Re: [PATCH V0 1/1] ASoC: msm: fix integer overflow for long duration offload playback

From: Amadeusz Sławiński
Date: Wed Mar 09 2022 - 09:51:18 EST

Next message: Cameron: "[Input] Wrong button mappings on PowerA USB gamepad"
Previous message: Marcelo Tosatti: "Re: [PATCH v7 1/2] KVM: LAPIC: Make lapic timer unpinned"
In reply to: Raghu Bankapur: "[PATCH V0 1/1] ASoC: msm: fix integer overflow for long duration offload playback"
Next in thread: Pierre-Louis Bossart: "Re: [PATCH V0 1/1] ASoC: msm: fix integer overflow for long duration offload playback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/9/2022 3:22 PM, Raghu Bankapur wrote:

From: Raghu Bankapur <quic_rbankapu@xxxxxxxxxx>

32 bit variable is used for storing number of bytes copied to DSP,
which can overflow when playback duration goes beyond 24 hours.
Change data type for this variable to uint64_t to prevent overflow
and related playback anomaly.

Signed-off-by: Raghu Bankapur <quic_rbankapu@xxxxxxxxxxx>
---
include/uapi/sound/compress_offload.h | 2 +-
sound/core/compress_offload.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/uapi/sound/compress_offload.h b/include/uapi/sound/compress_offload.h
index 9555f31c8425..57d24d89b2f4 100644
--- a/include/uapi/sound/compress_offload.h
+++ b/include/uapi/sound/compress_offload.h
@@ -67,7 +67,7 @@ struct snd_compr_params {
*/
struct snd_compr_tstamp {
__u32 byte_offset;
- __u32 copied_total;
+ __u64 copied_total;
__u32 pcm_frames;
__u32 pcm_io_frames;
__u32 sampling_rate;

I don't think this patch should be merged as is. It changes UAPI header, most likely breaking existing user space tools. Can't overflow be handled somehow instead?

Although having looked around, it makes a bit of sense, as snd_compr_update_tstamp() copies tstamp->copied_total to 64 bit variables...

Perhaps raise protocol version? ( https://elixir.bootlin.com/linux/latest/source/include/uapi/sound/compress_offload.h#L34 )

diff --git a/sound/core/compress_offload.c b/sound/core/compress_offload.c
index de514ec8c83d..068376b586be 100644
--- a/sound/core/compress_offload.c
+++ b/sound/core/compress_offload.c
@@ -169,7 +169,7 @@ static int snd_compr_update_tstamp(struct snd_compr_stream *stream,
if (!stream->ops->pointer)
return -ENOTSUPP;
stream->ops->pointer(stream, tstamp);
- pr_debug("dsp consumed till %d total %d bytes\n",
+ pr_debug("dsp consumed till %d total %llu bytes\n",
tstamp->byte_offset, tstamp->copied_total);
if (stream->direction == SND_COMPRESS_PLAYBACK)
stream->runtime->total_bytes_transferred = tstamp->copied_total;

Next message: Cameron: "[Input] Wrong button mappings on PowerA USB gamepad"
Previous message: Marcelo Tosatti: "Re: [PATCH v7 1/2] KVM: LAPIC: Make lapic timer unpinned"
In reply to: Raghu Bankapur: "[PATCH V0 1/1] ASoC: msm: fix integer overflow for long duration offload playback"
Next in thread: Pierre-Louis Bossart: "Re: [PATCH V0 1/1] ASoC: msm: fix integer overflow for long duration offload playback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]