Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4324199pxj; Tue, 8 Jun 2021 11:30:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcu23M9djYyXQB2BSpDoFFkOAjwvlh6L+E2tvpUuTg3kvGRxhjngKVhrYW76WiMoUdD7Vz X-Received: by 2002:a17:906:c411:: with SMTP id u17mr25410791ejz.60.1623177052098; Tue, 08 Jun 2021 11:30:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623177052; cv=none; d=google.com; s=arc-20160816; b=JkFI9UDeRU+Y60FxnYROZXnQ/EWueX+nX4/pehxBnxvFneDVmKq6shDLAMOJhop9rT y2Mfrepg7tpqvBHKCMSvsE3WhYshu3c7fVi8/dhWGDIs7woB1FwO1Xoq+Qco7wjjDpdY fLXhnccjJsnh0epeMYX6Nl1epyTElv6apDaUB35uUUo0iWY+2bkipd3qVsv2EOinWHpI xkGgo3Q/xvVGaNqRwI6L7ToD698RHh2B2WbzAubOQlXfn0NiramDe2K6cTSOnYjzWmkC EU8nPKYtTrAKiVCy/EMbciZdr5x0WpxbWSswq4G4IcpkNkwyLb7HScwTrlG7Re638Q7F AUxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nglodeBtG3W0i4gUr5tzmGueXzBTkQ9TSlEywThCSAM=; b=KplYG3aG0VDlYhdd9YCE9drcT28lrBYNd9tz2AEzJgls60Dy8XGwObJIwtjvKvQMbj l0zlnAYr2+4UaZ5JS0FBD6/f+I05yiN2nwAlxN2QEBSk2M5akTAtaeXN1332XqZ+VRoQ Z5rhiyZrS5XRiR1IoLyu6LfvoNILTZGfF6Ou5cAVHTCOaoH8FvaOdd9p0Gwrux55Oebj izzNnuSypYCeUmmQ+NZ1y2x5+fb+4C2IyLYhwn5uAeHsH2e3f9OMb1vAqRSSemNZFL8w YkFOSaymUzaK4MavrM7GWnP1lT5lhMmbc/YhJyU2NI4U/KsljkfMh2XgoyG12jRUxGlp XU4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dAKVOaJ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w22si373343edi.259.2021.06.08.11.30.28; Tue, 08 Jun 2021 11:30:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=dAKVOaJ6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233360AbhFHSal (ORCPT + 99 others); Tue, 8 Jun 2021 14:30:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:55218 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233235AbhFHSaj (ORCPT ); Tue, 8 Jun 2021 14:30:39 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 39B42613BC; Tue, 8 Jun 2021 18:28:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1623176926; bh=skfRBhuDqDwhe9k4MPq5LuK1GjND8gtF8MVXYQX9T6k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dAKVOaJ6t4LbNtcKLDt4UzZXeYl/tWNRWeSnS0ME903Gv0RKKweWsjVbNHhRK0B38 iMigfKR/IR6NAtluxsqrA1hSLxS5JBi6BddeTbTqfjoAfi88NXUvQ2w0+0fGMDVvt0 Y+QH2rkFAreKq4OqcrwA9n/4vxGyie3hwgnaCoNM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com, Jaroslav Kysela , Takashi Iwai Subject: [PATCH 4.4 15/23] ALSA: timer: Fix master timer notification Date: Tue, 8 Jun 2021 20:27:07 +0200 Message-Id: <20210608175927.029876951@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210608175926.524658689@linuxfoundation.org> References: <20210608175926.524658689@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Takashi Iwai commit 9c1fe96bded935369f8340c2ac2e9e189f697d5d upstream. snd_timer_notify1() calls the notification to each slave for a master event, but it passes a wrong event number. It should be +10 offset, corresponding to SNDRV_TIMER_EVENT_MXXX, but it's incorrectly with +100 offset. Casually this was spotted by UBSAN check via syzkaller. Reported-by: syzbot+d102fa5b35335a7e544e@syzkaller.appspotmail.com Reviewed-by: Jaroslav Kysela Cc: Link: https://lore.kernel.org/r/000000000000e5560e05c3bd1d63@google.com Link: https://lore.kernel.org/r/20210602113823.23777-1-tiwai@suse.de Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/core/timer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -432,9 +432,10 @@ static void snd_timer_notify1(struct snd return; if (timer->hw.flags & SNDRV_TIMER_HW_SLAVE) return; + event += 10; /* convert to SNDRV_TIMER_EVENT_MXXX */ list_for_each_entry(ts, &ti->slave_active_head, active_list) if (ts->ccallback) - ts->ccallback(ts, event + 100, &tstamp, resolution); + ts->ccallback(ts, event, &tstamp, resolution); } /* start/continue a master timer */