linux/sound/core
Takashi Iwai fbd3eb7f66 ALSA: control: Add verification for kctl accesses
The current implementation of ALSA control API fully relies on the
callbacks of each driver, and there is no verification of the values
passed via API.  This patch is an attempt to improve the situation
slightly by adding the validation code for the values stored via info
and get callbacks.

The patch adds a new kconfig, CONFIG_SND_CTL_VALIDATION.  It depends
on CONFIG_SND_DEBUG and off as default since the validation would
require a slight overhead including the additional call of info
callback at each get callback invocation.

When this config is enabled, the values stored by each info callback
invocation are verified, namely:
- Whether the info type is valid
- Whether the number of enum items is non-zero
- Whether the given info count is within the allowed boundary

Similarly, the values stored at each get callback are verified as
well:
- Whether the values are within the given range
- Whether the values are aligned with the given step
- Whether any further changes are seen in the data array over the
  given info count

The last point helps identifying a possibly invalid data type access,
typically a case where the info callback declares the type being
SNDRV_CTL_ELEM_TYPE_ENUMERATED while the get/put callbacks store
the values in value.integer.value[] array.

When a validation fails, the ALSA core logs an error message including
the device and the control ID, and the API call also returns an
error.  So, with the new validation turned on, the driver behavior
difference may be visible on user-space, too -- it's intentional,
though, so that we can catch an error more clearly.

The patch also introduces a new ctl access type,
SNDRV_CTL_ELEM_ACCESS_SKIP_CHECK.  A driver may pass this flag with
other access bits to indicate that the ctl element won't be verified.
It's useful when a driver code is specially written to access the data
greater than info->count size by some reason.  For example, this flag
is actually set now in HD-audio HDMI codec driver which needs to clear
the data array in the case of the disconnected monitor.

Also, the PCM channel-map helper code is slightly modified to avoid
the false-positive hit by this validation code, too.

Link: https://lore.kernel.org/r/20200104083556.27789-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2020-01-04 09:37:59 +01:00
..
oss ALSA: mixer: oss: Constify snd_mixer_oss_assign_table definition 2020-01-03 09:24:22 +01:00
seq ALSA: seq: Constify struct snd_midi_op 2020-01-03 09:24:19 +01:00
compress_offload.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
control_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
control.c ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
ctljack.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
device.c ALSA: core: Treat snd_device_ops as const 2020-01-03 09:23:50 +01:00
hrtimer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
hwdep_compat.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
hwdep.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
info_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
info.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
init.c ALSA: pcm: Add card sync_irq field 2019-11-20 19:39:54 +01:00
isadma.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
jack.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
Kconfig ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
memalloc.c ALSA: memalloc: Add vmalloc buffer allocation support 2019-11-06 15:43:33 +01:00
memory.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pcm_compat.c ALSA: add new 32-bit layout for snd_pcm_mmap_status/control 2019-12-13 11:25:58 +01:00
pcm_dmaengine.c ASoC: pcm_dmaengine: Extract snd_dmaengine_pcm_refine_runtime_hwparams 2019-10-01 12:18:25 +01:00
pcm_drm_eld.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_iec958.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
pcm_lib.c ALSA: control: Add verification for kctl accesses 2020-01-04 09:37:59 +01:00
pcm_local.h ALSA: pcm: Move PCM_RUNTIME_CHECK() macro into local header 2019-11-20 19:39:54 +01:00
pcm_memory.c ALSA: pcm: Move PCM_RUNTIME_CHECK() macro into local header 2019-11-20 19:39:54 +01:00
pcm_misc.c ALSA: pcm: add SNDRV_PCM_FORMAT_{S,U}20 2017-11-29 09:26:33 +01:00
pcm_native.c Merge branch 'for-linus' into for-next 2019-12-18 20:07:43 +01:00
pcm_param_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm_timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
pcm_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
rawmidi_compat.c ALSA: Avoid using timespec for struct snd_rawmidi_status 2019-12-11 22:06:16 +01:00
rawmidi.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
seq_device.c ALSA: core: Constify snd_device_ops definitions 2020-01-03 09:23:51 +01:00
sgbuf.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sound_oss.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
sound.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
timer_compat.c ALSA: Avoid using timespec for struct snd_timer_tread 2019-12-13 11:25:57 +01:00
timer.c ALSA: timer: Constify snd_timer_hardware definitions 2020-01-03 09:24:07 +01:00
vmaster.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 372 2019-06-05 17:37:10 +02:00