diff mbox series

ALSA: pcm: use new array-copying-wrapper

Message ID 20250127160655.3119470-1-cy1yang@outlook.com (mailing list archive)
State New
Headers show
Series ALSA: pcm: use new array-copying-wrapper | expand

Commit Message

Chenyuan Yang Jan. 27, 2025, 4:06 p.m. UTC 
From: Chenyuan Yang <chenyuan0y@gmail.com>

This is found by our static analysis tool.

pcm_native.c utilizes memdup_user() to copy an array from userspace.

There is a new wrapper, specifically designed for copying arrays. Use
this one instead.

This is similar to the 
commit 3e91a38de1dc ("fbdev: viafb: use new array-copying-wrapper").

Fixes: 67616feda99e ("ALSA: pcm: Unify ioctl functions for playback and capture streams")
Signed-off-by: Chenyuan Yang <chenyuan0y@gmail.com>
---
 sound/core/pcm_native.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Takashi Iwai Jan. 28, 2025, 7:49 a.m. UTC | #1 
On Mon, 27 Jan 2025 17:06:55 +0100,
yangchenyuan wrote:
> 
> From: Chenyuan Yang <chenyuan0y@gmail.com>
> 
> This is found by our static analysis tool.
> 
> pcm_native.c utilizes memdup_user() to copy an array from userspace.
> 
> There is a new wrapper, specifically designed for copying arrays. Use
> this one instead.
> 
> This is similar to the 
> commit 3e91a38de1dc ("fbdev: viafb: use new array-copying-wrapper").
> 
> Fixes: 67616feda99e ("ALSA: pcm: Unify ioctl functions for playback and capture streams")

This use of Fixes tag is misleading: the original code is correct, per
se, and the original commit was 4.14, where it had no no
memdup_array_user() available (introduced since 6.7).

So I applied with the drop of Fixes tag.


thanks,

Takashi
Chenyuan Yang Jan. 28, 2025, 4:06 p.m. UTC | #2 
Hi Takashi,

It looks great to me! Thanks so much for your help!

Best,
Chenyuan

On Tue, Jan 28, 2025 at 1:49 AM Takashi Iwai <tiwai@suse.de> wrote:
>
> On Mon, 27 Jan 2025 17:06:55 +0100,
> yangchenyuan wrote:
> >
> > From: Chenyuan Yang <chenyuan0y@gmail.com>
> >
> > This is found by our static analysis tool.
> >
> > pcm_native.c utilizes memdup_user() to copy an array from userspace.
> >
> > There is a new wrapper, specifically designed for copying arrays. Use
> > this one instead.
> >
> > This is similar to the
> > commit 3e91a38de1dc ("fbdev: viafb: use new array-copying-wrapper").
> >
> > Fixes: 67616feda99e ("ALSA: pcm: Unify ioctl functions for playback and capture streams")
>
> This use of Fixes tag is misleading: the original code is correct, per
> se, and the original commit was 4.14, where it had no no
> memdup_array_user() available (introduced since 6.7).
>
> So I applied with the drop of Fixes tag.
>
>
> thanks,
>
> Takashi
diff mbox series

Patch

diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
index 8a3384342e8d..6c2b6a62d9d2 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -3245,7 +3245,7 @@  static int snd_pcm_xfern_frames_ioctl(struct snd_pcm_substream *substream,
 	if (copy_from_user(&xfern, _xfern, sizeof(xfern)))
 		return -EFAULT;
 
-	bufs = memdup_user(xfern.bufs, sizeof(void *) * runtime->channels);
+	bufs = memdup_array_user(xfern.bufs, runtime->channels, sizeof(void *));
 	if (IS_ERR(bufs))
 		return PTR_ERR(bufs);
 	if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK)