Skip to content

Commit 65766ee

Browse files
tiwaitiwai
committed
ALSA: oss: Use kvzalloc() for local buffer allocations
PCM OSS layer may allocate a few temporary buffers, one for the core read/write and another for the conversions via plugins. Currently both are allocated via vmalloc(). But as the allocation size is equivalent with the PCM period size, the required size might be quite small, depending on the application. This patch replaces these vmalloc() calls with kvzalloc() for covering small period sizes better. Also, we use "z"-alloc variant here for addressing the possible uninitialized access reported by syzkaller. Reported-by: syzbot+1cb36954e127c98dd037@syzkaller.appspotmail.com Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
1 parent 5e93a12 commit 65766ee

File tree

2 files changed

+6
-6
lines changed

2 files changed

+6
-6
lines changed

sound/core/oss/pcm_oss.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1062,8 +1062,8 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream)
10621062
runtime->oss.channels = params_channels(params);
10631063
runtime->oss.rate = params_rate(params);
10641064

1065-
vfree(runtime->oss.buffer);
1066-
runtime->oss.buffer = vmalloc(runtime->oss.period_bytes);
1065+
kvfree(runtime->oss.buffer);
1066+
runtime->oss.buffer = kvzalloc(runtime->oss.period_bytes, GFP_KERNEL);
10671067
if (!runtime->oss.buffer) {
10681068
err = -ENOMEM;
10691069
goto failure;
@@ -2328,7 +2328,7 @@ static void snd_pcm_oss_release_substream(struct snd_pcm_substream *substream)
23282328
{
23292329
struct snd_pcm_runtime *runtime;
23302330
runtime = substream->runtime;
2331-
vfree(runtime->oss.buffer);
2331+
kvfree(runtime->oss.buffer);
23322332
runtime->oss.buffer = NULL;
23332333
#ifdef CONFIG_SND_PCM_OSS_PLUGINS
23342334
snd_pcm_oss_plugin_clear(substream);

sound/core/oss/pcm_plugin.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -66,8 +66,8 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t
6666
return -ENXIO;
6767
size /= 8;
6868
if (plugin->buf_frames < frames) {
69-
vfree(plugin->buf);
70-
plugin->buf = vmalloc(size);
69+
kvfree(plugin->buf);
70+
plugin->buf = kvzalloc(size, GFP_KERNEL);
7171
plugin->buf_frames = frames;
7272
}
7373
if (!plugin->buf) {
@@ -191,7 +191,7 @@ int snd_pcm_plugin_free(struct snd_pcm_plugin *plugin)
191191
if (plugin->private_free)
192192
plugin->private_free(plugin);
193193
kfree(plugin->buf_channels);
194-
vfree(plugin->buf);
194+
kvfree(plugin->buf);
195195
kfree(plugin);
196196
return 0;
197197
}

0 commit comments

Comments
 (0)