Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
Amadeusz Sławiński (2): ASoC: topology: Clean up route loading ASoC: topology: Fix route memory corruption
sound/soc/soc-topology.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-)
base-commit: 878fbff41def4649a2884e9d33bb423f5a7726b0
Instead of using very long macro name, assign it to shorter variable and use it instead. While doing that, we can reduce multiple if checks using this define to one.
Reviewed-by: Cezary Rojewski cezary.rojewski@intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240603102818.36165-5-amadeuszx.slawinski@linux.i... Signed-off-by: Mark Brown broonie@kernel.org --- sound/soc/soc-topology.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-)
diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c index 8b58a7864703e..e7a2426dd7443 100644 --- a/sound/soc/soc-topology.c +++ b/sound/soc/soc-topology.c @@ -1021,6 +1021,7 @@ static int soc_tplg_dapm_graph_elems_load(struct soc_tplg *tplg, struct snd_soc_tplg_hdr *hdr) { struct snd_soc_dapm_context *dapm = &tplg->comp->dapm; + const size_t maxlen = SNDRV_CTL_ELEM_ID_NAME_MAXLEN; struct snd_soc_tplg_dapm_graph_elem *elem; struct snd_soc_dapm_route *route; int count, i; @@ -1044,38 +1045,27 @@ static int soc_tplg_dapm_graph_elems_load(struct soc_tplg *tplg, tplg->pos += sizeof(struct snd_soc_tplg_dapm_graph_elem);
/* validate routes */ - if (strnlen(elem->source, SNDRV_CTL_ELEM_ID_NAME_MAXLEN) == - SNDRV_CTL_ELEM_ID_NAME_MAXLEN) { - ret = -EINVAL; - break; - } - if (strnlen(elem->sink, SNDRV_CTL_ELEM_ID_NAME_MAXLEN) == - SNDRV_CTL_ELEM_ID_NAME_MAXLEN) { - ret = -EINVAL; - break; - } - if (strnlen(elem->control, SNDRV_CTL_ELEM_ID_NAME_MAXLEN) == - SNDRV_CTL_ELEM_ID_NAME_MAXLEN) { + if ((strnlen(elem->source, maxlen) == maxlen) || + (strnlen(elem->sink, maxlen) == maxlen) || + (strnlen(elem->control, maxlen) == maxlen)) { ret = -EINVAL; break; }
route->source = devm_kmemdup(tplg->dev, elem->source, - min(strlen(elem->source), - SNDRV_CTL_ELEM_ID_NAME_MAXLEN), + min(strlen(elem->source), maxlen), GFP_KERNEL); route->sink = devm_kmemdup(tplg->dev, elem->sink, - min(strlen(elem->sink), SNDRV_CTL_ELEM_ID_NAME_MAXLEN), + min(strlen(elem->sink), maxlen), GFP_KERNEL); if (!route->source || !route->sink) { ret = -ENOMEM; break; }
- if (strnlen(elem->control, SNDRV_CTL_ELEM_ID_NAME_MAXLEN) != 0) { + if (strnlen(elem->control, maxlen) != 0) { route->control = devm_kmemdup(tplg->dev, elem->control, - min(strlen(elem->control), - SNDRV_CTL_ELEM_ID_NAME_MAXLEN), + min(strlen(elem->control), maxlen), GFP_KERNEL); if (!route->control) { ret = -ENOMEM;
On Wed, Aug 14, 2024 at 04:06:56PM +0200, Amadeusz Sławiński wrote:
Instead of using very long macro name, assign it to shorter variable and use it instead. While doing that, we can reduce multiple if checks using this define to one.
Reviewed-by: Cezary Rojewski cezary.rojewski@intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240603102818.36165-5-amadeuszx.slawinski@linux.i... Signed-off-by: Mark Brown broonie@kernel.org
sound/soc/soc-topology.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-)
What is the git commit id of this change in Linus's tree? Same for patch 2/2
On 8/14/2024 4:12 PM, Greg Kroah-Hartman wrote:
On Wed, Aug 14, 2024 at 04:06:56PM +0200, Amadeusz Sławiński wrote:
Instead of using very long macro name, assign it to shorter variable and use it instead. While doing that, we can reduce multiple if checks using this define to one.
Reviewed-by: Cezary Rojewski cezary.rojewski@intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240603102818.36165-5-amadeuszx.slawinski@linux.i... Signed-off-by: Mark Brown broonie@kernel.org
sound/soc/soc-topology.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-)
What is the git commit id of this change in Linus's tree? Same for patch 2/2
[ Upstream commit e0e7bc2cbee93778c4ad7d9a792d425ffb5af6f7 ]
On Wed, Aug 14, 2024 at 04:06:56PM +0200, Amadeusz Sławiński wrote:
Instead of using very long macro name, assign it to shorter variable and use it instead. While doing that, we can reduce multiple if checks using this define to one.
Reviewed-by: Cezary Rojewski cezary.rojewski@intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240603102818.36165-5-amadeuszx.slawinski@linux.i... Signed-off-by: Mark Brown broonie@kernel.org
sound/soc/soc-topology.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-)
What is the git id of this commit?
thanks,
greg k-h
It was reported that recent fix for memory corruption during topology load, causes corruption in other cases. Instead of being overeager with checking topology, assume that it is properly formatted and just duplicate strings.
Reported-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com Closes: https://lore.kernel.org/linux-sound/171812236450.201359.3019210915105428447.... Suggested-by: Péter Ujfalusi peter.ujfalusi@linux.intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240613090126.841189-1-amadeuszx.slawinski@linux.... Signed-off-by: Mark Brown broonie@kernel.org --- sound/soc/soc-topology.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c index e7a2426dd7443..7e8fca0b06628 100644 --- a/sound/soc/soc-topology.c +++ b/sound/soc/soc-topology.c @@ -1052,21 +1052,15 @@ static int soc_tplg_dapm_graph_elems_load(struct soc_tplg *tplg, break; }
- route->source = devm_kmemdup(tplg->dev, elem->source, - min(strlen(elem->source), maxlen), - GFP_KERNEL); - route->sink = devm_kmemdup(tplg->dev, elem->sink, - min(strlen(elem->sink), maxlen), - GFP_KERNEL); + route->source = devm_kstrdup(tplg->dev, elem->source, GFP_KERNEL); + route->sink = devm_kstrdup(tplg->dev, elem->sink, GFP_KERNEL); if (!route->source || !route->sink) { ret = -ENOMEM; break; }
if (strnlen(elem->control, maxlen) != 0) { - route->control = devm_kmemdup(tplg->dev, elem->control, - min(strlen(elem->control), maxlen), - GFP_KERNEL); + route->control = devm_kstrdup(tplg->dev, elem->control, GFP_KERNEL); if (!route->control) { ret = -ENOMEM; break;
On 8/14/2024 4:06 PM, Amadeusz Sławiński wrote:
It was reported that recent fix for memory corruption during topology load, causes corruption in other cases. Instead of being overeager with checking topology, assume that it is properly formatted and just duplicate strings.
Reported-by: Pierre-Louis Bossart pierre-louis.bossart@linux.intel.com Closes: https://lore.kernel.org/linux-sound/171812236450.201359.3019210915105428447.... Suggested-by: Péter Ujfalusi peter.ujfalusi@linux.intel.com Signed-off-by: Amadeusz Sławiński amadeuszx.slawinski@linux.intel.com Link: https://lore.kernel.org/r/20240613090126.841189-1-amadeuszx.slawinski@linux.... Signed-off-by: Mark Brown broonie@kernel.org
[ Upstream commit 0298f51652be47b79780833e0b63194e1231fa34 ]
On Wed, Aug 14, 2024 at 04:06:55PM +0200, Amadeusz Sławiński wrote:
Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
Amadeusz Sławiński (2): ASoC: topology: Clean up route loading ASoC: topology: Fix route memory corruption
sound/soc/soc-topology.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-)
base-commit: 878fbff41def4649a2884e9d33bb423f5a7726b0
2.34.1
What stable tree(s) is this for?
On 8/14/2024 4:12 PM, Greg Kroah-Hartman wrote:
On Wed, Aug 14, 2024 at 04:06:55PM +0200, Amadeusz Sławiński wrote:
Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
Amadeusz Sławiński (2): ASoC: topology: Clean up route loading ASoC: topology: Fix route memory corruption
sound/soc/soc-topology.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-)
base-commit: 878fbff41def4649a2884e9d33bb423f5a7726b0
2.34.1
What stable tree(s) is this for?
For whichever one has 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") applied and doesn't have following patches, as far as I can tell: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound?h... https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound/s... https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound/s...
should I send separate mail for each?
On Wed, Aug 14, 2024 at 04:19:06PM +0200, Amadeusz Sławiński wrote:
On 8/14/2024 4:12 PM, Greg Kroah-Hartman wrote:
On Wed, Aug 14, 2024 at 04:06:55PM +0200, Amadeusz Sławiński wrote:
Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
Amadeusz Sławiński (2): ASoC: topology: Clean up route loading ASoC: topology: Fix route memory corruption
sound/soc/soc-topology.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-)
base-commit: 878fbff41def4649a2884e9d33bb423f5a7726b0
2.34.1
What stable tree(s) is this for?
For whichever one has 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") applied and doesn't have following patches, as far as I can tell: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound?h... https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound/s... https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/sound/s...
should I send separate mail for each?
If they do not apply cleanly to all of them, yes. If not, no.
Please resend these anyway, with the proper git id info so we don't have to hand paste them in.
thanks,
greg k-h
On Wed, Aug 14, 2024 at 04:06:55PM +0200, Amadeusz Sławiński wrote:
Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
You need to put the git ids in the patches directly do we have a clue what to do.
Also, what tree(s) do you need/want these in?
Please fix up and resend.
thanks,
greg k-h
On 8/27/2024 3:11 PM, Greg Kroah-Hartman wrote:
On Wed, Aug 14, 2024 at 04:06:55PM +0200, Amadeusz Sławiński wrote:
Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied.
Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf8...
You need to put the git ids in the patches directly do we have a clue what to do.
Also, what tree(s) do you need/want these in?
Please fix up and resend.
I've already send v2 and as far as I know it was merged.
Here is link to v2: https://lore.kernel.org/linux-sound/2024081442-thimble-widget-e370@gregkh/T/...
linux-stable-mirror@lists.linaro.org