From 74c64efa1557fef731b59eb813f115436d18078e Mon Sep 17 00:00:00 2001 From: Robin Gong Date: Fri, 18 Dec 2020 00:15:47 +0800 Subject: ALSA: core: memalloc: add page alignment for iram Since mmap for userspace is based on page alignment, add page alignment for iram alloc from pool, otherwise, some good data located in the same page of dmab->area maybe touched wrongly by userspace like pulseaudio. Signed-off-by: Robin Gong Cc: Link: https://lore.kernel.org/r/1608221747-3474-1-git-send-email-yibin.gong@nxp.com Signed-off-by: Takashi Iwai --- sound/core/memalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sound/core') diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c index 0aeeb6244ff6..0f335162f87c 100644 --- a/sound/core/memalloc.c +++ b/sound/core/memalloc.c @@ -77,7 +77,8 @@ static void snd_malloc_dev_iram(struct snd_dma_buffer *dmab, size_t size) /* Assign the pool into private_data field */ dmab->private_data = pool; - dmab->area = gen_pool_dma_alloc(pool, size, &dmab->addr); + dmab->area = gen_pool_dma_alloc_align(pool, size, &dmab->addr, + PAGE_SIZE); } /** -- cgit v1.2.3 From f2283366c2919fda71e6eb725c3e5c1bd47bae1a Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen Date: Fri, 18 Dec 2020 16:34:00 +0100 Subject: ALSA: pcm: Remove snd_pcm_lib_preallocate_dma_free() Since commit d4cfb30fce03 ("ALSA: pcm: Set per-card upper limit of PCM buffer allocations") snd_pcm_lib_preallocate_dma_free() is a single line function that has one caller, which is another single line function. Clean this up a bit and remove snd_pcm_lib_preallocate_dma_free() and directly call do_free_pages() from snd_pcm_lib_preallocate_free(). This is a bit less boilerplate. Signed-off-by: Lars-Peter Clausen Link: https://lore.kernel.org/r/20201218153400.18394-1-lars@metafoo.de Signed-off-by: Takashi Iwai --- sound/core/pcm_memory.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'sound/core') diff --git a/sound/core/pcm_memory.c b/sound/core/pcm_memory.c index 4f03ba8ed0ae..ee6e9c5eec45 100644 --- a/sound/core/pcm_memory.c +++ b/sound/core/pcm_memory.c @@ -89,14 +89,6 @@ static int preallocate_pcm_pages(struct snd_pcm_substream *substream, size_t siz return 0; } -/* - * release the preallocated buffer if not yet done. - */ -static void snd_pcm_lib_preallocate_dma_free(struct snd_pcm_substream *substream) -{ - do_free_pages(substream->pcm->card, &substream->dma_buffer); -} - /** * snd_pcm_lib_preallocate_free - release the preallocated buffer of the specified substream. * @substream: the pcm substream instance @@ -105,7 +97,7 @@ static void snd_pcm_lib_preallocate_dma_free(struct snd_pcm_substream *substream */ void snd_pcm_lib_preallocate_free(struct snd_pcm_substream *substream) { - snd_pcm_lib_preallocate_dma_free(substream); + do_free_pages(substream->pcm->card, &substream->dma_buffer); } /** -- cgit v1.2.3 From 5c1733e33c888a3cb7f576564d8ad543d5ad4a9e Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 18 Dec 2020 15:56:24 +0100 Subject: ALSA: memalloc: Align buffer allocations in page size Currently the standard memory allocator (snd_dma_malloc_pages*()) passes the byte size to allocate as is. Most of the backends allocates real pages, hence the actual allocations are aligned in page size. However, the genalloc doesn't seem assuring the size alignment, hence it may result in the access outside the buffer when the whole memory pages are exposed via mmap. For avoiding such inconsistencies, this patch makes the allocation size always to be aligned in page size. Note that, after this change, snd_dma_buffer.bytes field contains the aligned size, not the originally requested size. This value is also used for releasing the pages in return. Reviewed-by: Lars-Peter Clausen Link: https://lore.kernel.org/r/20201218145625.2045-2-tiwai@suse.de Signed-off-by: Takashi Iwai --- sound/core/memalloc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'sound/core') diff --git a/sound/core/memalloc.c b/sound/core/memalloc.c index 0f335162f87c..966bef5acc75 100644 --- a/sound/core/memalloc.c +++ b/sound/core/memalloc.c @@ -133,6 +133,7 @@ int snd_dma_alloc_pages(int type, struct device *device, size_t size, if (WARN_ON(!dmab)) return -ENXIO; + size = PAGE_ALIGN(size); dmab->dev.type = type; dmab->dev.dev = device; dmab->bytes = 0; -- cgit v1.2.3 From 618de0f4ef11acd8cf26902e65493d46cc20cc89 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 18 Dec 2020 15:56:25 +0100 Subject: ALSA: pcm: Clear the full allocated memory at hw_params The PCM hw_params core function tries to clear up the PCM buffer before actually using for avoiding the information leak from the previous usages or the usage before a new allocation. It performs the memset() with runtime->dma_bytes, but this might still leave some remaining bytes untouched; namely, the PCM buffer size is aligned in page size for mmap, hence runtime->dma_bytes doesn't necessarily cover all PCM buffer pages, and the remaining bytes are exposed via mmap. This patch changes the memory clearance to cover the all buffer pages if the stream is supposed to be mmap-ready (that guarantees that the buffer size is aligned in page size). Reviewed-by: Lars-Peter Clausen Link: https://lore.kernel.org/r/20201218145625.2045-3-tiwai@suse.de Signed-off-by: Takashi Iwai --- sound/core/pcm_native.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'sound/core') diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index 47b155a49226..9f3f8e953ff0 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -755,8 +755,13 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream, runtime->boundary *= 2; /* clear the buffer for avoiding possible kernel info leaks */ - if (runtime->dma_area && !substream->ops->copy_user) - memset(runtime->dma_area, 0, runtime->dma_bytes); + if (runtime->dma_area && !substream->ops->copy_user) { + size_t size = runtime->dma_bytes; + + if (runtime->info & SNDRV_PCM_INFO_MMAP) + size = PAGE_ALIGN(size); + memset(runtime->dma_area, 0, size); + } snd_pcm_timer_resolution_change(substream); snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP); -- cgit v1.2.3 From 11cb881bf075cea41092a20236ba708b18e1dbb2 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 18 Dec 2020 17:17:30 +0100 Subject: ALSA: pcm: oss: Fix a few more UBSAN fixes There are a few places that call round{up|down}_pow_of_two() with the value zero, and this causes undefined behavior warnings. Avoid calling those macros if such a nonsense value is passed; it's a minor optimization as well, as we handle it as either an error or a value to be skipped, instead. Reported-by: syzbot+33ef0b6639a8d2d42b4c@syzkaller.appspotmail.com Cc: Link: https://lore.kernel.org/r/20201218161730.26596-1-tiwai@suse.de Signed-off-by: Takashi Iwai --- sound/core/oss/pcm_oss.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'sound/core') diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c index de1917484647..142fc751a847 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -693,6 +693,8 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream, oss_buffer_size = snd_pcm_plug_client_size(substream, snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_BUFFER_SIZE, NULL)) * oss_frame_size; + if (!oss_buffer_size) + return -EINVAL; oss_buffer_size = rounddown_pow_of_two(oss_buffer_size); if (atomic_read(&substream->mmap_count)) { if (oss_buffer_size > runtime->oss.mmap_bytes) @@ -728,17 +730,21 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream, min_period_size = snd_pcm_plug_client_size(substream, snd_pcm_hw_param_value_min(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL)); - min_period_size *= oss_frame_size; - min_period_size = roundup_pow_of_two(min_period_size); - if (oss_period_size < min_period_size) - oss_period_size = min_period_size; + if (min_period_size) { + min_period_size *= oss_frame_size; + min_period_size = roundup_pow_of_two(min_period_size); + if (oss_period_size < min_period_size) + oss_period_size = min_period_size; + } max_period_size = snd_pcm_plug_client_size(substream, snd_pcm_hw_param_value_max(slave_params, SNDRV_PCM_HW_PARAM_PERIOD_SIZE, NULL)); - max_period_size *= oss_frame_size; - max_period_size = rounddown_pow_of_two(max_period_size); - if (oss_period_size > max_period_size) - oss_period_size = max_period_size; + if (max_period_size) { + max_period_size *= oss_frame_size; + max_period_size = rounddown_pow_of_two(max_period_size); + if (oss_period_size > max_period_size) + oss_period_size = max_period_size; + } oss_periods = oss_buffer_size / oss_period_size; -- cgit v1.2.3 From 8b7c764e0644455a5991abea126e7ca6e03ee723 Mon Sep 17 00:00:00 2001 From: YangHui Date: Mon, 21 Dec 2020 14:22:07 +0800 Subject: ALSA: core: Remove redundant comments Remove redundant comments Signed-off-by: YangHui Link: https://lore.kernel.org/r/1608531727-5433-1-git-send-email-yanghui.def@gmail.com Signed-off-by: Takashi Iwai --- sound/core/init.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'sound/core') diff --git a/sound/core/init.c b/sound/core/init.c index 764dbe673d48..75aec71c48a8 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -149,8 +149,6 @@ static void release_card_device(struct device *dev) * @extra_size: allocate this extra size after the main soundcard structure * @card_ret: the pointer to store the created card instance * - * Creates and initializes a soundcard structure. - * * The function allocates snd_card instance via kzalloc with the given * space for the driver to use freely. The allocated struct is stored * in the given card_ret pointer. -- cgit v1.2.3