From: Takashi Iwai <tiwai@suse.de>
To: Baisong Zhong <zhongbaisong@huawei.com>
Cc: alsa-devel@alsa-project.org, tiwai@suse.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH -next] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
Date: Mon, 21 Nov 2022 11:35:41 +0100 [thread overview]
Message-ID: <87fsecwq6a.wl-tiwai@suse.de> (raw)
In-Reply-To: <20221121043625.2910001-1-zhongbaisong@huawei.com>
On Mon, 21 Nov 2022 05:36:25 +0100,
Baisong Zhong wrote:
>
> Shifting signed 32-bit value by 31 bits is undefined, so changing
> significant bit to unsigned. The UBSAN warning calltrace like below:
>
> UBSAN: shift-out-of-bounds in sound/core/seq/seq_clientmgr.c:509:22
> left shift of 1 by 31 places cannot be represented in type 'int'
> ...
> Call Trace:
> <TASK>
> dump_stack_lvl+0x8d/0xcf
> ubsan_epilogue+0xa/0x44
> __ubsan_handle_shift_out_of_bounds+0x1e7/0x208
> snd_seq_deliver_single_event.constprop.21+0x191/0x2f0
> snd_seq_deliver_event+0x1a2/0x350
> snd_seq_kernel_client_dispatch+0x8b/0xb0
> snd_seq_client_notify_subscription+0x72/0xa0
> snd_seq_ioctl_subscribe_port+0x128/0x160
> snd_seq_kernel_client_ctl+0xce/0xf0
> snd_seq_oss_create_client+0x109/0x15b
> alsa_seq_oss_init+0x11c/0x1aa
> do_one_initcall+0x80/0x440
> kernel_init_freeable+0x370/0x3c3
> kernel_init+0x1b/0x190
> ret_from_fork+0x1f/0x30
> </TASK>
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
> ---
> include/uapi/sound/asequencer.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/uapi/sound/asequencer.h b/include/uapi/sound/asequencer.h
> index 6d4a2c60808d..4c5c4dd15d02 100644
> --- a/include/uapi/sound/asequencer.h
> +++ b/include/uapi/sound/asequencer.h
> @@ -331,7 +331,7 @@ typedef int __bitwise snd_seq_client_type_t;
> #define SNDRV_SEQ_FILTER_BROADCAST (1<<0) /* accept broadcast messages */
> #define SNDRV_SEQ_FILTER_MULTICAST (1<<1) /* accept multicast messages */
> #define SNDRV_SEQ_FILTER_BOUNCE (1<<2) /* accept bounce event in error */
> -#define SNDRV_SEQ_FILTER_USE_EVENT (1<<31) /* use event filter */
> +#define SNDRV_SEQ_FILTER_USE_EVENT (1U<<31) /* use event filter */
Similarly like the previous patch for PCM, could you update all
SNDRV_SEQ_FILTER_* to 1U for consistency?
thanks,
Takashi
WARNING: multiple messages have this Message-ID (diff)
From: Takashi Iwai <tiwai@suse.de>
To: Baisong Zhong <zhongbaisong@huawei.com>
Cc: <linux-kernel@vger.kernel.org>, <alsa-devel@alsa-project.org>,
<perex@perex.cz>, <tiwai@suse.com>
Subject: Re: [PATCH -next] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
Date: Mon, 21 Nov 2022 11:35:41 +0100 [thread overview]
Message-ID: <87fsecwq6a.wl-tiwai@suse.de> (raw)
In-Reply-To: <20221121043625.2910001-1-zhongbaisong@huawei.com>
On Mon, 21 Nov 2022 05:36:25 +0100,
Baisong Zhong wrote:
>
> Shifting signed 32-bit value by 31 bits is undefined, so changing
> significant bit to unsigned. The UBSAN warning calltrace like below:
>
> UBSAN: shift-out-of-bounds in sound/core/seq/seq_clientmgr.c:509:22
> left shift of 1 by 31 places cannot be represented in type 'int'
> ...
> Call Trace:
> <TASK>
> dump_stack_lvl+0x8d/0xcf
> ubsan_epilogue+0xa/0x44
> __ubsan_handle_shift_out_of_bounds+0x1e7/0x208
> snd_seq_deliver_single_event.constprop.21+0x191/0x2f0
> snd_seq_deliver_event+0x1a2/0x350
> snd_seq_kernel_client_dispatch+0x8b/0xb0
> snd_seq_client_notify_subscription+0x72/0xa0
> snd_seq_ioctl_subscribe_port+0x128/0x160
> snd_seq_kernel_client_ctl+0xce/0xf0
> snd_seq_oss_create_client+0x109/0x15b
> alsa_seq_oss_init+0x11c/0x1aa
> do_one_initcall+0x80/0x440
> kernel_init_freeable+0x370/0x3c3
> kernel_init+0x1b/0x190
> ret_from_fork+0x1f/0x30
> </TASK>
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Baisong Zhong <zhongbaisong@huawei.com>
> ---
> include/uapi/sound/asequencer.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/include/uapi/sound/asequencer.h b/include/uapi/sound/asequencer.h
> index 6d4a2c60808d..4c5c4dd15d02 100644
> --- a/include/uapi/sound/asequencer.h
> +++ b/include/uapi/sound/asequencer.h
> @@ -331,7 +331,7 @@ typedef int __bitwise snd_seq_client_type_t;
> #define SNDRV_SEQ_FILTER_BROADCAST (1<<0) /* accept broadcast messages */
> #define SNDRV_SEQ_FILTER_MULTICAST (1<<1) /* accept multicast messages */
> #define SNDRV_SEQ_FILTER_BOUNCE (1<<2) /* accept bounce event in error */
> -#define SNDRV_SEQ_FILTER_USE_EVENT (1<<31) /* use event filter */
> +#define SNDRV_SEQ_FILTER_USE_EVENT (1U<<31) /* use event filter */
Similarly like the previous patch for PCM, could you update all
SNDRV_SEQ_FILTER_* to 1U for consistency?
thanks,
Takashi
next prev parent reply other threads:[~2022-11-21 10:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-21 4:36 [PATCH -next] ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT Baisong Zhong
2022-11-21 4:36 ` Baisong Zhong
2022-11-21 10:35 ` Takashi Iwai [this message]
2022-11-21 10:35 ` Takashi Iwai
2022-11-21 10:47 ` zhongbaisong
2022-11-21 10:47 ` zhongbaisong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fsecwq6a.wl-tiwai@suse.de \
--to=tiwai@suse.de \
--cc=alsa-devel@alsa-project.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tiwai@suse.com \
--cc=zhongbaisong@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.