On 19.05.2022 20:54, Mark Brown wrote:
> On Thu, May 19, 2022 at 08:49:48PM +0300, Alexey Khoroshilov wrote:
>> On 19.05.2022 20:29, Mark Brown wrote:
>>> On Thu, May 19, 2022 at 08:10:12PM +0300, Alexey Khoroshilov wrote:
>
>>>> - if (sel < 0 || sel > mc->max)
>>>> + if (sel > mc->max)
>
>>> The check needs to be moved, not removed. The userspace ABI allows
>>> passing in of negative values.
>
>> Would (sel > mc->max) be enough in this case anyway?
>
> Oh, the check won't be working properly - it's just that like I say the
> fix is to move rather than remove it so it's operating on the signed
> value.
>
Do you mean something like this?
static int max98090_put_enab_tlv(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_value *ucontrol)
{
struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol);
struct max98090_priv *max98090 = snd_soc_component_get_drvdata(component);
struct soc_mixer_control *mc =
(struct soc_mixer_control *)kcontrol->private_value;
unsigned int mask = (1 << fls(mc->max)) - 1;
- unsigned int sel = ucontrol->value.integer.value[0];
+ int sel_unchecked = ucontrol->value.integer.value[0];
+ unsigned int sel;
unsigned int val = snd_soc_component_read(component, mc->reg);
unsigned int *select;
switch (mc->reg) {
case M98090_REG_MIC1_INPUT_LEVEL:
select = &(max98090->pa1en);
break;
case M98090_REG_MIC2_INPUT_LEVEL:
select = &(max98090->pa2en);
break;
case M98090_REG_ADC_SIDETONE:
select = &(max98090->sidetone);
break;
default:
return -EINVAL;
}
val = (val >> mc->shift) & mask;
- if (sel < 0 || sel > mc->max)
+ if (sel_unchecked < 0 || sel_unchecked > mc->max)
return -EINVAL;
+ sel = sel_unchecked;
*select = sel;
On Thu, May 19, 2022 at 09:27:25PM +0300, Alexey Khoroshilov wrote:
> On 19.05.2022 20:54, Mark Brown wrote:
> > Oh, the check won't be working properly - it's just that like I say the
> > fix is to move rather than remove it so it's operating on the signed
> > value.
> Do you mean something like this?
That looks about right.
Validation of signed input should be done before casting to unsigned int.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Alexey Khoroshilov <[email protected]>
Suggested-by: Mark Brown <[email protected]>
Fixes: 2fbe467bcbfc ("ASoC: max98090: Reject invalid values in custom control put()")
---
sound/soc/codecs/max98090.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/max98090.c b/sound/soc/codecs/max98090.c
index 62b41ca050a2..5513acd360b8 100644
--- a/sound/soc/codecs/max98090.c
+++ b/sound/soc/codecs/max98090.c
@@ -393,7 +393,8 @@ static int max98090_put_enab_tlv(struct snd_kcontrol *kcontrol,
struct soc_mixer_control *mc =
(struct soc_mixer_control *)kcontrol->private_value;
unsigned int mask = (1 << fls(mc->max)) - 1;
- unsigned int sel = ucontrol->value.integer.value[0];
+ int sel_unchecked = ucontrol->value.integer.value[0];
+ unsigned int sel;
unsigned int val = snd_soc_component_read(component, mc->reg);
unsigned int *select;
@@ -413,8 +414,9 @@ static int max98090_put_enab_tlv(struct snd_kcontrol *kcontrol,
val = (val >> mc->shift) & mask;
- if (sel < 0 || sel > mc->max)
+ if (sel_unchecked < 0 || sel_unchecked > mc->max)
return -EINVAL;
+ sel = sel_unchecked;
*select = sel;
--
2.7.4
On 19.05.2022 23:07, Mark Brown wrote:
> On Thu, May 19, 2022 at 09:27:25PM +0300, Alexey Khoroshilov wrote:
>> On 19.05.2022 20:54, Mark Brown wrote:
>>> Oh, the check won't be working properly - it's just that like I say the
>>> fix is to move rather than remove it so it's operating on the signed
>>> value.
>> Do you mean something like this?
> That looks about right.
Should I prepare a patch or you will do it yourself?
On Fri, 20 May 2022 01:31:26 +0300, Alexey Khoroshilov wrote:
> Validation of signed input should be done before casting to unsigned int.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
>
Applied to
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git for-next
Thanks!
[1/1] ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
commit: f7a344468105ef8c54086dfdc800e6f5a8417d3e
All being well this means that it will be integrated into the linux-next
tree (usually sometime in the next 24 hours) and sent to Linus during
the next merge window (or sooner if it is a bug fix), however if
problems are discovered then the patch may be dropped or reverted.
You may get further e-mails resulting from automated or manual testing
and review of the tree, please engage with people reporting problems and
send followup patches addressing any issues that are reported if needed.
If any updates are required or you are submitting further changes they
should be sent as incremental updates against current git, existing
patches will not be replaced.
Please add any relevant lists and maintainers to the CCs when replying
to this mail.
Thanks,
Mark