#
efb6402c |
|
18-Mar-2022 |
Takashi Iwai <tiwai@suse.de> |
ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is given; in the reported case, it went over INT_MAX, hence it hits WARN_ON(). This patch is an attempt to avoid such an overflow and an allocation for too large buffers. First off, it adds the limit of 1MB as the upper bound for period bytes. This must be large enough for all use cases, and we really don't want to handle a larger temporary buffer than this size. The size check is performed at two places, where the original period bytes is calculated and where the plugin buffer size is calculated. In addition, the driver uses array_size() and array3_size() for multiplications to catch overflows for the converted period size and buffer bytes. Reported-by: syzbot+72732c532ac1454eeee9@syzkaller.appspotmail.com Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/00000000000085b1b305da5a66f3@google.com Link: https://lore.kernel.org/r/20220318082036.29699-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
51c816fd |
|
08-Jun-2021 |
Takashi Iwai <tiwai@suse.de> |
ALSA: oss: Fix assignment in if condition There are a few places doing assignments in if condition in ALSA PCM and OSS emulation layers, which is a bad coding style that may confuse readers and occasionally lead to bugs. This patch is merely for coding-style fixes, no functional changes. Link: https://lore.kernel.org/r/20210608140540.17885-56-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
c0dbbdad |
|
08-Jul-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
ALSA: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Link: https://lore.kernel.org/r/20200708203236.GA5112@embeddedor Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ac957e8c |
|
24-Apr-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly (for 5.7) [ This is again a forward-port of the fix applied for 5.6-base code (commit 4285de0725b1) to 5.7-base, hence neither Fixes nor Cc-to-stable tags are included here -- tiwai ] The checks of the plugin buffer overflow in the previous fix by commit f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow") are put in the wrong places mistakenly, which leads to the expected (repeated) sound when the rate plugin is involved. Fix in the right places. Also, at those right places, the zero check is needed for the termination node, so added there as well, and let's get it done, finally. Link: https://lore.kernel.org/r/20200424193843.20397-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
4285de07 |
|
24-Apr-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly The checks of the plugin buffer overflow in the previous fix by commit f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow") are put in the wrong places mistakenly, which leads to the expected (repeated) sound when the rate plugin is involved. Fix in the right places. Also, at those right places, the zero check is needed for the termination node, so added there as well, and let's get it done, finally. Fixes: f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow") Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200424193350.19678-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ff7e06a5 |
|
03-Apr-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Fix regression by buffer overflow fix (again) [ This is essentially the same fix as commit ae769d355664, but it's adapted to the latest code for 5.7; hence it contains no Fixes or other tags for avoid backport confusion -- tiwai ] The recent fix for the OOB access in PCM OSS plugins (commit f2ecf903ef06: "ALSA: pcm: oss: Avoid plugin buffer overflow") caused a regression on OSS applications. The patch introduced the size check in client and slave size calculations to limit to each plugin's buffer size, but I overlooked that some code paths call those without allocating the buffer but just for estimation. This patch fixes the bug by skipping the size check for those code paths while keeping checking in the actual transfer calls. Link: https://lore.kernel.org/r/20200403073818.27943-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ae769d35 |
|
03-Apr-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Fix regression by buffer overflow fix The recent fix for the OOB access in PCM OSS plugins (commit f2ecf903ef06: "ALSA: pcm: oss: Avoid plugin buffer overflow") caused a regression on OSS applications. The patch introduced the size check in client and slave size calculations to limit to each plugin's buffer size, but I overlooked that some code paths call those without allocating the buffer but just for estimation. This patch fixes the bug by skipping the size check for those code paths while keeping checking in the actual transfer calls. Fixes: f2ecf903ef06 ("ALSA: pcm: oss: Avoid plugin buffer overflow") Tested-and-reported-by: Jari Ruusu <jari.ruusu@gmail.com> Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200403072515.25539-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
5461e053 |
|
12-Mar-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks The return value checks in snd_pcm_plug_alloc() are covered with snd_BUG_ON() macro that may trigger a kernel WARNING depending on the kconfig. But since the error condition can be triggered by a weird user space parameter passed to OSS layer, we shouldn't give the kernel stack trace just for that. As it's a normal error condition, let's remove snd_BUG_ON() macro usage there. Reported-by: syzbot+2a59ee7a9831b264f45e@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20200312155730.7520-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
3bbf9e2f |
|
09-Mar-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Simplify plugin frame size calculations Both snd_pcm_plug_client_size() and snd_pcm_plug_slave_size() do the almost same calculations of calling src_frames() and dst_frames() in the chain, but just to the different directions with each other. This patch simplifies those functions. Now they return -EINVAL for the invalid direction, but practically seen, there is no functional changes at all. Link: https://lore.kernel.org/r/20200309185855.15693-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
f2ecf903 |
|
09-Mar-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: oss: Avoid plugin buffer overflow Each OSS PCM plugins allocate its internal buffer per pre-calculation of the max buffer size through the chain of plugins (calling src_frames and dst_frames callbacks). This works for most plugins, but the rate plugin might behave incorrectly. The calculation in the rate plugin involves with the fractional position, i.e. it may vary depending on the input position. Since the buffer size pre-calculation is always done with the offset zero, it may return a shorter size than it might be; this may result in the out-of-bound access as spotted by fuzzer. This patch addresses those possible buffer overflow accesses by simply setting the upper limit per the given buffer size for each plugin before src_frames() and after dst_frames() calls. Reported-by: syzbot+e1fe9f44fb8ecf4fb5dd@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/000000000000b25ea005a02bcf21@google.com Link: https://lore.kernel.org/r/20200309082148.19855-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
b40fe4bb |
|
05-Jan-2020 |
Takashi Iwai <tiwai@suse.de> |
ALSA: oss: More constifications Apply const prefix to the static tables for strings and formats. Just for minor optimization and no functional changes. Link: https://lore.kernel.org/r/20200105144823.29547-41-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
65766ee0 |
|
09-Nov-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: oss: Use kvzalloc() for local buffer allocations PCM OSS layer may allocate a few temporary buffers, one for the core read/write and another for the conversions via plugins. Currently both are allocated via vmalloc(). But as the allocation size is equivalent with the PCM period size, the required size might be quite small, depending on the application. This patch replaces these vmalloc() calls with kvzalloc() for covering small period sizes better. Also, we use "z"-alloc variant here for addressing the possible uninitialized access reported by syzkaller. Reported-by: syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
6f128fa4 |
|
26-Aug-2018 |
Dan Carpenter <dan.carpenter@oracle.com> |
ALSA: pcm: signedness bug in snd_pcm_plug_alloc() The "frames" variable is unsigned so the error handling doesn't work properly. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
5a6cd13d |
|
01-Aug-2018 |
Gustavo A. R. Silva <gustavo@embeddedor.com> |
ALSA: pcm: Mark expected switch fall-through In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1357375 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
191bb51e |
|
25-Jul-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: Use standard lower_32_bits() and upper_32_bits() Instead of open codes, use the standard macros for obtaining the lower and upper 32bit values. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
67089137 |
|
04-Jan-2018 |
Takashi Iwai <tiwai@suse.de> |
ALSA: pcm: Add missing error checks in OSS emulation plugin builder In the OSS emulation plugin builder where the frame size is parsed in the plugin chain, some places miss the possible errors returned from the plugin src_ or dst_frames callback. This patch papers over such places. Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
e76bf3c4 |
|
16-May-2017 |
Takashi Sakamoto <o-takashi@sakamocchi.jp> |
ALSA: pcm/oss: refer to parameters instead of copying to reduce usage of kernel stack Some functions in compatibility layer for Open Sound System interface has local variable to copy some parameters in runtime of PCM substream, while this can be replaced with reference of pointers to parameter itself. This brings an advantage to reduce usage of kernel stack. This commit applies this idea. Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
701ef320 |
|
13-Nov-2012 |
Xi Wang <xi.wang@gmail.com> |
ALSA: core: fix NULL checking in snd_pcm_plug_slave_size() The dereference snd_pcm_plug_stream(plug) should come after the NULL check snd_BUG_ON(!plug). Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
9af4e7fe |
|
13-Nov-2012 |
Xi Wang <xi.wang@gmail.com> |
ALSA: core: fix NULL checking in snd_pcm_plug_client_size() The dereference snd_pcm_plug_stream(plug) should come after the NULL check snd_BUG_ON(!plug). Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
fea952e5 |
|
14-Feb-2011 |
Clemens Ladisch <clemens@ladisch.de> |
ALSA: core: sparse cleanups Change the core code where sparse complains. In most cases, this means just adding annotations to confirm that we indeed want to do the dirty things we're doing. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
7eaa943c |
|
08-Aug-2008 |
Takashi Iwai <tiwai@suse.de> |
ALSA: Kill snd_assert() in sound/core/* Kill snd_assert() in sound/core/*, either removed or replaced with if () with snd_BUG_ON(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
9004acc7 |
|
08-Jan-2008 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove sound/driver.h This header file exists only for some hacks to adapt alsa-driver tree. It's useless for building in the kernel. Let's move a few lines in it to sound/core.h and remove it. With this patch, sound/driver.h isn't removed but has just a single compile warning to include it. This should be really killed in future. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
c1017a4c |
|
15-Oct-2007 |
Jaroslav Kysela <perex@perex.cz> |
[ALSA] Changed Jaroslav Kysela's e-mail from perex@suse.cz to perex@perex.cz Signed-off-by: Jaroslav Kysela <perex@perex.cz>
|
#
64d27f96 |
|
08-Aug-2007 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Support 3-bytes 24bit format in PCM OSS emulation Add the support of 3-bytes 24bit formats in PCM OSS emulation. Also removed snd_pcm_build_linear_format() function. It's exported just for OSS emulation, and now the code was changed without calling this function. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
#
887f9f02 |
|
08-Aug-2007 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove ifdefs from OSS PCM emulation codes Fix Makefile to compile files conditionally to CONFIG_SND_PCM_OSS_PLUGINS, and remove unneeded ifdefs in these files. Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
#
c82590d2 |
|
20-Jan-2006 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Fix mulaw -> linear conversion in OSS PCM emulation Modules: ALSA<-OSS emulation Fixed the missing mulaw -> linear conversion in OSS PCM emulation code. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
0534ab42 |
|
12-Jan-2006 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Clean up pcm-oss plugins Modules: ALSA<-OSS emulation Clean up pcm-oss plugin codes. Removed dead codes, and simplified route/rate plugins. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
21a3479a |
|
13-Jan-2006 |
Jaroslav Kysela <perex@suse.cz> |
[ALSA] PCM midlevel & PCM OSS - make procfs & OSS plugin code optional Modules: ALSA Core,PCM Midlevel,ALSA<-OSS emulation,USB generic driver 1) The verbose procfs code for the PCM midlevel and usb audio can be removed now (more patches will follow). CONFIG_SND_VERBOSE_PROCFS 2) The PCM OSS plugin system can be also compiled optionaly. CONFIG_SND_PCM_OSS_PLUGINS Signed-off-by: Jaroslav Kysela <perex@suse.cz>
|
#
6ac77bc1 |
|
17-Nov-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Remove xxx_t typedefs: PCM OSS-emulation Modules: ALSA<-OSS emulation Remove xxx_t typedefs from the core PCM OSS-emulation codes. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
47eaebfd |
|
17-Nov-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Use standard bitmap functions Modules: ALSA<-OSS emulation Use standard bitmap functions instead of in-house ones. Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
ca2c0966 |
|
09-Sep-2005 |
Takashi Iwai <tiwai@suse.de> |
[ALSA] Replace with kzalloc() - core stuff Control Midlevel,ALSA Core,HWDEP Midlevel,PCM Midlevel,RawMidi Midlevel Timer Midlevel,ALSA<-OSS emulation Replace kcalloc(1,..) with kzalloc(). Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
94f19c9a |
|
23-Mar-2005 |
Adrian Bunk <bunk@stusta.de> |
[ALSA] kill dead code ALSA<-OSS emulation The Coverity checker found this obviously dead code. I'm not sure which of the if (plugin == NULL) is correct - this patch removes the one that couldn't be true. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
#
1da177e4 |
|
16-Apr-2005 |
Linus Torvalds <torvalds@ppc970.osdl.org> |
Linux-2.6.12-rc2 Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
|