* sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
@ 2022-01-23 2:47 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-01-23 2:47 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5032 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Takashi Iwai <tiwai@suse.de>
CC: Arnd Bergmann <arnd@arndb.de>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 1c52283265a462a100ae63ddf58b4e5884acde86
commit: 228af5a4fa3a8293bd8b7ac5cf59548ee29627bf ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
date: 3 months ago
:::::: branch date: 17 hours ago
:::::: commit date: 3 months ago
config: powerpc64-randconfig-m031-20220120 (https://download.01.org/0day-ci/archive/20220123/202201231006.a09w1SNC-lkp(a)intel.com/config)
compiler: powerpc64-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
vim +/sync_cp +507 sound/core/pcm_compat.c
228af5a4fa3a82 Takashi Iwai 2021-10-10 492
228af5a4fa3a82 Takashi Iwai 2021-10-10 493 static int snd_pcm_ioctl_sync_ptr_buggy(struct snd_pcm_substream *substream,
228af5a4fa3a82 Takashi Iwai 2021-10-10 494 struct snd_pcm_sync_ptr __user *_sync_ptr)
228af5a4fa3a82 Takashi Iwai 2021-10-10 495 {
228af5a4fa3a82 Takashi Iwai 2021-10-10 496 struct snd_pcm_runtime *runtime = substream->runtime;
228af5a4fa3a82 Takashi Iwai 2021-10-10 497 struct snd_pcm_sync_ptr sync_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 498 struct __snd_pcm_mmap_control64_buggy *sync_cp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 499 volatile struct snd_pcm_mmap_status *status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 500 volatile struct snd_pcm_mmap_control *control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 501 int err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 502
228af5a4fa3a82 Takashi Iwai 2021-10-10 503 memset(&sync_ptr, 0, sizeof(sync_ptr));
228af5a4fa3a82 Takashi Iwai 2021-10-10 504 sync_cp = (struct __snd_pcm_mmap_control64_buggy *)&sync_ptr.c.control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 505 if (get_user(sync_ptr.flags, (unsigned __user *)&(_sync_ptr->flags)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 506 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 @507 if (copy_from_user(sync_cp, &(_sync_ptr->c.control), sizeof(*sync_cp)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 508 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 509 status = runtime->status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 510 control = runtime->control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 511 if (sync_ptr.flags & SNDRV_PCM_SYNC_PTR_HWSYNC) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 512 err = snd_pcm_hwsync(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 513 if (err < 0)
228af5a4fa3a82 Takashi Iwai 2021-10-10 514 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 515 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 516 snd_pcm_stream_lock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 517 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_APPL)) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 518 err = pcm_lib_apply_appl_ptr(substream, sync_cp->appl_ptr);
228af5a4fa3a82 Takashi Iwai 2021-10-10 519 if (err < 0) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 520 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 521 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 522 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 523 } else {
228af5a4fa3a82 Takashi Iwai 2021-10-10 524 sync_cp->appl_ptr = control->appl_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 525 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 526 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_AVAIL_MIN))
228af5a4fa3a82 Takashi Iwai 2021-10-10 527 control->avail_min = sync_cp->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 528 else
228af5a4fa3a82 Takashi Iwai 2021-10-10 529 sync_cp->avail_min = control->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 530 sync_ptr.s.status.state = status->state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 531 sync_ptr.s.status.hw_ptr = status->hw_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 532 sync_ptr.s.status.tstamp = status->tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 533 sync_ptr.s.status.suspended_state = status->suspended_state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 534 sync_ptr.s.status.audio_tstamp = status->audio_tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 535 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 536 if (copy_to_user(_sync_ptr, &sync_ptr, sizeof(sync_ptr)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 537 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 538 return 0;
228af5a4fa3a82 Takashi Iwai 2021-10-10 539 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 540
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
@ 2022-01-23 20:37 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-01-23 20:37 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5031 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Takashi Iwai <tiwai@suse.de>
CC: Arnd Bergmann <arnd@arndb.de>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: 228af5a4fa3a8293bd8b7ac5cf59548ee29627bf ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
date: 3 months ago
:::::: branch date: 5 hours ago
:::::: commit date: 3 months ago
config: powerpc64-randconfig-m031-20220120 (https://download.01.org/0day-ci/archive/20220124/202201240433.WkWayQtF-lkp(a)intel.com/config)
compiler: powerpc64-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
vim +/sync_cp +507 sound/core/pcm_compat.c
228af5a4fa3a82 Takashi Iwai 2021-10-10 492
228af5a4fa3a82 Takashi Iwai 2021-10-10 493 static int snd_pcm_ioctl_sync_ptr_buggy(struct snd_pcm_substream *substream,
228af5a4fa3a82 Takashi Iwai 2021-10-10 494 struct snd_pcm_sync_ptr __user *_sync_ptr)
228af5a4fa3a82 Takashi Iwai 2021-10-10 495 {
228af5a4fa3a82 Takashi Iwai 2021-10-10 496 struct snd_pcm_runtime *runtime = substream->runtime;
228af5a4fa3a82 Takashi Iwai 2021-10-10 497 struct snd_pcm_sync_ptr sync_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 498 struct __snd_pcm_mmap_control64_buggy *sync_cp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 499 volatile struct snd_pcm_mmap_status *status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 500 volatile struct snd_pcm_mmap_control *control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 501 int err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 502
228af5a4fa3a82 Takashi Iwai 2021-10-10 503 memset(&sync_ptr, 0, sizeof(sync_ptr));
228af5a4fa3a82 Takashi Iwai 2021-10-10 504 sync_cp = (struct __snd_pcm_mmap_control64_buggy *)&sync_ptr.c.control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 505 if (get_user(sync_ptr.flags, (unsigned __user *)&(_sync_ptr->flags)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 506 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 @507 if (copy_from_user(sync_cp, &(_sync_ptr->c.control), sizeof(*sync_cp)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 508 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 509 status = runtime->status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 510 control = runtime->control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 511 if (sync_ptr.flags & SNDRV_PCM_SYNC_PTR_HWSYNC) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 512 err = snd_pcm_hwsync(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 513 if (err < 0)
228af5a4fa3a82 Takashi Iwai 2021-10-10 514 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 515 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 516 snd_pcm_stream_lock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 517 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_APPL)) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 518 err = pcm_lib_apply_appl_ptr(substream, sync_cp->appl_ptr);
228af5a4fa3a82 Takashi Iwai 2021-10-10 519 if (err < 0) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 520 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 521 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 522 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 523 } else {
228af5a4fa3a82 Takashi Iwai 2021-10-10 524 sync_cp->appl_ptr = control->appl_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 525 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 526 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_AVAIL_MIN))
228af5a4fa3a82 Takashi Iwai 2021-10-10 527 control->avail_min = sync_cp->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 528 else
228af5a4fa3a82 Takashi Iwai 2021-10-10 529 sync_cp->avail_min = control->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 530 sync_ptr.s.status.state = status->state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 531 sync_ptr.s.status.hw_ptr = status->hw_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 532 sync_ptr.s.status.tstamp = status->tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 533 sync_ptr.s.status.suspended_state = status->suspended_state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 534 sync_ptr.s.status.audio_tstamp = status->audio_tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 535 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 536 if (copy_to_user(_sync_ptr, &sync_ptr, sizeof(sync_ptr)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 537 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 538 return 0;
228af5a4fa3a82 Takashi Iwai 2021-10-10 539 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 540
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
@ 2022-02-24 11:15 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-02-24 11:15 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5044 bytes --]
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Takashi Iwai <tiwai@suse.de>
CC: Arnd Bergmann <arnd@arndb.de>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 23d04328444a8fa0ca060c5e532220dac8e8bc26
commit: 228af5a4fa3a8293bd8b7ac5cf59548ee29627bf ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
date: 5 months ago
:::::: branch date: 15 hours ago
:::::: commit date: 5 months ago
config: s390-randconfig-m031-20220224 (https://download.01.org/0day-ci/archive/20220224/202202241909.2lGpXpA0-lkp(a)intel.com/config)
compiler: s390-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20)
vim +/sync_cp +507 sound/core/pcm_compat.c
228af5a4fa3a82 Takashi Iwai 2021-10-10 492
228af5a4fa3a82 Takashi Iwai 2021-10-10 493 static int snd_pcm_ioctl_sync_ptr_buggy(struct snd_pcm_substream *substream,
228af5a4fa3a82 Takashi Iwai 2021-10-10 494 struct snd_pcm_sync_ptr __user *_sync_ptr)
228af5a4fa3a82 Takashi Iwai 2021-10-10 495 {
228af5a4fa3a82 Takashi Iwai 2021-10-10 496 struct snd_pcm_runtime *runtime = substream->runtime;
228af5a4fa3a82 Takashi Iwai 2021-10-10 497 struct snd_pcm_sync_ptr sync_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 498 struct __snd_pcm_mmap_control64_buggy *sync_cp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 499 volatile struct snd_pcm_mmap_status *status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 500 volatile struct snd_pcm_mmap_control *control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 501 int err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 502
228af5a4fa3a82 Takashi Iwai 2021-10-10 503 memset(&sync_ptr, 0, sizeof(sync_ptr));
228af5a4fa3a82 Takashi Iwai 2021-10-10 504 sync_cp = (struct __snd_pcm_mmap_control64_buggy *)&sync_ptr.c.control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 505 if (get_user(sync_ptr.flags, (unsigned __user *)&(_sync_ptr->flags)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 506 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 @507 if (copy_from_user(sync_cp, &(_sync_ptr->c.control), sizeof(*sync_cp)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 508 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 509 status = runtime->status;
228af5a4fa3a82 Takashi Iwai 2021-10-10 510 control = runtime->control;
228af5a4fa3a82 Takashi Iwai 2021-10-10 511 if (sync_ptr.flags & SNDRV_PCM_SYNC_PTR_HWSYNC) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 512 err = snd_pcm_hwsync(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 513 if (err < 0)
228af5a4fa3a82 Takashi Iwai 2021-10-10 514 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 515 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 516 snd_pcm_stream_lock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 517 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_APPL)) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 518 err = pcm_lib_apply_appl_ptr(substream, sync_cp->appl_ptr);
228af5a4fa3a82 Takashi Iwai 2021-10-10 519 if (err < 0) {
228af5a4fa3a82 Takashi Iwai 2021-10-10 520 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 521 return err;
228af5a4fa3a82 Takashi Iwai 2021-10-10 522 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 523 } else {
228af5a4fa3a82 Takashi Iwai 2021-10-10 524 sync_cp->appl_ptr = control->appl_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 525 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 526 if (!(sync_ptr.flags & SNDRV_PCM_SYNC_PTR_AVAIL_MIN))
228af5a4fa3a82 Takashi Iwai 2021-10-10 527 control->avail_min = sync_cp->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 528 else
228af5a4fa3a82 Takashi Iwai 2021-10-10 529 sync_cp->avail_min = control->avail_min;
228af5a4fa3a82 Takashi Iwai 2021-10-10 530 sync_ptr.s.status.state = status->state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 531 sync_ptr.s.status.hw_ptr = status->hw_ptr;
228af5a4fa3a82 Takashi Iwai 2021-10-10 532 sync_ptr.s.status.tstamp = status->tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 533 sync_ptr.s.status.suspended_state = status->suspended_state;
228af5a4fa3a82 Takashi Iwai 2021-10-10 534 sync_ptr.s.status.audio_tstamp = status->audio_tstamp;
228af5a4fa3a82 Takashi Iwai 2021-10-10 535 snd_pcm_stream_unlock_irq(substream);
228af5a4fa3a82 Takashi Iwai 2021-10-10 536 if (copy_to_user(_sync_ptr, &sync_ptr, sizeof(sync_ptr)))
228af5a4fa3a82 Takashi Iwai 2021-10-10 537 return -EFAULT;
228af5a4fa3a82 Takashi Iwai 2021-10-10 538 return 0;
228af5a4fa3a82 Takashi Iwai 2021-10-10 539 }
228af5a4fa3a82 Takashi Iwai 2021-10-10 540
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-24 11:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-23 20:37 sound/core/pcm_compat.c:507 snd_pcm_ioctl_sync_ptr_buggy() error: copy_from_user() 'sync_cp' too small (16 vs 20) kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-02-24 11:15 kernel test robot
2022-01-23 2:47 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.