lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 17 Feb 2020 15:41:20 +0100
From:   Stephan Gerhold <stephan@...hold.net>
To:     Sameer Pujar <spujar@...dia.com>
Cc:     tiwai@...e.com, perex@...ex.cz, alsa-devel@...a-project.org,
        broonie@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [alsa-devel] [RFC] ASoC: soc-pcm: crash in snd_soc_dapm_new_dai

On Sun, Jan 19, 2020 at 07:49:23PM +0530, Sameer Pujar wrote:
> Crash happens in snd_soc_dapm_new_dai() when substream->private_data
> access is made and substream is NULL here. This is seen for DAIs where
> only playback or capture stream is defined. This seems to be happening
> for codec2codec DAI link.
> 
> Both playback and capture are 0 during soc_new_pcm(). This is probably
> happening because cpu_dai and codec_dai are both validated either for
> SNDRV_PCM_STREAM_PLAYBACK or SNDRV_PCM_STREAM_CAPTURE.
> 
> Shouldn't be playback = 1 when,
>  - playback stream is available for codec_dai AND
>  - capture stream is available for cpu_dai
> 
> and vice-versa for capture = 1?
> 
> Signed-off-by: Sameer Pujar <spujar@...dia.com>
> ---
>  sound/soc/soc-pcm.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c
> index 74d340d..5aa9c0b 100644
> --- a/sound/soc/soc-pcm.c
> +++ b/sound/soc/soc-pcm.c
> @@ -2855,10 +2855,10 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num)
>  
>  		for_each_rtd_codec_dai(rtd, i, codec_dai) {
>  			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_PLAYBACK) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
>  				playback = 1;
>  			if (snd_soc_dai_stream_valid(codec_dai, SNDRV_PCM_STREAM_CAPTURE) &&
> -			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_CAPTURE))
> +			    snd_soc_dai_stream_valid(cpu_dai,   SNDRV_PCM_STREAM_PLAYBACK))
>  				capture = 1;
>  		}
>  

There are no longer any playback/capture PCMs registered on
qcom/apq8016_sbc with this patch. :(

With this patch:
  $ ls /dev/snd
  controlC0  timer

Without this patch:
  $ ls /dev/snd
  controlC0  pcmC0D0p   pcmC0D1c   timer

(There is exactly one playback-only and capture-only PCM normally...)

The routing looks like this:
  qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #0 WCD multicodec-0
  qcom-apq8016-sbc 7702000.sound: multicodec <-> Primary MI2S mapping ok
  qcom-apq8016-sbc 7702000.sound: ASoC: registered pcm #1 WCD-Capture multicodec-1
  qcom-apq8016-sbc 7702000.sound: multicodec <-> Tertiary MI2S mapping ok
  WCD: connected DAI link 7708000.lpass:Primary Playback -> 771c000.codec:AIF1 Playback
  WCD: connected DAI link 7708000.lpass:Primary Playback -> 200f000.spmi:pm8916@1:codec@f00:PDM Playback
  WCD-Capture: connected DAI link 771c000.codec:AIF1 Capture -> 7708000.lpass:Tertiary Capture
  WCD-Capture: connected DAI link 200f000.spmi:pm8916@1:codec@f00:PDM Capture -> 7708000.lpass:Tertiary Capture

For the playback stream, codec_dai and cpu_dai (lpass) only support SNDRV_PCM_STREAM_PLAYBACK.
The same applies to the capture stream.

I'm a bit confused about this patch, isn't SNDRV_PCM_STREAM_PLAYBACK
used for both cpu_dai and codec_dai in the playback case?

Thanks,
Stephan

Powered by blists - more mailing lists