search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[ALSA] Fix use after free in opl3_seq and opl3_oss
[linux-2.6/s3c2410-cpufreq.git] / sound / drivers / opl3 / opl3_oss.c
blobfccf019a6d85968a5ff8f26953d0f9dba655d654
1 /*
2 * Interface for OSS sequencer emulation
3 *
4 * Copyright (C) 2000 Uros Bizjak <uros@kss-loka.si>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20
21 #include "opl3_voice.h"
22 #include <linux/slab.h>
23
24 static int snd_opl3_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure);
25 static int snd_opl3_close_seq_oss(struct snd_seq_oss_arg *arg);
26 static int snd_opl3_ioctl_seq_oss(struct snd_seq_oss_arg *arg, unsigned int cmd, unsigned long ioarg);
27 static int snd_opl3_load_patch_seq_oss(struct snd_seq_oss_arg *arg, int format, const char __user *buf, int offs, int count);
28 static int snd_opl3_reset_seq_oss(struct snd_seq_oss_arg *arg);
29
30 /* */
31
32 static inline mm_segment_t snd_enter_user(void)
33 {
34 mm_segment_t fs = get_fs();
35 set_fs(get_ds());
36 return fs;
37 }
38
39 static inline void snd_leave_user(mm_segment_t fs)
40 {
41 set_fs(fs);
42 }
43
44 /* operators */
45
46 extern struct snd_midi_op opl3_ops;
47
48 static struct snd_seq_oss_callback oss_callback = {
49 .owner = THIS_MODULE,
50 .open = snd_opl3_open_seq_oss,
51 .close = snd_opl3_close_seq_oss,
52 .ioctl = snd_opl3_ioctl_seq_oss,
53 .load_patch = snd_opl3_load_patch_seq_oss,
54 .reset = snd_opl3_reset_seq_oss,
55 };
56
57 static int snd_opl3_oss_event_input(struct snd_seq_event *ev, int direct,
58 void *private_data, int atomic, int hop)
59 {
60 struct snd_opl3 *opl3 = private_data;
61
62 if (ev->type != SNDRV_SEQ_EVENT_OSS)
63 snd_midi_process_event(&opl3_ops, ev, opl3->oss_chset);
64 return 0;
65 }
66
67 /* ------------------------------ */
68
69 static void snd_opl3_oss_free_port(void *private_data)
70 {
71 struct snd_opl3 *opl3 = private_data;
72
73 snd_midi_channel_free_set(opl3->oss_chset);
74 }
75
76 static int snd_opl3_oss_create_port(struct snd_opl3 * opl3)
77 {
78 struct snd_seq_port_callback callbacks;
79 char name[32];
80 int voices, opl_ver;
81
82 voices = (opl3->hardware < OPL3_HW_OPL3) ?
83 MAX_OPL2_VOICES : MAX_OPL3_VOICES;
84 opl3->oss_chset = snd_midi_channel_alloc_set(voices);
85 if (opl3->oss_chset == NULL)
86 return -ENOMEM;
87 opl3->oss_chset->private_data = opl3;
88
89 memset(&callbacks, 0, sizeof(callbacks));
90 callbacks.owner = THIS_MODULE;
91 callbacks.event_input = snd_opl3_oss_event_input;
92 callbacks.private_free = snd_opl3_oss_free_port;
93 callbacks.private_data = opl3;
94
95 opl_ver = (opl3->hardware & OPL3_HW_MASK) >> 8;
96 sprintf(name, "OPL%i OSS Port", opl_ver);
97
98 opl3->oss_chset->client = opl3->seq_client;
99 opl3->oss_chset->port = snd_seq_event_port_attach(opl3->seq_client, &callbacks,
100 SNDRV_SEQ_PORT_CAP_WRITE,
101 SNDRV_SEQ_PORT_TYPE_MIDI_GENERIC |
102 SNDRV_SEQ_PORT_TYPE_MIDI_GM |
103 SNDRV_SEQ_PORT_TYPE_SYNTH,
104 voices, voices,
105 name);
106 if (opl3->oss_chset->port < 0) {
107 int port;
108 port = opl3->oss_chset->port;
109 snd_midi_channel_free_set(opl3->oss_chset);
110 return port;
111 }
112 return 0;
113 }
114
115 /* ------------------------------ */
116
117 /* register OSS synth */
118 void snd_opl3_init_seq_oss(struct snd_opl3 *opl3, char *name)
119 {
120 struct snd_seq_oss_reg *arg;
121 struct snd_seq_device *dev;
122
123 if (snd_seq_device_new(opl3->card, 0, SNDRV_SEQ_DEV_ID_OSS,
124 sizeof(struct snd_seq_oss_reg), &dev) < 0)
125 return;
126
127 opl3->oss_seq_dev = dev;
128 strlcpy(dev->name, name, sizeof(dev->name));
129 arg = SNDRV_SEQ_DEVICE_ARGPTR(dev);
130 arg->type = SYNTH_TYPE_FM;
131 if (opl3->hardware < OPL3_HW_OPL3) {
132 arg->subtype = FM_TYPE_ADLIB;
133 arg->nvoices = MAX_OPL2_VOICES;
134 } else {
135 arg->subtype = FM_TYPE_OPL3;
136 arg->nvoices = MAX_OPL3_VOICES;
137 }
138 arg->oper = oss_callback;
139 arg->private_data = opl3;
140
141 if (snd_opl3_oss_create_port(opl3)) {
142 /* register to OSS synth table */
143 snd_device_register(opl3->card, dev);
144 }
145 }
146
147 /* unregister */
148 void snd_opl3_free_seq_oss(struct snd_opl3 *opl3)
149 {
150 if (opl3->oss_seq_dev) {
151 /* The instance should have been released in prior */
152 opl3->oss_seq_dev = NULL;
153 }
154 }
155
156 /* ------------------------------ */
157
158 /* open OSS sequencer */
159 static int snd_opl3_open_seq_oss(struct snd_seq_oss_arg *arg, void *closure)
160 {
161 struct snd_opl3 *opl3 = closure;
162 int err;
163
164 snd_assert(arg != NULL, return -ENXIO);
165
166 if ((err = snd_opl3_synth_setup(opl3)) < 0)
167 return err;
168
169 /* fill the argument data */
170 arg->private_data = opl3;
171 arg->addr.client = opl3->oss_chset->client;
172 arg->addr.port = opl3->oss_chset->port;
173
174 if ((err = snd_opl3_synth_use_inc(opl3)) < 0)
175 return err;
176
177 opl3->synth_mode = SNDRV_OPL3_MODE_SYNTH;
178 return 0;
179 }
180
181 /* close OSS sequencer */
182 static int snd_opl3_close_seq_oss(struct snd_seq_oss_arg *arg)
183 {
184 struct snd_opl3 *opl3;
185
186 snd_assert(arg != NULL, return -ENXIO);
187 opl3 = arg->private_data;
188
189 snd_opl3_synth_cleanup(opl3);
190
191 snd_opl3_synth_use_dec(opl3);
192 return 0;
193 }
194
195 /* load patch */
196
197 /* offsets for SBI params */
198 #define AM_VIB 0
199 #define KSL_LEVEL 2
200 #define ATTACK_DECAY 4
201 #define SUSTAIN_RELEASE 6
202 #define WAVE_SELECT 8
203
204 /* offset for SBI instrument */
205 #define CONNECTION 10
206 #define OFFSET_4OP 11
207
208 /* from sound_config.h */
209 #define SBFM_MAXINSTR 256
210
211 static int snd_opl3_load_patch_seq_oss(struct snd_seq_oss_arg *arg, int format,
212 const char __user *buf, int offs, int count)
213 {
214 struct snd_opl3 *opl3;
215 int err = -EINVAL;
216
217 snd_assert(arg != NULL, return -ENXIO);
218 opl3 = arg->private_data;
219
220 if ((format == FM_PATCH) || (format == OPL3_PATCH)) {
221 struct sbi_instrument sbi;
222
223 size_t size;
224 struct snd_seq_instr_header *put;
225 struct snd_seq_instr_data *data;
226 struct fm_xinstrument *xinstr;
227
228 struct snd_seq_event ev;
229 int i;
230
231 mm_segment_t fs;
232
233 if (count < (int)sizeof(sbi)) {
234 snd_printk("FM Error: Patch record too short\n");
235 return -EINVAL;
236 }
237 if (copy_from_user(&sbi, buf, sizeof(sbi)))
238 return -EFAULT;
239
240 if (sbi.channel < 0 || sbi.channel >= SBFM_MAXINSTR) {
241 snd_printk("FM Error: Invalid instrument number %d\n", sbi.channel);
242 return -EINVAL;
243 }
244
245 size = sizeof(*put) + sizeof(struct fm_xinstrument);
246 put = kzalloc(size, GFP_KERNEL);
247 if (put == NULL)
248 return -ENOMEM;
249 /* build header */
250 data = &put->data;
251 data->type = SNDRV_SEQ_INSTR_ATYPE_DATA;
252 strcpy(data->data.format, SNDRV_SEQ_INSTR_ID_OPL2_3);
253 /* build data section */
254 xinstr = (struct fm_xinstrument *)(data + 1);
255 xinstr->stype = FM_STRU_INSTR;
256
257 for (i = 0; i < 2; i++) {
258 xinstr->op[i].am_vib = sbi.operators[AM_VIB + i];
259 xinstr->op[i].ksl_level = sbi.operators[KSL_LEVEL + i];
260 xinstr->op[i].attack_decay = sbi.operators[ATTACK_DECAY + i];
261 xinstr->op[i].sustain_release = sbi.operators[SUSTAIN_RELEASE + i];
262 xinstr->op[i].wave_select = sbi.operators[WAVE_SELECT + i];
263 }
264 xinstr->feedback_connection[0] = sbi.operators[CONNECTION];
265
266 if (format == OPL3_PATCH) {
267 xinstr->type = FM_PATCH_OPL3;
268 for (i = 0; i < 2; i++) {
269 xinstr->op[i+2].am_vib = sbi.operators[OFFSET_4OP + AM_VIB + i];
270 xinstr->op[i+2].ksl_level = sbi.operators[OFFSET_4OP + KSL_LEVEL + i];
271 xinstr->op[i+2].attack_decay = sbi.operators[OFFSET_4OP + ATTACK_DECAY + i];
272 xinstr->op[i+2].sustain_release = sbi.operators[OFFSET_4OP + SUSTAIN_RELEASE + i];
273 xinstr->op[i+2].wave_select = sbi.operators[OFFSET_4OP + WAVE_SELECT + i];
274 }
275 xinstr->feedback_connection[1] = sbi.operators[OFFSET_4OP + CONNECTION];
276 } else {
277 xinstr->type = FM_PATCH_OPL2;
278 }
279
280 put->id.instr.std = SNDRV_SEQ_INSTR_TYPE2_OPL2_3;
281 put->id.instr.bank = 127;
282 put->id.instr.prg = sbi.channel;
283 put->cmd = SNDRV_SEQ_INSTR_PUT_CMD_CREATE;
284
285 memset (&ev, 0, sizeof(ev));
286 ev.source.client = SNDRV_SEQ_CLIENT_OSS;
287 ev.dest = arg->addr;
288
289 ev.flags = SNDRV_SEQ_EVENT_LENGTH_VARUSR;
290 ev.queue = SNDRV_SEQ_QUEUE_DIRECT;
291
292 fs = snd_enter_user();
293 __again:
294 ev.type = SNDRV_SEQ_EVENT_INSTR_PUT;
295 ev.data.ext.len = size;
296 ev.data.ext.ptr = put;
297
298 err = snd_seq_instr_event(&opl3->fm_ops, opl3->ilist, &ev,
299 opl3->seq_client, 0, 0);
300 if (err == -EBUSY) {
301 struct snd_seq_instr_header remove;
302
303 memset (&remove, 0, sizeof(remove));
304 remove.cmd = SNDRV_SEQ_INSTR_FREE_CMD_SINGLE;
305 remove.id.instr = put->id.instr;
306
307 /* remove instrument */
308 ev.type = SNDRV_SEQ_EVENT_INSTR_FREE;
309 ev.data.ext.len = sizeof(remove);
310 ev.data.ext.ptr = &remove;
311
312 snd_seq_instr_event(&opl3->fm_ops, opl3->ilist, &ev,
313 opl3->seq_client, 0, 0);
314 goto __again;
315 }
316 snd_leave_user(fs);
317
318 kfree(put);
319 }
320 return err;
321 }
322
323 /* ioctl */
324 static int snd_opl3_ioctl_seq_oss(struct snd_seq_oss_arg *arg, unsigned int cmd,
325 unsigned long ioarg)
326 {
327 struct snd_opl3 *opl3;
328
329 snd_assert(arg != NULL, return -ENXIO);
330 opl3 = arg->private_data;
331 switch (cmd) {
332 case SNDCTL_FM_LOAD_INSTR:
333 snd_printk("OPL3: Obsolete ioctl(SNDCTL_FM_LOAD_INSTR) used. Fix the program.\n");
334 return -EINVAL;
335
336 case SNDCTL_SYNTH_MEMAVL:
337 return 0x7fffffff;
338
339 case SNDCTL_FM_4OP_ENABLE:
340 // handled automatically by OPL instrument type
341 return 0;
342
343 default:
344 return -EINVAL;
345 }
346 return 0;
347 }
348
349 /* reset device */
350 static int snd_opl3_reset_seq_oss(struct snd_seq_oss_arg *arg)
351 {
352 struct snd_opl3 *opl3;
353
354 snd_assert(arg != NULL, return -ENXIO);
355 opl3 = arg->private_data;
356
357 return 0;
358 }
cpufreq for S3C2410