From: "Péter Ujfalusi" <peter.ujfalusi@linux.intel.com>
To: Mark Brown <broonie@kernel.org>
Cc: Liam Girdwood <lgirdwood@gmail.com>,
Bard Liao <yung-chuan.liao@linux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>,
Daniel Baluta <daniel.baluta@nxp.com>,
Kai Vehmanen <kai.vehmanen@linux.intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@linux.dev>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Paul Olaru <paul.olaru@oss.nxp.com>,
Laurentiu Mihalcea <laurentiu.mihalcea@nxp.com>,
sound-open-firmware@alsa-project.org,
linux-sound@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] ASoC: SOF: Don't allow pointer operations on unconfigured streams
Date: Mon, 30 Mar 2026 10:01:59 +0300 [thread overview]
Message-ID: <e3c69a0a-5ed1-45f7-9180-9268bd671df0@linux.intel.com> (raw)
In-Reply-To: <aca1sW6ca1QJBN9V@sirena.co.uk>
On 27/03/2026 18:52, Mark Brown wrote:
> On Fri, Mar 27, 2026 at 11:49:41AM +0200, Péter Ujfalusi wrote:
>> On 26/03/2026 16:52, Mark Brown wrote:
>
>>> + if (!sstream->channels || !sstream->sample_container_bytes)
>>> + return -EBUSY;
>>> +
>
>> Is this a theoretical fix?
>> I don't think this can happen in real world as set_params would need to
>> fail and if that failed then applications would not ask for a pointer as
>> the compress stream cannot be even started.
>
> Yes, it's not something that would happen in the real world with a non
> buggy (or hostile) userspace. Still, we shouldn't leave this stuff
> open.
Yes, hostile user space is a valid concern, in theory it can ask for
TSTAMP or AVAIL before it would be meaningful (a configuration is set -
buffer config is known).
For avail the state sanity check is in wrong place in
snd_compr_ioctl_avail(), it should be before calling snd_compr_calc_avail().
tstamp does not even have a sanity validity check in
sound/cor/comrpess_offload.c, which it should as well - snd_compr_tstamp()
Should this be fixed in core level to avoid repeating the same check in
every driver?
--
Péter
next prev parent reply other threads:[~2026-03-30 7:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 14:52 [PATCH] ASoC: SOF: Don't allow pointer operations on unconfigured streams Mark Brown
2026-03-27 2:09 ` Liao, Bard
2026-03-27 16:48 ` Mark Brown
2026-03-30 2:32 ` Liao, Bard
2026-03-27 9:49 ` Péter Ujfalusi
2026-03-27 16:52 ` Mark Brown
2026-03-30 7:01 ` Péter Ujfalusi [this message]
2026-03-30 11:05 ` Mark Brown
2026-03-30 11:50 ` Péter Ujfalusi
2026-03-30 20:11 ` Mark Brown
2026-03-31 5:12 ` Péter Ujfalusi
2026-03-31 11:25 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3c69a0a-5ed1-45f7-9180-9268bd671df0@linux.intel.com \
--to=peter.ujfalusi@linux.intel.com \
--cc=broonie@kernel.org \
--cc=daniel.baluta@nxp.com \
--cc=kai.vehmanen@linux.intel.com \
--cc=laurentiu.mihalcea@nxp.com \
--cc=lgirdwood@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=paul.olaru@oss.nxp.com \
--cc=perex@perex.cz \
--cc=pierre-louis.bossart@linux.dev \
--cc=ranjani.sridharan@linux.intel.com \
--cc=sound-open-firmware@alsa-project.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.com \
--cc=yung-chuan.liao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.