In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp --- sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time);
for (i = 0; i < packets; ++i) { - DEFINE_FLEX(struct fw_iso_packet, template, header, - header_length, CIP_HEADER_QUADLETS); + DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS); bool sched_irq = false;
build_it_pkt_header(s, desc->cycle, template, pkt_header_length,
On Thu, 25 Jul 2024 17:56:40 +0200, Takashi Sakamoto wrote:
In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
Thanks, applied now.
Takashi
On 25/07/24 09:56, Takashi Sakamoto wrote:
In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
This change is incomplete. The patch I mention here[1] should also be applied.
BTW, there is one more line that should probably be changed in `struct fw_iso_packet` to avoid further confusions:
- u16 payload_length; /* Length of indirect payload */ + u16 payload_length; /* Size of indirect payload */
Thanks -- Gustavo
[1] https://lore.kernel.org/linux-sound/dabb394e-6c85-45a0-bc06-7a45262a9a8c@emb...
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time); for (i = 0; i < packets; ++i) {
DEFINE_FLEX(struct fw_iso_packet, template, header,
header_length, CIP_HEADER_QUADLETS);
bool sched_irq = false;DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS);
build_it_pkt_header(s, desc->cycle, template, pkt_header_length,
On Thu, 25 Jul 2024 18:08:21 +0200, Gustavo A. R. Silva wrote:
On 25/07/24 09:56, Takashi Sakamoto wrote:
In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
This change is incomplete. The patch I mention here[1] should also be applied.
Yes, but this can be fixed by another patch, right? At least the regression introduced by the given commit can be fixed by that. The other fix can go through Sakamoto-san's firewire tree individually.
thanks,
Takashi
BTW, there is one more line that should probably be changed in `struct fw_iso_packet` to avoid further confusions:
u16 payload_length; /* Length of indirect payload */
u16 payload_length; /* Size of indirect payload */
Thanks
Gustavo
[1] https://lore.kernel.org/linux-sound/dabb394e-6c85-45a0-bc06-7a45262a9a8c@emb...
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time); for (i = 0; i < packets; ++i) {
DEFINE_FLEX(struct fw_iso_packet, template, header,
header_length, CIP_HEADER_QUADLETS);
bool sched_irq = false; build_it_pkt_header(s, desc->cycle, template,DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS);
pkt_header_length,
On 25/07/24 10:11, Takashi Iwai wrote:
On Thu, 25 Jul 2024 18:08:21 +0200, Gustavo A. R. Silva wrote:
On 25/07/24 09:56, Takashi Sakamoto wrote:
In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
This change is incomplete. The patch I mention here[1] should also be applied.
Yes, but this can be fixed by another patch, right?
Yes, but why have two separate patches when the root cause can be addressed by a single one, which will prevent other potential issues from occurring?
The main issue in this case is the __counted_by() annotation. The DEFINE_FLEX() bug was a consequence.
-- Gustavo
At least the regression introduced by the given commit can be fixed by that. The other fix can go through Sakamoto-san's firewire tree individually.
thanks,
Takashi
BTW, there is one more line that should probably be changed in `struct fw_iso_packet` to avoid further confusions:
u16 payload_length; /* Length of indirect payload */
u16 payload_length; /* Size of indirect payload */
Thanks
Gustavo
[1] https://lore.kernel.org/linux-sound/dabb394e-6c85-45a0-bc06-7a45262a9a8c@emb...
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time); for (i = 0; i < packets; ++i) {
DEFINE_FLEX(struct fw_iso_packet, template, header,
header_length, CIP_HEADER_QUADLETS);
DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS); bool sched_irq = false; build_it_pkt_header(s, desc->cycle, template,
pkt_header_length,
Hi,
On Thu, Jul 25, 2024 at 10:16:36AM -0600, Gustavo A. R. Silva wrote:
Yes, but why have two separate patches when the root cause can be addressed by a single one, which will prevent other potential issues from occurring?
The main issue in this case is the __counted_by() annotation. The DEFINE_FLEX() bug was a consequence.
Just now I sent a patch to revert the issued commit[1].
I guess that we need the association between the two fixes. For example, we can append more 'Fixes' tag to the patch in sound subsystem into the patch in firewire subsystem (or vice versa).
... But it is midnight in JST, let me go to bed...
[1] https://lore.kernel.org/lkml/20240725161648.130404-1-o-takashi@sakamocchi.jp...
Thanks
Takashi Sakamoto
On Thu, 25 Jul 2024 18:25:37 +0200, Takashi Sakamoto wrote:
Hi,
On Thu, Jul 25, 2024 at 10:16:36AM -0600, Gustavo A. R. Silva wrote:
Yes, but why have two separate patches when the root cause can be addressed by a single one, which will prevent other potential issues from occurring?
The main issue in this case is the __counted_by() annotation. The DEFINE_FLEX() bug was a consequence.
Just now I sent a patch to revert the issued commit[1].
I guess that we need the association between the two fixes. For example, we can append more 'Fixes' tag to the patch in sound subsystem into the patch in firewire subsystem (or vice versa).
OK, then I drop your patch for the sound stuff, and you can take it through firewire tree.
Feel free to take my ack: Reviewed-by: Takashi Iwai tiwai@suse.de
thanks,
Takashi
Hi,
On Thu, Jul 25, 2024 at 07:52:32PM +0200, Takashi Iwai wrote:
On Thu, 25 Jul 2024 18:25:37 +0200, Takashi Sakamoto wrote:
Hi,
On Thu, Jul 25, 2024 at 10:16:36AM -0600, Gustavo A. R. Silva wrote:
Yes, but why have two separate patches when the root cause can be addressed by a single one, which will prevent other potential issues from occurring?
The main issue in this case is the __counted_by() annotation. The DEFINE_FLEX() bug was a consequence.
Just now I sent a patch to revert the issued commit[1].
I guess that we need the association between the two fixes. For example, we can append more 'Fixes' tag to the patch in sound subsystem into the patch in firewire subsystem (or vice versa).
OK, then I drop your patch for the sound stuff, and you can take it through firewire tree.
Feel free to take my ack: Reviewed-by: Takashi Iwai tiwai@suse.de
Okay. I'll send them to mainline as fixes for v6.11-rc1.
thanks,
Takashi
Thanks
Takashi Sakamoto
On 25/07/24 09:56, Takashi Sakamoto wrote:
In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields.
With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802.
This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer.
Cc: stable@vger.kernel.org Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile edmund.raile@proton.me Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32il... Signed-off-by: Takashi Sakamoto o-takashi@sakamocchi.jp
sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time); for (i = 0; i < packets; ++i) {
DEFINE_FLEX(struct fw_iso_packet, template, header,
header_length, CIP_HEADER_QUADLETS);
bool sched_irq = false; build_it_pkt_header(s, desc->cycle, template, pkt_header_length,DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS);
Applied to for-linus branch in firewire subsystem tree[1], and would be sent to mainline today with another patch[2].
[1] https://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394.git/log/?... [2] https://lore.kernel.org/lkml/20240725161648.130404-1-o-takashi@sakamocchi.jp...
Regards
Takashi Sakamoto
linux-stable-mirror@lists.linaro.org