From patchwork Sun Jun 16 07:34:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takashi Iwai X-Patchwork-Id: 804670 Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 364A7178CE2; Sun, 16 Jun 2024 07:34:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718523278; cv=none; b=h+0kPgWycQsBZHhuglXvM5PsIOaUaqI8yH1Q4To7qXEkHL2lRa+wlRtSXJ7sZuUAuGnVl8Tyr4uPCfxWsDdljj8+vrrYis+qcGBwRGhF2++1LATyk9J9tgFpXA+dt+j6Asclpa6eZE0pByUwmR8L2J9H6k3B06LOvwlQyFG3gDQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718523278; c=relaxed/simple; bh=ewFCmvWdTHUP5TXobHOgdvphPMgBV6JL4KA/1hdYfoc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=J8IVGJLUCS431Q6sZOQm0KxPzdGPW/b+61fb/cNsPeOpSu8oacipD6hbrSnJEy98o1xHzJwZOcZywquezQH9qM+atJIoq5vjtHcCDha8TwQJR3EQFpB3JvzkdYZ7cToWxT6WKpZEQubAVfIRzljQWyT5T/21GR/4ph5opx/ysro= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de; spf=pass smtp.mailfrom=suse.de; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=mv8qOk+q; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=gPIKth/H; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b=mv8qOk+q; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b=gPIKth/H; arc=none smtp.client-ip=195.135.223.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="mv8qOk+q"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="gPIKth/H"; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="mv8qOk+q"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="gPIKth/H" Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3C1413506D; Sun, 16 Jun 2024 07:34:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1718523275; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qrkTl4bH7rGV7b1L3DA5zVOqzeTHEo1PLxkVkHx1bOY=; b=mv8qOk+qAEXWyVxD+Prqbw5hMQ/I4ml24EMkSogPvhC/TiMA+amX72JnnV/x+R/8hkLmoT Qhta0rlH5ndHWjeSdnvIAo48TEdS9ZI2m/blMk27IpcWNdhsXRoLQBctcrjffcUi8vuNO1 snpdeFrs45HOe+Abz9PkeQfMDeh/hOw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1718523275; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qrkTl4bH7rGV7b1L3DA5zVOqzeTHEo1PLxkVkHx1bOY=; b=gPIKth/H+VIqqi33dw+pggarQ9DhF97auNo7U2tclTjJlx929g5YRVcOZWhMteeAfNeDly R1Li83k6QUgoNPCg== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1718523275; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qrkTl4bH7rGV7b1L3DA5zVOqzeTHEo1PLxkVkHx1bOY=; b=mv8qOk+qAEXWyVxD+Prqbw5hMQ/I4ml24EMkSogPvhC/TiMA+amX72JnnV/x+R/8hkLmoT Qhta0rlH5ndHWjeSdnvIAo48TEdS9ZI2m/blMk27IpcWNdhsXRoLQBctcrjffcUi8vuNO1 snpdeFrs45HOe+Abz9PkeQfMDeh/hOw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1718523275; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qrkTl4bH7rGV7b1L3DA5zVOqzeTHEo1PLxkVkHx1bOY=; b=gPIKth/H+VIqqi33dw+pggarQ9DhF97auNo7U2tclTjJlx929g5YRVcOZWhMteeAfNeDly R1Li83k6QUgoNPCg== Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 05D5713ABC; Sun, 16 Jun 2024 07:34:35 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id +JUDAIuVbmYVCwAAD6G6ig (envelope-from ); Sun, 16 Jun 2024 07:34:34 +0000 From: Takashi Iwai To: linux-sound@vger.kernel.org Cc: Paul Menzel , Mark Brown , Jaroslav Kysela , Takashi Sakamoto , linux-kselftest@vger.kernel.org Subject: [PATCH v3 3/6] ALSA: control: Apply sanity check of input values for user elements Date: Sun, 16 Jun 2024 09:34:44 +0200 Message-ID: <20240616073454.16512-4-tiwai@suse.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240616073454.16512-1-tiwai@suse.de> References: <20240616073454.16512-1-tiwai@suse.de> Precedence: bulk X-Mailing-List: linux-kselftest@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[100.00%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_FIVE(0.00)[6]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo]; RCVD_TLS_ALL(0.00)[] X-Spam-Flag: NO X-Spam-Score: -2.80 X-Spam-Level: Although we have already a mechanism for sanity checks of input values for control writes, it's not applied unless the kconfig CONFIG_SND_CTL_INPUT_VALIDATION is set due to the performance reason. Nevertheless, it still makes sense to apply the same check for user elements despite of its cost, as that's the only way to filter out the invalid values; the user controls are handled solely in ALSA core code, and there is no corresponding driver, after all. This patch adds the same input value validation for user control elements at its put callback. The kselftest will be happier with this change, as the incorrect values will be bailed out now with errors. For other normal controls, the check is applied still only when CONFIG_SND_CTL_INPUT_VALIDATION is set. Reported-by: Paul Menzel Closes: https://lore.kernel.org/r/1d44be36-9bb9-4d82-8953-5ae2a4f09405@molgen.mpg.de Reviewed-by: Jaroslav Kysela Reviewed-by: Mark Brown Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai --- sound/core/control.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/sound/core/control.c b/sound/core/control.c index fb0c60044f7b..1dd2337e2930 100644 --- a/sound/core/control.c +++ b/sound/core/control.c @@ -1480,12 +1480,16 @@ static int snd_ctl_elem_user_get(struct snd_kcontrol *kcontrol, static int snd_ctl_elem_user_put(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_value *ucontrol) { - int change; + int err, change; struct user_element *ue = kcontrol->private_data; unsigned int size = ue->elem_data_size; char *dst = ue->elem_data + snd_ctl_get_ioff(kcontrol, &ucontrol->id) * size; + err = sanity_check_input_values(ue->card, ucontrol, &ue->info, false); + if (err < 0) + return err; + change = memcmp(&ucontrol->value, dst, size) != 0; if (change) memcpy(dst, &ucontrol->value, size);