From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
To: Takashi Iwai <tiwai@suse.de>
Cc: linux-sound@vger.kernel.org, Paul Menzel <pmenzel@molgen.mpg.de>,
Mark Brown <broonie@kernel.org>, Jaroslav Kysela <perex@perex.cz>,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v2 3/6] ALSA: control: Apply sanity check of input values for user elements
Date: Sat, 15 Jun 2024 17:02:35 +0900 [thread overview]
Message-ID: <20240615080235.GA508000@workstation.local> (raw)
In-Reply-To: <871q4y7jgt.wl-tiwai@suse.de>
On Sat, Jun 15, 2024 at 09:28:50AM +0200, Takashi Iwai wrote:
> > In the commit coment, I can see "that's the only way to filter out the
> > invalid values", however it not so good idea, since the ALSA control core
> > function loses transparency against control elements somehow.
>
> Transparency? The sanity check of input values is done in each driver
> side, hence some overhead is more or less always present, depending on
> the implementation.
>
> > Furthermore, I can see "there is no corresponding driver", however it is
> > suspicious somehow. It would be smart to charge the validation
> > implementation for user-defined control element set if forcing it.
>
> The context there implies that, in the case of user elements, all
> handled in sound/core/control.c, and there is no other dedicated
> driver code handling the control put for those controls, hence
> sound/core/control.c is the only place where we can address the
> issue.
If you can force the validation to _all_ of the existing drivers by any
kind of mechanism, it would be. Actually, not. We can have such driver
which handles the write request without such validation, and control core
allows it. The kernel configuration is to ease the detection of such
drivers (and applications) in application runtime. Therefore the
transparency would be lost by the patch.
Assuming that two control element exist in a sound card, which has the
same information and TLV response, except for the flag of
SNDRV_CTL_ELEM_ACCESS_USER. For the same value data, one operation with
SNDRV_CTL_IOCTL_ELEM_WRITE is successful, and another operation with
SNDRV_CTL_ELEM_ACCESS_USER is failed. When encountering this issue,
the programmer of the application suspect the bug pertaining to the latter
control, then the programmer find the latter has
SNDRV_CTL_ELEM_ACCESS_USER. Then the programmer would judge that 'I got
it, it is a bug of user-defined control element set' even if the program
includes the bug for min/max/step computation and the underlying sound
driver includes the bug not to validate value data.
The patch loses transparency in the above step. Without the patch, both
operations finish with the equivalent result.
Nevertheless, I think the validation is itself preferable. In my opinion,
the validation before/after the call of 'snd_kcontrol_put_t' would result
in the different argument. The 'validate-before-call' is the argument of
control core function, while 'validate-after-call is the argument of
implementation of user-defined element set. The patch should belong to the
latter to extend current implementation of user-defined element set.
Thus I suggest to put the validation into the put callback function,
regardless of the optimization to which you address.
Regards
Takashi Sakamoto
next prev parent reply other threads:[~2024-06-15 8:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-14 15:37 [PATCH v2 0/6] ALSA: some driver fixes for control input validations Takashi Iwai
2024-06-14 15:37 ` [PATCH v2 1/6] ALSA: vmaster: Return error for invalid input values Takashi Iwai
2024-06-14 15:37 ` [PATCH v2 2/6] ALSA: hda: Return -EINVAL for invalid volume/switch inputs Takashi Iwai
2024-06-14 15:37 ` [PATCH v2 3/6] ALSA: control: Apply sanity check of input values for user elements Takashi Iwai
2024-06-15 5:13 ` Takashi Sakamoto
2024-06-15 7:28 ` Takashi Iwai
2024-06-15 8:02 ` Takashi Sakamoto [this message]
2024-06-15 8:30 ` Takashi Iwai
2024-06-15 11:37 ` Takashi Iwai
2024-06-16 3:39 ` Takashi Sakamoto
2024-06-14 15:37 ` [PATCH v2 4/6] kselftest/alsa: mixer-test: Skip write verification for volatile controls Takashi Iwai
2024-06-14 15:43 ` Jaroslav Kysela
2024-06-14 15:57 ` Mark Brown
2024-06-14 16:08 ` Takashi Iwai
2024-06-14 16:28 ` Mark Brown
2024-06-14 15:37 ` [PATCH v2 5/6] ALSA: chmap: Mark Channel Map controls as volatile Takashi Iwai
2024-06-14 15:37 ` [PATCH v2 6/6] ALSA: hda: Add input value sanity checks to HDMI channel map controls Takashi Iwai
2024-06-14 15:44 ` Jaroslav Kysela
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240615080235.GA508000@workstation.local \
--to=o-takashi@sakamocchi.jp \
--cc=broonie@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=perex@perex.cz \
--cc=pmenzel@molgen.mpg.de \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox