From: "Péter Ujfalusi" <peter.ujfalusi@linux.intel.com>
To: Mark Brown <broonie@kernel.org>
Cc: Liam Girdwood <lgirdwood@gmail.com>,
Bard Liao <yung-chuan.liao@linux.intel.com>,
Ranjani Sridharan <ranjani.sridharan@linux.intel.com>,
Daniel Baluta <daniel.baluta@nxp.com>,
Kai Vehmanen <kai.vehmanen@linux.intel.com>,
Pierre-Louis Bossart <pierre-louis.bossart@linux.dev>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Paul Olaru <paul.olaru@oss.nxp.com>,
Laurentiu Mihalcea <laurentiu.mihalcea@nxp.com>,
sound-open-firmware@alsa-project.org,
linux-sound@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH] ASoC: SOF: Don't allow pointer operations on unconfigured streams
Date: Mon, 30 Mar 2026 10:01:59 +0300 [thread overview]
Message-ID: <e3c69a0a-5ed1-45f7-9180-9268bd671df0@linux.intel.com> (raw)
In-Reply-To: <aca1sW6ca1QJBN9V@sirena.co.uk>
On 27/03/2026 18:52, Mark Brown wrote:
> On Fri, Mar 27, 2026 at 11:49:41AM +0200, Péter Ujfalusi wrote:
>> On 26/03/2026 16:52, Mark Brown wrote:
>
>>> + if (!sstream->channels || !sstream->sample_container_bytes)
>>> + return -EBUSY;
>>> +
>
>> Is this a theoretical fix?
>> I don't think this can happen in real world as set_params would need to
>> fail and if that failed then applications would not ask for a pointer as
>> the compress stream cannot be even started.
>
> Yes, it's not something that would happen in the real world with a non
> buggy (or hostile) userspace. Still, we shouldn't leave this stuff
> open.
Yes, hostile user space is a valid concern, in theory it can ask for
TSTAMP or AVAIL before it would be meaningful (a configuration is set -
buffer config is known).
For avail the state sanity check is in wrong place in
snd_compr_ioctl_avail(), it should be before calling snd_compr_calc_avail().
tstamp does not even have a sanity validity check in
sound/cor/comrpess_offload.c, which it should as well - snd_compr_tstamp()
Should this be fixed in core level to avoid repeating the same check in
every driver?
--
Péter
next prev parent reply other threads:[~2026-03-30 7:02 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 14:52 [PATCH] ASoC: SOF: Don't allow pointer operations on unconfigured streams Mark Brown
2026-03-27 2:09 ` Liao, Bard
2026-03-27 16:48 ` Mark Brown
2026-03-30 2:32 ` Liao, Bard
2026-03-27 9:49 ` Péter Ujfalusi
2026-03-27 16:52 ` Mark Brown
2026-03-30 7:01 ` Péter Ujfalusi [this message]
2026-03-30 11:05 ` Mark Brown
2026-03-30 11:50 ` Péter Ujfalusi
2026-03-30 20:11 ` Mark Brown
2026-03-31 5:12 ` Péter Ujfalusi
2026-03-31 11:25 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3c69a0a-5ed1-45f7-9180-9268bd671df0@linux.intel.com \
--to=peter.ujfalusi@linux.intel.com \
--cc=broonie@kernel.org \
--cc=daniel.baluta@nxp.com \
--cc=kai.vehmanen@linux.intel.com \
--cc=laurentiu.mihalcea@nxp.com \
--cc=lgirdwood@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sound@vger.kernel.org \
--cc=paul.olaru@oss.nxp.com \
--cc=perex@perex.cz \
--cc=pierre-louis.bossart@linux.dev \
--cc=ranjani.sridharan@linux.intel.com \
--cc=sound-open-firmware@alsa-project.org \
--cc=stable@vger.kernel.org \
--cc=tiwai@suse.com \
--cc=yung-chuan.liao@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox