From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91BF4C43603 for ; Fri, 20 Dec 2019 10:33:48 +0000 (UTC) Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C25A824683 for ; Fri, 20 Dec 2019 10:33:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=alsa-project.org header.i=@alsa-project.org header.b="Gn/ehi7q" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C25A824683 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=suse.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=alsa-devel-bounces@alsa-project.org Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id 3F111852; Fri, 20 Dec 2019 11:32:55 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz 3F111852 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1576838025; bh=L2A2W5DpEOE3XetnkhyZTttfFuomdnQSLmO6bgWBnRQ=; h=Date:From:To:In-Reply-To:References:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=Gn/ehi7qLgK8K2RhiycDBeRdigTEOEz1VkbARk5nro46TxMF0BKbHsCJT8zRW7dH4 YHFW2bJ57a8VVZkirCQfKX2S9YRYt6C2Gw4cFfSNmzpe7D+gctONF6P7LavyX7mb7c lnPU0Si0OKE5465046I3BZlnCgQUaz+XtpumR3ok= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id C66F0F8014F; Fri, 20 Dec 2019 11:32:54 +0100 (CET) Received: by alsa1.perex.cz (Postfix, from userid 50401) id D0F64F8015A; Fri, 20 Dec 2019 11:32:53 +0100 (CET) Received: from mx2.suse.de (mx2.suse.de [195.135.220.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id 209C1F8014C for ; Fri, 20 Dec 2019 11:32:50 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz 209C1F8014C X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 30C51AAC3; Fri, 20 Dec 2019 10:32:50 +0000 (UTC) Date: Fri, 20 Dec 2019 11:32:49 +0100 Message-ID: From: Takashi Iwai To: Johan Hovold In-Reply-To: <20191220102315.GU22665@localhost> References: <20191220093134.1248-1-johan@kernel.org> <20191220102315.GU22665@localhost> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Cc: alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, stable Subject: Re: [alsa-devel] [PATCH] ALSA: usb-audio: fix set_format altsetting sanity check X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" On Fri, 20 Dec 2019 11:23:15 +0100, Johan Hovold wrote: > > On Fri, Dec 20, 2019 at 10:46:50AM +0100, Takashi Iwai wrote: > > On Fri, 20 Dec 2019 10:31:34 +0100, > > Johan Hovold wrote: > > > > > > Make sure to check the return value of usb_altnum_to_altsetting() to > > > avoid dereferencing a NULL pointer when the requested alternate settings > > > is missing. > > > > > > The format altsetting number may come from a quirk table and there does > > > not seem to be any other validation of it (the corresponding index is > > > checked however). > > > > > > Fixes: b099b9693d23 ("ALSA: usb-audio: Avoid superfluous usb_set_interface() calls") > > > Cc: stable # 4.18 > > > Signed-off-by: Johan Hovold > > > --- > > > sound/usb/pcm.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c > > > index 9c8930bb00c8..73dd9d21bb42 100644 > > > --- a/sound/usb/pcm.c > > > +++ b/sound/usb/pcm.c > > > @@ -506,9 +506,9 @@ static int set_format(struct snd_usb_substream *subs, struct audioformat *fmt) > > > if (WARN_ON(!iface)) > > > return -EINVAL; > > > alts = usb_altnum_to_altsetting(iface, fmt->altsetting); > > > - altsd = get_iface_desc(alts); > > > - if (WARN_ON(altsd->bAlternateSetting != fmt->altsetting)) > > > + if (WARN_ON(!alts)) > > > return -EINVAL; > > > > Do we need WARN_ON() here? If this may hit on syzbot, it'll stop at > > this point because of panic_on_warn. > > Yeah, I considered that too and decided to leave it in. Just like for > the WARN_ON(iface), those numbers should be verified at probe. > > I tried tracking where fmt->altsetting comes from, and it seems like > a sanity check needs to be added at least to create_fixed_stream_quirk() > where, for example, fmt->iface, fmt->altset_idx and the number of > endpoints are verified. > > If there are other paths that can end up setting these fields to invalid > values, we want that WARN_ON() in there so we can fix those. Fair enough. I applied now as-is. Thanks! Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@alsa-project.org https://mailman.alsa-project.org/mailman/listinfo/alsa-devel