' and manually reviewed.

Signed-off-by: Lucas De Marchi

sound/oss/opl3: validate voice and channel indexes

2011-03-23T21:48:13+00:00

User-controllable indexes for voice and channel values may cause reading
and writing beyond the bounds of their respective arrays, leading to
potentially exploitable memory corruption.  Validate these indexes.

Signed-off-by: Dan Rosenberg 
Cc: stable@kernel.org
Signed-off-by: Takashi Iwai

sound/oss: remove offset from load_patch callbacks

2011-03-23T21:47:46+00:00

Was: [PATCH] sound/oss/midi_synth: prevent underflow, use of
uninitialized value, and signedness issue

The offset passed to midi_synth_load_patch() can be essentially
arbitrary.  If it's greater than the header length, this will result in
a copy_from_user(dst, src, negative_val).  While this will just return
-EFAULT on x86, on other architectures this may cause memory corruption.
Additionally, the length field of the sysex_info structure may not be
initialized prior to its use.  Finally, a signed comparison may result
in an unintentionally large loop.

On suggestion by Takashi Iwai, version two removes the offset argument
from the load_patch callbacks entirely, which also resolves similar
issues in opl3.  Compile tested only.

v3 adjusts comments and hopefully gets copy offsets right.

Signed-off-by: Dan Rosenberg 
Signed-off-by: Takashi Iwai

Merge branch 'fix/misc' into topic/misc

2011-03-11T13:48:09+00:00

sound: Use sound_register_*() for additional OSS minor devices

2011-03-09T19:10:37+00:00

Since OSS driver creates the device entries for /dev/audio* and
/dev/dspW* by itself without coping with sound_core, it leads to
conflicts with others and let sysfs spewing warnings.

This patch rewrites the registration part of OSS driver to use
the standard method also for additional minor devices.

Reported-by: Steven Rostedt  (with ktest.pl)
Tested-by: Steven Rostedt  (with ktest.pl)
Signed-off-by: Takashi Iwai

sound: silent echo'ed messages in Makefile

2011-01-31T10:28:53+00:00

Silent these echo's, please.

Signed-off-by: WANG Cong 
Signed-off-by: Takashi Iwai

sound: Prevent buffer overflow in OSS load_mixer_volumes

2010-12-30T12:20:55+00:00

The load_mixer_volumes() function, which can be triggered by
unprivileged users via the SOUND_MIXER_SETLEVELS ioctl, is vulnerable to
a buffer overflow.  Because the provided "name" argument isn't
guaranteed to be NULL terminated at the expected 32 bytes, it's possible
to overflow past the end of the last element in the mixer_vols array.
Further exploitation can result in an arbitrary kernel write (via
subsequent calls to load_mixer_volumes()) leading to privilege
escalation, or arbitrary kernel reads via get_mixer_levels().  In
addition, the strcmp() may leak bytes beyond the mixer_vols array.

Signed-off-by: Dan Rosenberg 
Cc: stable 
Signed-off-by: Takashi Iwai

sound/oss: Remove unnecessary casts of void ptr

2010-11-11T00:59:04+00:00

The [vk][cmz]alloc(_node) family of functions return void pointers which
it's completely unnecessary/pointless to cast to other pointer types since
that happens implicitly.

This patch removes such casts from sound/oss/

Signed-off-by: Jesper Juhl 
Signed-off-by: Takashi Iwai

sound/oss/dev_table.c: Use vzalloc

2010-11-11T00:54:32+00:00

Signed-off-by: Joe Perches 
Signed-off-by: Takashi Iwai