Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2547149imu; Thu, 29 Nov 2018 06:42:47 -0800 (PST) X-Google-Smtp-Source: AFSGD/U/3Ftqvj61Yx0l/9YR0jDyFF3GxBBDb7akIQRJYPB70VWs/Esg3rcQBLL4aKnePFhLSBz6 X-Received: by 2002:a63:111c:: with SMTP id g28mr1468993pgl.85.1543502567270; Thu, 29 Nov 2018 06:42:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543502567; cv=none; d=google.com; s=arc-20160816; b=L9qXa8ukNviS2DY+NtLWU99cGYiCncbvmoUcHO6pxJI36dxDJ1woA+R28iN/4AJxcc PoeGts0w0mXcs+ax9ndvBTUFwIw8x3RX74hZ89Lumg4G63HJWTX0KLynYfhS1+3W6mp5 2iWsuaLTi9YEPdHx9LbeD0+Fp8Uh0ZfsPFZnUolNabQclCeAdpMtY9/k1VU2i9o1B17B kL4IB34/pORMuONdq4AajAfJgDZ3vA9yIMUZ4hgp3gWtgj3DnEVQxrMaUuNmmJd1L5V4 D/Ktj41AhSFagH85osVwRt5mSFlkklJsEoRK7lHSqfR7DAU30NJaiov077wN76we4p56 HKLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=1ZJsbJ42/p7oqXyoVoS9bHvU36GKldjmVIU1x9RirKk=; b=ZPRvYLTuzKRiF8rK9hzKhS2Y1xVK36jc9FVyu5mlO+e20BtQi3Enti21Ayg+bJewbs 7OSV4l/zN+ZdoKKtr7RQ8myvxcrzvhOT+7a3IxArslNlaCsSTWzdl89qkjqFbh34+yCo lzLZRJUjh3aIKm4Kc6pd4prg1/sjOjHjsPPPL4g378RDXes7v4PYQPnT2Adjfq+bI+1F BSkjOTMI2ANVtYcXoHq5Z9KuqoS1u2U36DkonzxkBN+XH72cM97FAttCvXyky8qYMvp5 Kp/XZySgyA92KnoJk7mBb1dxpBx+n02Dy5ZW6rqJ/7pzD9VtLSMBZNLBFr0h8gJ/tg91 RrzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vmKjyVR3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w32si2095726pga.337.2018.11.29.06.42.32; Thu, 29 Nov 2018 06:42:47 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=vmKjyVR3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388170AbeK3BeR (ORCPT + 99 others); Thu, 29 Nov 2018 20:34:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:35406 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387654AbeK3BeQ (ORCPT ); Thu, 29 Nov 2018 20:34:16 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A8519213A2; Thu, 29 Nov 2018 14:28:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543501724; bh=H6k9sLLc3qDd+kYZX2aHJutKIp9F69TY6toeZKKm3so=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vmKjyVR33sp+pSGyRWs/1RpimRwI4im7Mn45t+CDA+0hG/xOS3+z8Mhdg4V6SOeND 47b+y/rtWHv0KSS4Ffu2dZx2UABShDDIBv49FhUbECK9M93H5jAVs8IUrJjvJSt10G udl9+sk2HrGJC23l/Gm0Cfcp1z/rkTNfa/TUKDyE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com, Takashi Iwai Subject: [PATCH 4.19 015/110] ALSA: oss: Use kvzalloc() for local buffer allocations Date: Thu, 29 Nov 2018 15:11:46 +0100 Message-Id: <20181129135921.859461211@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181129135921.231283053@linuxfoundation.org> References: <20181129135921.231283053@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Takashi Iwai commit 65766ee0bf7fe8b3be80e2e1c3ef54ad59b29476 upstream. PCM OSS layer may allocate a few temporary buffers, one for the core read/write and another for the conversions via plugins. Currently both are allocated via vmalloc(). But as the allocation size is equivalent with the PCM period size, the required size might be quite small, depending on the application. This patch replaces these vmalloc() calls with kvzalloc() for covering small period sizes better. Also, we use "z"-alloc variant here for addressing the possible uninitialized access reported by syzkaller. Reported-by: syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com Cc: Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/oss/pcm_oss.c | 6 +++--- sound/core/oss/pcm_plugin.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1062,8 +1062,8 @@ static int snd_pcm_oss_change_params_loc runtime->oss.channels = params_channels(params); runtime->oss.rate = params_rate(params); - vfree(runtime->oss.buffer); - runtime->oss.buffer = vmalloc(runtime->oss.period_bytes); + kvfree(runtime->oss.buffer); + runtime->oss.buffer = kvzalloc(runtime->oss.period_bytes, GFP_KERNEL); if (!runtime->oss.buffer) { err = -ENOMEM; goto failure; @@ -2328,7 +2328,7 @@ static void snd_pcm_oss_release_substrea { struct snd_pcm_runtime *runtime; runtime = substream->runtime; - vfree(runtime->oss.buffer); + kvfree(runtime->oss.buffer); runtime->oss.buffer = NULL; #ifdef CONFIG_SND_PCM_OSS_PLUGINS snd_pcm_oss_plugin_clear(substream); --- a/sound/core/oss/pcm_plugin.c +++ b/sound/core/oss/pcm_plugin.c @@ -66,8 +66,8 @@ static int snd_pcm_plugin_alloc(struct s return -ENXIO; size /= 8; if (plugin->buf_frames < frames) { - vfree(plugin->buf); - plugin->buf = vmalloc(size); + kvfree(plugin->buf); + plugin->buf = kvzalloc(size, GFP_KERNEL); plugin->buf_frames = frames; } if (!plugin->buf) { @@ -191,7 +191,7 @@ int snd_pcm_plugin_free(struct snd_pcm_p if (plugin->private_free) plugin->private_free(plugin); kfree(plugin->buf_channels); - vfree(plugin->buf); + kvfree(plugin->buf); kfree(plugin); return 0; }