releases/5.10.85/alsa-ctl-fix-copy-of-updated-id-with-element-read-write.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From b6409dd6bdc03aa178bbff0d80db2a30d29b63ac Mon Sep 17 00:00:00 2001
 From: Alan Young <consult.awy@gmail.com>
 Date: Thu, 2 Dec 2021 15:06:07 +0000
 Subject: ALSA: ctl: Fix copy of updated id with element read/write

 From: Alan Young <consult.awy@gmail.com>

 commit b6409dd6bdc03aa178bbff0d80db2a30d29b63ac upstream.

 When control_compat.c:copy_ctl_value_to_user() is used, by
 ctl_elem_read_user() & ctl_elem_write_user(), it must also copy back the
 snd_ctl_elem_id value that may have been updated (filled in) by the call
 to snd_ctl_elem_read/snd_ctl_elem_write().

 This matches the functionality provided by snd_ctl_elem_read_user() and
 snd_ctl_elem_write_user(), via snd_ctl_build_ioff().

 Without this, and without making additional calls to snd_ctl_info()
 which are unnecessary when using the non-compat calls, a userspace
 application will not know the numid value for the element and
 consequently will not be able to use the poll/read interface on the
 control file to determine which elements have updates.

 Signed-off-by: Alan Young <consult.awy@gmail.com>
 Cc: <stable@vger.kernel.org>
 Link: https://lore.kernel.org/r/20211202150607.543389-1-consult.awy@gmail.com
 Signed-off-by: Takashi Iwai <tiwai@suse.de>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  sound/core/control_compat.c |    3 +++
  1 file changed, 3 insertions(+)

 --- a/sound/core/control_compat.c
 +++ b/sound/core/control_compat.c
 @@ -264,6 +264,7 @@ static int copy_ctl_value_to_user(void _
  				  struct snd_ctl_elem_value *data,
  				  int type, int count)
  {
 +	struct snd_ctl_elem_value32 __user *data32 = userdata;
  	int i, size;

  	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN ||
 @@ -280,6 +281,8 @@ static int copy_ctl_value_to_user(void _
  		if (copy_to_user(valuep, data->value.bytes.data, size))
  			return -EFAULT;
  	}
 +	if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
 +		return -EFAULT;
  	return 0;
  }
	From b6409dd6bdc03aa178bbff0d80db2a30d29b63ac Mon Sep 17 00:00:00 2001
	From: Alan Young <consult.awy@gmail.com>
	Date: Thu, 2 Dec 2021 15:06:07 +0000
	Subject: ALSA: ctl: Fix copy of updated id with element read/write

	From: Alan Young <consult.awy@gmail.com>

	commit b6409dd6bdc03aa178bbff0d80db2a30d29b63ac upstream.

	When control_compat.c:copy_ctl_value_to_user() is used, by
	ctl_elem_read_user() & ctl_elem_write_user(), it must also copy back the
	snd_ctl_elem_id value that may have been updated (filled in) by the call
	to snd_ctl_elem_read/snd_ctl_elem_write().

	This matches the functionality provided by snd_ctl_elem_read_user() and
	snd_ctl_elem_write_user(), via snd_ctl_build_ioff().

	Without this, and without making additional calls to snd_ctl_info()
	which are unnecessary when using the non-compat calls, a userspace
	application will not know the numid value for the element and
	consequently will not be able to use the poll/read interface on the
	control file to determine which elements have updates.

	Signed-off-by: Alan Young <consult.awy@gmail.com>
	Cc: <stable@vger.kernel.org>
	Link: https://lore.kernel.org/r/20211202150607.543389-1-consult.awy@gmail.com
	Signed-off-by: Takashi Iwai <tiwai@suse.de>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	sound/core/control_compat.c \| 3 +++
	1 file changed, 3 insertions(+)

	--- a/sound/core/control_compat.c
	+++ b/sound/core/control_compat.c
	@@ -264,6 +264,7 @@ static int copy_ctl_value_to_user(void _
	struct snd_ctl_elem_value *data,
	int type, int count)
	{
	+ struct snd_ctl_elem_value32 __user *data32 = userdata;
	int i, size;

	if (type == SNDRV_CTL_ELEM_TYPE_BOOLEAN \|\|
	@@ -280,6 +281,8 @@ static int copy_ctl_value_to_user(void _
	if (copy_to_user(valuep, data->value.bytes.data, size))
	return -EFAULT;
	}
	+ if (copy_to_user(&data32->id, &data->id, sizeof(data32->id)))
	+ return -EFAULT;
	return 0;
	}