From: Cezary Rojewski <cezary.rojewski@intel.com>
To: Takashi Iwai <tiwai@suse.de>
Cc: Mark Brown <broonie@kernel.org>, <tiwai@suse.com>,
<perex@perex.cz>, <amade@asmblr.net>,
<kuninori.morimoto.gx@renesas.com>, <linux-sound@vger.kernel.org>
Subject: Re: [PATCH] ALSA: control: Verify put() result when in debug mode
Date: Wed, 4 Feb 2026 12:33:45 +0100 [thread overview]
Message-ID: <ba7d5055-f0d7-445d-a226-053b13029f4f@intel.com> (raw)
In-Reply-To: <87ecn7xhdm.wl-tiwai@suse.de>
On 2026-01-30 4:14 PM, Takashi Iwai wrote:
> On Fri, 30 Jan 2026 16:00:10 +0100,
> Cezary Rojewski wrote:
>>
>> On 2026-01-30 3:29 PM, Takashi Iwai wrote:
>>> On Fri, 30 Jan 2026 15:12:58 +0100,
>>> Mark Brown wrote:
>>>>> + struct snd_ctl_elem_value original;
>>>>
>>>>> + ret = kctl->get(kctl, &original);
>>>>> + if (ret)
>>>>> + return ret;
>>>>
>>>>> + retcmp = memcmp(&original.value.bytes.data[0], &control->value.bytes.data[0],
>>>>> + sizeof(original.value.bytes.data[0]));
>>>>> + if (retcmp)
>>>>> + retcmp = 1;
>>>>
>>>> original was just allocated from the stack so who knows what values it
>>>> had originally, and the get() is only going to write the part of the
>>>> value that has data since the normal get() path has a memset() in the
>>>> core. Similarly with the new value coming in from userspace there's no
>>>> requirement for userspace to set anything that isn't part of the value
>>>> being written to any particular value. This means we're liable to get
>>>> spurious mismatches.
>>>
>>> Yes, and if I understand correctly, the above memcmpy() just compare
>>> the single byte from original and the result? Then it'll lead to
>>> false-positive outputs.
>>>
>>> We'll need to query the control info and check the relevant values
>>> for each info->type and count.
>>
>> Wouldn't memset(0) as a preparation-step solve the issue? That is,
>> each element - instance of struct snd_ctl_elem_value - has up to 512
>> bytes of data, regardless of type. Not seeing usefulness of ->info()
>> here. Perhaps I'm missing something.
>
> Well, you're calling memcmp with sizeof(original.value.bytes.data[0]),
> and this size is just one byte, no?
>
> And, if you need to compare the full data, the remaining space has to
> be initialized, yes. For the variable original, you can do memset(),
> but for control->value, there is no guarantee of initialization of
> remaining space because it's a copy from user-space.
I admit, I'm a bit embarrassed by the
"sizeof(original.value.bytes.data[0])" mistake of mine, fixed in v2.
The ->info() operation brings questions to my mind but I believe in v2
I've utilized it as suggested: use info->type and info->count to
sanitize the 'new' value. If I'm wrong about that, let me know in the v2
review.
Kind regards,
Czarek
next prev parent reply other threads:[~2026-02-04 11:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-30 13:55 [PATCH] ALSA: control: Verify put() result when in debug mode Cezary Rojewski
2026-01-30 14:12 ` Mark Brown
2026-01-30 14:29 ` Takashi Iwai
2026-01-30 15:00 ` Cezary Rojewski
2026-01-30 15:13 ` Mark Brown
2026-02-04 11:37 ` Cezary Rojewski
2026-01-30 15:14 ` Takashi Iwai
2026-02-04 11:33 ` Cezary Rojewski [this message]
2026-01-30 14:49 ` Cezary Rojewski
2026-02-02 0:20 ` Kuninori Morimoto
2026-02-04 11:30 ` Cezary Rojewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ba7d5055-f0d7-445d-a226-053b13029f4f@intel.com \
--to=cezary.rojewski@intel.com \
--cc=amade@asmblr.net \
--cc=broonie@kernel.org \
--cc=kuninori.morimoto.gx@renesas.com \
--cc=linux-sound@vger.kernel.org \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox