Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2554812imu; Thu, 29 Nov 2018 06:50:01 -0800 (PST) X-Google-Smtp-Source: AFSGD/X2KFAjpCYzdp/6qUppFbzL7OPEJgNm4sVhJiIIi5myGWY4WeKXV4J5wStnZ5z3cV6PFZzS X-Received: by 2002:a17:902:9a98:: with SMTP id w24mr1754842plp.213.1543503001719; Thu, 29 Nov 2018 06:50:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543503001; cv=none; d=google.com; s=arc-20160816; b=HFJJaaUwUjoBu3d4ENZC47jY/Bl1Dwj0bzJOEa9F94UMpZ0UsMU2fg4lLMa0NfIwVj 2hr+SnkyOCTRN2CKRxMweChTxLIcZ2z+3H7YWWKDhzFU7Hj35kbrbN/GZn/anWwP8orT z8ldRdpVTzK7M5N5goEtvJYa87+/DvWTX0ik7+wOh8B84BveRnHtsvqAE76B7sawGVZi Pp2+0dxTo2NVu234vWYJLrFWCh5tyKAoh39ZkEOibRQYA0WHoVx5mACsk8ibmzGFgNei ff0bjro/yxgfTvP/nq6HzbHelPd/pJVdx9HX3gFGZzNyJdzm2KReOSj8W+cHjx/reU2O 8uAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=NoopTw4eBSL0AOMPtBbHei+WTCLcARemgg9XYYbulS8=; b=zInq5ZVynQch2PLyw0Srfl1PZAExtrWJq6iG8wU54kOvx7EICxBs0XXKr3kjLzNAud zM1FHiBPWtmRh4cXQicvCJ7ScYsNa3hU2JvoTSJgjwgNH2qvTJ+Z9gzs8h1IiCpOYh6a 6cUuCpau+IfF33YZ20mnHO6NVYAtJXUbkN7fBaAG/MNL/gWJagXX4PfS2htbfDofhAfx /ulqESCw25AxaYxXzmQMaxMY2LM2rnffZAuGek2FcHkeLX7yLSgympFWRqWQmtSLqpUq rN/pOXq/Di0C0pU01X0UZqbkYbEzi98FDBml/JwntOocooK/FL1IzQsnS08XgPnPRM6V eO3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NHvDQDMC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 76si2421405pfw.66.2018.11.29.06.49.47; Thu, 29 Nov 2018 06:50:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=NHvDQDMC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733066AbeK3BbM (ORCPT + 99 others); Thu, 29 Nov 2018 20:31:12 -0500 Received: from mail.kernel.org ([198.145.29.99]:58634 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731628AbeK3BbM (ORCPT ); Thu, 29 Nov 2018 20:31:12 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A7ED421104; Thu, 29 Nov 2018 14:25:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543501540; bh=pRM/0Qn0UML5kXuWYt3DWX+48xl/YSp8j0fjZmcziRY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NHvDQDMCwR5DWpQhi0v7HwO1cSrDDCqwDCYPOEIxY3qT0MT+EzOuwTdA4v5Km90eB PeXgFQlqguVuT1TFwJZ9LndU6OKXws3cz4NWlqtlccVJPGQwLot8QA+T7cdD5kl/rT EyK1ibMM3NebO0pYRbi8Yx7ksMT+iKOshzOz3R5o= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com, Takashi Iwai Subject: [PATCH 4.14 012/100] ALSA: oss: Use kvzalloc() for local buffer allocations Date: Thu, 29 Nov 2018 15:11:42 +0100 Message-Id: <20181129140059.986581736@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181129140058.768942700@linuxfoundation.org> References: <20181129140058.768942700@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Takashi Iwai commit 65766ee0bf7fe8b3be80e2e1c3ef54ad59b29476 upstream. PCM OSS layer may allocate a few temporary buffers, one for the core read/write and another for the conversions via plugins. Currently both are allocated via vmalloc(). But as the allocation size is equivalent with the PCM period size, the required size might be quite small, depending on the application. This patch replaces these vmalloc() calls with kvzalloc() for covering small period sizes better. Also, we use "z"-alloc variant here for addressing the possible uninitialized access reported by syzkaller. Reported-by: syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com Cc: Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/oss/pcm_oss.c | 6 +++--- sound/core/oss/pcm_plugin.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1062,8 +1062,8 @@ static int snd_pcm_oss_change_params_loc runtime->oss.channels = params_channels(params); runtime->oss.rate = params_rate(params); - vfree(runtime->oss.buffer); - runtime->oss.buffer = vmalloc(runtime->oss.period_bytes); + kvfree(runtime->oss.buffer); + runtime->oss.buffer = kvzalloc(runtime->oss.period_bytes, GFP_KERNEL); if (!runtime->oss.buffer) { err = -ENOMEM; goto failure; @@ -2328,7 +2328,7 @@ static void snd_pcm_oss_release_substrea { struct snd_pcm_runtime *runtime; runtime = substream->runtime; - vfree(runtime->oss.buffer); + kvfree(runtime->oss.buffer); runtime->oss.buffer = NULL; #ifdef CONFIG_SND_PCM_OSS_PLUGINS snd_pcm_oss_plugin_clear(substream); --- a/sound/core/oss/pcm_plugin.c +++ b/sound/core/oss/pcm_plugin.c @@ -66,8 +66,8 @@ static int snd_pcm_plugin_alloc(struct s return -ENXIO; size /= 8; if (plugin->buf_frames < frames) { - vfree(plugin->buf); - plugin->buf = vmalloc(size); + kvfree(plugin->buf); + plugin->buf = kvzalloc(size, GFP_KERNEL); plugin->buf_frames = frames; } if (!plugin->buf) { @@ -191,7 +191,7 @@ int snd_pcm_plugin_free(struct snd_pcm_p if (plugin->private_free) plugin->private_free(plugin); kfree(plugin->buf_channels); - vfree(plugin->buf); + kvfree(plugin->buf); kfree(plugin); return 0; }