Re: [PATCH v1 0/3] ASoC: Add bounds checking for written values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 24. 01. 22 18:08, Takashi Iwai wrote:
On Mon, 24 Jan 2022 17:52:46 +0100,
Mark Brown wrote:

On Mon, Jan 24, 2022 at 05:29:50PM +0100, Jaroslav Kysela wrote:
On 24. 01. 22 16:32, Mark Brown wrote:

This series adds verification that values written to registers are in
bounds for controls since the core doesn't validate for us.

As discussed, those conditions should be optional to eventually catch the
wrong applications. I don't see any benefit to report the range error back
when there is value masking code already. The users will note when the
unwanted values are written to the hardware, or not?

In general I'd say that silent failures are harder to work with than
returning an error at the point where we notice that there's a problem,
assuming userspace is paying any attention to the error return at all of
course.  We certainly have quite a lot of existing put() methods that do
return errors and it's not like the application isn't invoking undefined
behaviour so I don't see a problem here.

I find also it's more useful to have the proper checks in general.

Jaroslav, is you concern only about the compatibility of user-space?
Or anything else?  The compatibility is always certainly a slight
issue; if this breaks really something useful and actually working
stuff, we need to consider the workaround...

My concern is only based on the fact that this code is normally not reachable. It only costs some CPU ticks and adds extra code to the drivers without any other benefit. The applications should not use out of range values and if they do, the behavior is not defined (the drivers should only avoid crashes).

The code seems to be added only to make things consistent for the test applications. I don't think that it's worth to care only for this reason. What is the goal for this code? The result with the proposed code will be - the SoC core has the extra validation conditions.

The user space can eventually add similar checks to detect the broken applications.

Basically, I think that those checks should be marked as debug and they should be optional like we do for CONFIG_SND_CTL_VALIDATION and enable only the fast path by default.

					Jaroslav

--
Jaroslav Kysela <perex@xxxxxxxx>
Linux Sound Maintainer; ALSA Project; Red Hat, Inc.



[Index of Archives]     [ALSA User]     [Linux Audio Users]     [Pulse Audio]     [Kernel Archive]     [Asterisk PBX]     [Photo Sharing]     [Linux Sound]     [Video 4 Linux]     [Gimp]     [Yosemite News]

  Powered by Linux