On 09/13/2017 10:54 PM, Takashi Sakamoto wrote:
Hi,
As the subject notes, please revert the commit including the below lines.
On Aug 24 2017 19:49, Mark Brown wrote:
+static int rt5514_hotword_model_put(struct snd_kcontrol *kcontrol,
+ const unsigned int __user *bytes, unsigned int size)
+{
+ struct snd_soc_component *component = snd_kcontrol_chip(kcontrol);
+ struct rt5514_priv *rt5514 =
snd_soc_component_get_drvdata(component);
+ struct snd_soc_codec *codec = rt5514->codec;
+ int ret = 0;
+
+ if (rt5514->model_buf || rt5514->model_len < size) {
+ if (rt5514->model_buf)
+ devm_kfree(codec->dev, rt5514->model_buf);
+ rt5514->model_buf = devm_kmalloc(codec->dev, size, GFP_KERNEL);
+ if (!rt5514->model_buf) {
+ ret = -ENOMEM;
+ goto done;
+ }
+ }
+
+ /* Skips the TLV header. */
+ bytes += 2;
+
+ if (copy_from_user(rt5514->model_buf, bytes, size))
+ ret = -EFAULT;
+done:
+ rt5514->model_len = (ret ? 0 : size);
+ return ret;
+}
+
static const struct snd_kcontrol_new rt5514_snd_controls[] = {
SOC_DOUBLE_TLV("MIC Boost Volume", RT5514_ANA_CTRL_MICBST,
RT5514_SEL_BSTL_SFT, RT5514_SEL_BSTR_SFT, 8, 0, bst_tlv),
@@ -363,6 +413,8 @@ static const struct snd_kcontrol_new
rt5514_snd_controls[] = {
adc_vol_tlv),
SOC_SINGLE_EXT("DSP Voice Wake Up", SND_SOC_NOPM, 0, 1, 0,
rt5514_dsp_voice_wake_up_get, rt5514_dsp_voice_wake_up_put),
+ SND_SOC_BYTES_TLV("Hotword Model", 0x8504,
+ NULL, rt5514_hotword_model_put),
};
Current implementation of 'SND_SOC_BYTES_TLV' in ALSA SoC part includes
an abuse of TLV feature of ALSA control interface. Developers are
discouraged to use it for newer code to prevent developers for userspace
applications from confusion or to prevent userspace applications from
disorder, unless ASoC developers fix the abuse.
Apparently, this patch includes a bug about the size of buffer in user
space.
Again, please don't use 'SND_SOC_BYTES_TLV' when you have enough care of
userspace applications. Here, I describe the reason.
Sakamoto-san,
You provided tons of details, but after reading your long email several
times I am still wondering
- what exactly is broken? what design principles are you arguing against?
- what abuse are we talking about? is there a security risk? a loss of
functionality? The existing solution has been used in products without
applications feeling 'confused', being subject to 'disorder' or any sort
of 'userspace breakage' shared on this email list. Can you point to one
or more real-world cases where things are actually problematic?
- you also seem to hint that Intel folks did not take feedback into
account and did not 'care', it's quite the contrary - this topic of
support for 512+ opaque bytes for DSP-based algorithms was addressed at
length at the audio miniconf in 2013 as well as on the mailing list and
agreed on with maintainers. While there were concerns that maybe another
interface might have been better, possibly hwdep or something new, there
was the opposite concern on using standard tools and existing interfaces
people are familiar with. So what is the disagreement now, almost 4
years later?
- what solution are you recommending? we can't just discourage people
from using a solution without making an alternate proposal. There is a
need to send raw binary data spanning more than 512 bytes for a number
of DSP-based algorithms, it's not going away anytime soon, and the
format is not going to be made public for obvious confidentiality reasons.
Thanks for clarifying your concerns. I have no emotional attachment to
any of this, but if we start reverting stuff and 'not recommending'
things then we ought to have an agreement on the problem statement and
on the next steps.
-Pierre
## Design of the TLV feature of ALSA control interface
At first, I describe common design of the TLV feature of ALSA control
interface. Next, I address to an issue about application of the feature
to ALSA SoC framework (ASoC).
The most of ALSA interface was defined around 2000, while TLV feature of
ALSA control interface was introduced in 2006, enough later.
In 2015-2017, in ALSA upstream, I've documented this feature[1].
Essentially,
this feature is designed to transfer arbitrary data between drivers and
applications as a shape of Type/Length/Value.
A packet of this data is described as 'struct snd_ctl_tlv'[3].
```
struct snd_ctl_tlv {
unsigned int numid; /* control element numeric identification */
unsigned int length; /* in bytes aligned to 4 */
unsigned int tlv[0]; /* first TLV */
};
```
When userspace applications execute ioctl(2) with some of TLV
commands[3] and
a buffer, the buffer is filled with the structured data.
```
struct snd_ctl_tlv *packet;
unsigned int *payload;
int fd;
fd = open("/dev/snd/controlC0", O_RDONLY);
packet = malloc(sizeof(struct snd_ctl_tlv) + 512);
packet->numid = 0; /* Here, I select the first element. */
packet->length = 512; /* The length of payload. */
ioctl(fd, SNDRV_CTL_IOCTL_TLV_COMMAND, &container);
payload = packet->tlv;
/* payload has the structured data. */
```
Shape of the payload is expected to be with header and content for each
type. A series of the basic type is described as 'SNDRV_CTL_TLVT_XXX' in
UAPI header[4]. You can see a sample program for it as an application of
user-defined control element sets in alsa-lib[5].
[1] ALSA project - the C library reference: Control interface
http://www.alsa-project.org/alsa-doc/alsa-lib/control.html
[2] struct snd_ctl_tlv
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/tree/include/uapi/sound/asound.h#n948
[3] SNDRV_CTL_IOCTL_TLV_READ and SNDRV_CTL_IOCTL_TLV_COMMAND
[4] include/uapi/sound/tlv.h
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/tree/include/uapi/sound/tlv.h
[5] user-ctl-element-set.c
http://git.alsa-project.org/?p=alsa-lib.git;a=blob;f=test/user-ctl-element-set.c
## Driver inteface for TLV feature of ALSA control interface
In kernel land, each driver can add control element sets with some
control elements. The driver can register own data or operation to the
control element set for the TLV feature[1].
```
typedef int (snd_kcontrol_tlv_rw_t)(struct snd_kcontrol *kcontrol,
int op_flag, /* SNDRV_CTL_TLV_OP_XXX */
unsigned int size,
unsigned int __user *tlv);
struct snd_kcontrol {
...
union {
snd_kcontrol_tlv_rw_t *c;
const unsigned int *p;
} tlv;
...
};
```
When using 'struct snd_kcontrol.tlv.p', the driver just support read
operation. For example, 'sound/soc/codecs/stac9766.c' has such codes.
When using another, the driver can support read, write and command
operation. For example, control elements for PCM channel map in
'sound/core/pcm_lib.c' is implemented by this way.
In both ways, drivers should be implemented with enough care about
format of the payload not to confuse userspace applications. The
format of payload is described in UAPI header for TLV feature[2].
```
/*
* TLV structure is right behind the struct snd_ctl_tlv:
* unsigned int type - see SNDRV_CTL_TLVT_*
* unsigned int length
* .... data aligned to sizeof(unsigned int), use
* block_length = (length + (sizeof(unsigned int) - 1)) &
* ~(sizeof(unsigned int) - 1)) ....
*/
```
The first 32bit field has one of SNDRV_CTL_TLVT_xxx macro, and the
second 32bit field has length of included data in byte unit. The rest
is for the data.
For example, payload with 'SNDRV_CTL_TLVT_DB_MINMAX' should have below
content:
```
[0] 4 (= SNDRV_CTL_TLVT_DB_MINMAX)
[1] 2 (= ARRAY_SIZE(unsigned int[2]))
[2] min dB
[3] max dB
```
Content of the payload can have nested data field with
'SNDRV_CTL_TLVT_CONTAINER'. For example:
```
[0] 0 (= SNDRV_CTL_TLVT_CONTAINER)
[1] 8 (= length of data)
[2] 1 (= SNDRV_CTL_TLVT_DB_SCALE)
[3] 2 (= ARRAY_SIZE(unsigned int[2]))
[4] min
[5] step | mute
[6] 1 (= SNDRV_CTL_TLVT_DB_LINEAR)
[7] 2 (= ARRAY_SIZE(unsigned int [2]))
[8] min dB
[9] max dB
```
In any basic type, the first two members of payload represents the
type of data and the
length of data. This is an important point for the issue.
[1] include/sound/control.c
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/tree/include/sound/control.h
[2] include/uapi/sound/tlv.h
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/tree/include/uapi/sound/tlv.h
## Abuse of TLV feature of ALSA control interface in ALSA SoC part
As I described, control element set should have two members in the
beginning of payload of data for TLV feature; type and length.
Additionally, when new type is added into ALSA stuffs, it's better
to add it in UAPI header for applications[1]. Current implementation
of 'bytes_ext' via TLV operation is completely against this
basic principle.
Here, I review history of the 'bytes_ext'.
May 2014, Intel developer introduced the 'bytes_ext' into ASoC to
transfer data with arbitrary length from userspace to hardware.
```
(include/sound/soc.h)
struct soc_bytes_ext {
int max;
struct snd_soc_dobj dobj;
/* used for TLV byte control */
int (*get)(struct snd_kcontrol *kcontrol, unsigned int __user *bytes,
unsigned int size);
int (*put)(struct snd_kcontrol *kcontrol, const unsigned int
__user *bytes,
unsigned int size);
};
```
The 'bytes_ext' is implemented with SNDRV_CTL_IOCTL_ELEM_WRITE
command and 'struct snd_ctl_elem_value'. However, there's a
limitation of maximum length of data for the transmission due to
design of the 'struct snd_ctl_elem_value'.
```
(include/uapi/sound/asound.h)
struct snd_ctl_elem_value {
...
union {
...
union {
unsigned char data[512];
...
} bytes;
...
} value;
...
};
```
Nov 2013, Intel developers introduced their next idea to purge
the limitation[3]. In this state, their idea focuses on extension of
control element structure ('struct snd_ctl_elem'). They were
discouraged with an advice to use ALSA HwDep interface for this
purpose. But their intension is to utilize alsactl application
to load/store status of control element automatically and they had
less care of the advice.
Jul 2014, Intel developers post next idea to use 'bytes_ext' via TLV
feature with a focus on the nature; userspace application and drivers
communicate with an arbitrary length of data via TLV feature[4].
This idea is applied to ASoC repository without enough
discussions about userspace breakage.
[1] include/uapi/sound/tlv.h
https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/tree/include/uapi/sound/tlv.h
[2] [PATCH] ASoC: add SND_SOC_BYTES_EXT
http://mailman.alsa-project.org/pipermail/alsa-devel/2014-May/076155.html
[3] [RFC] ALSA: add new alsa control byte extended
http://mailman.alsa-project.org/pipermail/alsa-devel/2013-November/069483.html
[4] [RFC v2] ASoC: core: add a helper for extended byte
controls using TLV
http://mailman.alsa-project.org/pipermail/alsa-devel/2014-July/078962.html
Regards
Takashi Sakamoto
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel