Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp1676589pxb; Thu, 7 Oct 2021 12:39:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyT99mMpMVdbQ+TNRxLM40s0Z9811+tU4o/hTDFELkFaly1YkF5K6xf9o/2Gg0PtDPEzQjJ X-Received: by 2002:a17:90a:b794:: with SMTP id m20mr7087909pjr.178.1633635579786; Thu, 07 Oct 2021 12:39:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633635579; cv=none; d=google.com; s=arc-20160816; b=nqFKarVpaF1g1whbnt7qK0nBir9YDrc8v8Q6isIKC27/++VmHQYTHlc1ltdWJkXiXu dW9rx5b2mnm6h/SANzfYyy0XCqsvxWMoxFmjo7jBtC1dRzVTRD1aSiTfTWeXoS5wvc6b az+pGYhtnej0GPs/Gp8/L8ZfieiiARLH+y5//zbb9AklKcT5o8LQ+1j6pHGAs4+zqZsj 7ctOQmvPGbFjyN9kjzZX9GJO3hzz9ANkwT5DvL5/3poXo7/RMCrG+BOQlLZ4kCYEXQp3 XlQcuSb8Ep1nKPti63gtvCf238javwRzoQ7qLFQe3OM3HdxHGV/ndOL85ulc7+jNfN+/ UZtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :subject:cc:to:from:message-id:date:dkim-signature:dkim-signature; bh=HNbVqhTP/+kArtGfK2vUCeGnFIBp5ns2iEX512Ous+4=; b=sxuNju/8+w8JmcxlAagNtzBAJYKvSUQOHTBD1Ue9cX70siCzvjyeTQRJZDGpwooe7q 5q/75IJKNTvZb2RU9ihx8t1C7l4LNjrkT6sZdNioZ/BcKyz3xXA3Meji0KEm+D2vv3xW 83l+Ckfkxm02fp3WDzfT4pD620fbrxrSVVFMP1tNBCnwki2rzJAKsTjDZ6kn6WSRAnGG 3KvayfNjwyvP6F0b0XSZz8EYSyw7CV/zPdU4WJL30k0c5AQWfnNvs/qv1Sy4Tgsfymcf O0Kzzp5moT1oxDzEAnV1QKQUNWn2PkmVJRY1ks+LdquEgRfTnedQKiDjBeNHqPWkodTC rqTw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=q3IOkd6K; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=50JD83za; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e4si317609plo.22.2021.10.07.12.39.25; Thu, 07 Oct 2021 12:39:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=q3IOkd6K; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=50JD83za; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241244AbhJGPfP (ORCPT + 99 others); Thu, 7 Oct 2021 11:35:15 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:49972 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230060AbhJGPfO (ORCPT ); Thu, 7 Oct 2021 11:35:14 -0400 Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out1.suse.de (Postfix) with ESMTP id 0E2BC21DA9; Thu, 7 Oct 2021 15:33:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1633620800; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HNbVqhTP/+kArtGfK2vUCeGnFIBp5ns2iEX512Ous+4=; b=q3IOkd6KvO3mrfx7LpvSEFRHtI4nB1GFR5/ZEfx8HwK3IMG30+Yek+mTzVurpcVc9B+unN gxTZ0MWDEw25c6Tyi62cus/pJZHGSBtjFNSjTPnSqXvwUR4eLg8iumpDv68VPwQWAiEJqO pToVv4rlyoeOVbLSqa7jO6ifZEZGs/s= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1633620800; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HNbVqhTP/+kArtGfK2vUCeGnFIBp5ns2iEX512Ous+4=; b=50JD83zapy2z2GwupUl/DY4XtCa7gTMugJIb+MCc1QfgIHjRntIvc8uUgYHWJfPZ7ssgSf TEGbrCRb1YK6FoBQ== Received: from alsa1.suse.de (alsa1.suse.de [10.160.4.42]) by relay2.suse.de (Postfix) with ESMTP id EF31DA3B81; Thu, 7 Oct 2021 15:33:19 +0000 (UTC) Date: Thu, 07 Oct 2021 17:33:19 +0200 Message-ID: From: Takashi Iwai To: Arnd Bergmann Cc: Michael Forney , ALSA Development Mailing List , Takashi Iwai , Baolin Wang , y2038 Mailman List , Linux Kernel Mailing List , Mark Brown , Baolin Wang , musl@lists.openwall.com Subject: Re: [alsa-devel] [PATCH v7 8/9] ALSA: add new 32-bit layout for snd_pcm_mmap_status/control In-Reply-To: References: <20191211212025.1981822-1-arnd@arndb.de> <20191211212025.1981822-9-arnd@arndb.de> <29QBMJU8DE71E.2YZSH8IHT5HMH@mforney.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL/10.8 Emacs/25.3 (x86_64-suse-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 07 Oct 2021 15:11:00 +0200, Arnd Bergmann wrote: > > On Thu, Oct 7, 2021 at 2:43 PM Takashi Iwai wrote: > > On Thu, 07 Oct 2021 13:48:44 +0200, Arnd Bergmann wrote: > > > On Thu, Oct 7, 2021 at 12:53 PM Takashi Iwai wrote: > > > > On Wed, 06 Oct 2021 19:49:17 +0200, Michael Forney wrote: > > > > > > As far as I can tell, the broken interface will always result in > > > user space seeing a zero value for "avail_min". Can you > > > make a prediction what that would mean for actual > > > applications? Will they have no audio output, run into > > > a crash, or be able to use recover and appear to work normally > > > here? > > > > No, fortunately it's only about control->avail_min, and fiddling this > > value can't break severely (otherwise it'd be a security problem ;) > > > > In the buggy condition, it's always zero, and the kernel treated as if > > 1, i.e. wake up as soon as data is available, which is OK-ish for most > > applications. Apps usually don't care about the wake-up condition so > > much. There are subtle difference and may influence on the stability > > of stream processing, but the stability usually depends more strongly > > on the hardware and software configurations. > > > > That being said, the impact by this bug (from the application behavior > > POV) is likely quite small, but the contamination is large; as you > > pointed out, it's much larger than I thought. > > Ok, got it. > > > The definition in uapi/sound/asound.h is a bit cryptic, but IIUC, > > __snd_pcm_mmap_control64 is used for 64bit archs, right? If so, the > > problem rather hits more widely on 64bit archs silently. Then, the > > influence by this bug must be almost negligible, as we've had no bug > > report about the behavior change. > > While __snd_pcm_mmap_control64 is only used on 32-bit > architectures when 64-bit time_t is used. At the moment, this > means all users of musl-1.2.x libc, but not glibc. > > On 64-bit architectures, __snd_pcm_mmap_control and > __snd_pcm_mmap_control64 are meant to be identical, > and this is actually true regardless of the bug, since > __pad_before_uframe and __pad_after_uframe both > end up as zero-length arrays here. > > > We may just fix it in kernel and for new library with hoping that no > > one sees the actual problem. Or, we may provide a complete new set of > > mmap offsets and ioctl to cover both broken and fixed interfaces... > > The decision depends on how perfectly we'd like to address the bug. > > As of now, I'm inclined to go for the former, but I'm open for more > > opinions. > > Adding the musl list to Cc for additional testers, anyone interested > please see [1] for the original report. > > It would be good to hear from musl users that are already using > audio support with 32-bit applications on 64-bit kernels, which > is the case that has the problem today. Have you noticed any > problems with audio support here? If not, we can probably > "fix" the kernel here and make the existing binaries behave > the same way on 32-bit kernels. If there are applications that > don't work in that environment today, I think we need to instead > change the kernel to accept the currently broken format on > both 32-bit and 64-bit kernels, possibly introducing yet another > format that works as originally intended but requires a newly > built kernel. Thanks! And now, looking more deeply, I feel more desperate. This bug makes the expected padding gone on little-endian. On LE 32bit, the buggy definition is: char __pad1[0]; u32 appl_ptr; char __pad2[0]; // this should have been [4] char __pad3[0]; u32 avail_min; char __pad4[4]; When an application issues SYNC_PTR64 ioctl to submit appl_ptr and avail_min updates, 64bit kernel (in compat mode) reads directly as: u64 appl_ptr; u64 avail_min; Hence a bogus appl_ptr would be passed if avail_min != 0. And usually application sets non-zero avail_min. That is, the bug must hit more severely if the new API were really used. It wouldn't crash, but some weird streaming behavior can happen like noise, jumping or underruns. (Reading back avail_min=0 to user-space is rather harmless. Ditto for the case of BE, then at least there is no appl_ptr corruption.) This made me wonder which way to go: it's certainly possible to fix the new kernel to treat both buggy and sane formats (disabling compat mmap and re-define ioctls, having the code for old APIs). The problem is, however, in the case where the application needs to run on the older kernel that expects the buggy format. Then apps would still have to send in the old buggy format -- or maybe better in the older 32bit format that won't hit the bug above. It makes situation more complicated. Do we know how widely the __USE_TIME_BITS64 is deployed nowadays? Takashi