• Takashi Iwai's avatar
    ALSA: pcm: Remove incorrect snd_BUG_ON() usages · 3074fe07
    Takashi Iwai authored
    commit fe08f34d upstream.
    
    syzkaller triggered kernel warnings through PCM OSS emulation at
    closing a stream:
      WARNING: CPU: 0 PID: 3502 at sound/core/pcm_lib.c:1635
      snd_pcm_hw_param_first+0x289/0x690 sound/core/pcm_lib.c:1635
      Call Trace:
      ....
       snd_pcm_hw_param_near.constprop.27+0x78d/0x9a0 sound/core/oss/pcm_oss.c:457
       snd_pcm_oss_change_params+0x17d3/0x3720 sound/core/oss/pcm_oss.c:969
       snd_pcm_oss_make_ready+0xaa/0x130 sound/core/oss/pcm_oss.c:1128
       snd_pcm_oss_sync+0x257/0x830 sound/core/oss/pcm_oss.c:1638
       snd_pcm_oss_release+0x20b/0x280 sound/core/oss/pcm_oss.c:2431
       __fput+0x327/0x7e0 fs/file_table.c:210
       ....
    
    This happens while it tries to open and set up the aloop device
    concurrently.  The warning above (invoked from snd_BUG_ON() macro) is
    to detect the unexpected logical error where snd_pcm_hw_refine() call
    shouldn't fail.  The theory is true for the case where the hw_params
    config rules are static.  But for an aloop device, the hw_params rule
    condition does vary dynamically depending on the connected target;
    when another device is opened and changes the parameters, the device
    connected in another side is also affected, and it caused the error
    from snd_pcm_hw_refine().
    
    That is, the simplest "solution" for this is to remove the incorrect
    assumption of static rules, and treat such an error as a normal error
    path.  As there are a couple of other places using snd_BUG_ON()
    incorrectly, this patch removes these spurious snd_BUG_ON() calls.
    
    Reported-by: syzbot+6f11c7e2a1b91d466432@syzkaller.appspotmail.com
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    3074fe07
pcm_oss.c 85.2 KB