New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pcm: ioplug: Limit transfer size to buffer boundary #103
pcm: ioplug: Limit transfer size to buffer boundary #103
Conversation
1d7a371
to
fb911b4
Compare
updated patch to cover cases with avail being exact multiple of buffer_size. |
fb911b4
to
2036b86
Compare
Commit 1714332 introduced 2nd transfer() call to transfer all remaining available frames. Unfortunately this valuable fix introduced two regressions: a) If the prior calculated avail value exceeds the buffer size a too large size value is passed to the underlaying plugin and results in memory corruption if not blocked by attached plugin internally. Avail values > buffer size can happen if e.g. xrun detection is disabled, as avail is calculated by pure difference between hw and app position. This patch limits 2nd transfer call to fit into area. b) the 2nd transfer callback is executed with adapted offset+size but without updating pcm->appl_ptr. An underlaying plugin may rely on consistent pointer positions. To maintain consistency the appl_ptr is temporarily forwarded during the 2nd transfer call and rewinded afterwards. Signed-off-by: Andreas Pape <apape@de.adit-jv.com>
2036b86
to
8cf12b4
Compare
Dear @perexg, can you give indication on PR acceptance? |
It seems that the commit "pcm: ioplug: Transfer all available data" introduced new regressions (wrong memory access). The avail_update in ioplug does not move appl_ptr nor hw_ptr, so it's possible that the transfers may be repetitive. This patch moves the transfer calls to mmap_begin callback where it should be. Fixes: 1714332 ("pcm: ioplug: Transfer all available data") BugLink: alsa-project#103 Signed-off-by: Jaroslav Kysela <perex@perex.cz>
It seems that the commit "pcm: ioplug: Transfer all available data" introduced new regressions (wrong memory access). The second issue is that the avail_update in ioplug does not move appl_ptr nor hw_ptr, so it's possible that the transfers may be repetitive. This patch moves the transfer calls to mmap_begin callback where it should be. The pointer wraps are handled by design now. Fixes: 1714332 ("pcm: ioplug: Transfer all available data") BugLink: alsa-project#103 Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Looking to the code, it does not make sense to copy the capture data in snd_pcm_ioplug_avail_update(). It should be copied in mmap_begin callback. Or we should do the dual-buffering like in pcm_plugin.c (it means separate the external plugin hw_ptr and appl_ptr). I created #115 with my version. Could you test? @tiwai - FYI ! |
Promising approach... |
Tested your #115 -proposal: |
Thank you for the feedback. Closing and merging #115 . |
It seems that the commit "pcm: ioplug: Transfer all available data" introduced new regressions (wrong memory access). The second issue is that the avail_update in ioplug does not move appl_ptr nor hw_ptr, so it's possible that the transfers may be repetitive. This patch moves the transfer calls to mmap_begin callback where it should be. The pointer wraps are handled by design now. Fixes: 1714332 ("pcm: ioplug: Transfer all available data") BugLink: #103 Tested-by: Andreas Pape <apape@de.adit-jv.com> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
It seems that the commit "pcm: ioplug: Transfer all available data" introduced new regressions (wrong memory access). The second issue is that the avail_update in ioplug does not move appl_ptr nor hw_ptr, so it's possible that the transfers may be repetitive. This patch moves the transfer calls to mmap_begin callback where it should be. The pointer wraps are handled by design now. Fixes: 1714332 ("pcm: ioplug: Transfer all available data") BugLink: alsa-project#103 Tested-by: Andreas Pape <apape@de.adit-jv.com> Signed-off-by: Jaroslav Kysela <perex@perex.cz>
Commit 1714332 introduced 2nd transfer()
call to transfer all remaining available frames.
If the prior calculated avail value exceeds the buffer size a too large size value
is passed to the underlaying plugin and results in memory corruption if not blocked by plugin internally.
Avail values > buffer size can happen if e.g. xrun detection is disabled,
as avail is calculated by pure difference between hw and app position.
This patch limits 2nd transfer call to remaining rest of a buffer size.
Signed-off-by: Andreas Pape apape@de.adit-jv.com