• Takashi Iwai's avatar
    ALSA: aloop: Fix inconsistent format due to incomplete rule · 580eb0a3
    Takashi Iwai authored
    BugLink: http://bugs.launchpad.net/bugs/1745266
    
    commit b088b53e upstream.
    
    The extra hw constraint rule for the formats the aloop driver
    introduced has a slight flaw, where it doesn't return a positive value
    when the mask got changed.  It came from the fact that it's basically
    a copy&paste from snd_hw_constraint_mask64().  The original code is
    supposed to be a single-shot and it modifies the mask bits only once
    and never after, while what we need for aloop is the dynamic hw rule
    that limits the mask bits.
    
    This difference results in the inconsistent state, as the hw_refine
    doesn't apply the dependencies fully.  The worse and surprisingly
    result is that it causes a crash in OSS emulation when multiple
    full-duplex reads/writes are performed concurrently (I leave why it
    triggers Oops to readers as a homework).
    
    For fixing this, replace a few open-codes with the standard
    snd_mask_*() macros.
    
    Reported-by: syzbot+3902b5220e8ca27889ca@syzkaller.appspotmail.com
    Fixes: b1c73fc8 ("ALSA: snd-aloop: Fix hw_params restrictions and checking")
    Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    580eb0a3
aloop.c 35.5 KB