CVS commit: src/sys/dev/audio

Sat, 06 Jul 2019 23:07:34 -0700 

Module Name:    src
Committed By:   isaki
Date:           Sun Jul  7 06:06:46 UTC 2019

Modified Files:
        src/sys/dev/audio: audio.c

Log Message:
Fix to evaluate the validity of this track at earlier on audio_read().
It fixes a panic on read() against descriptor opened as O_RDWR on the
half duplex device.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/dev/audio/audio.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/audio/audio.c
diff -u src/sys/dev/audio/audio.c:1.23 src/sys/dev/audio/audio.c:1.24
--- src/sys/dev/audio/audio.c:1.23	Sat Jul  6 12:58:58 2019
+++ src/sys/dev/audio/audio.c	Sun Jul  7 06:06:46 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: audio.c,v 1.23 2019/07/06 12:58:58 isaki Exp $	*/
+/*	$NetBSD: audio.c,v 1.24 2019/07/07 06:06:46 isaki Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -142,7 +142,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.23 2019/07/06 12:58:58 isaki Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.24 2019/07/07 06:06:46 isaki Exp $");
 
 #ifdef _KERNEL_OPT
 #include "audio.h"
@@ -2213,9 +2213,15 @@ audio_read(struct audio_softc *sc, struc
 	audio_ring_t *input;
 	int error;
 
+	/*
+	 * On half-duplex hardware, O_RDWR is treated as O_WRONLY.
+	 * However read() system call itself can be called because it's
+	 * opened with O_RDWR.  So in this case, deny this read().
+	 */
 	track = file->rtrack;
-	KASSERT(track);
-	TRACET(2, track, "resid=%zd", uio->uio_resid);
+	if (track == NULL) {
+		return EBADF;
+	}
 
 	KASSERT(!mutex_owned(sc->sc_lock));
 
@@ -2223,6 +2229,8 @@ audio_read(struct audio_softc *sc, struc
 	if (track->mmapped)
 		return EPERM;
 
+	TRACET(2, track, "resid=%zd", uio->uio_resid);
+
 #ifdef AUDIO_PM_IDLE
 	mutex_enter(sc->sc_lock);
 	if (device_is_active(&sc->sc_dev) || sc->sc_idle)
@@ -2230,15 +2238,6 @@ audio_read(struct audio_softc *sc, struc
 	mutex_exit(sc->sc_lock);
 #endif
 
-	/*
-	 * On half-duplex hardware, O_RDWR is treated as O_WRONLY.
-	 * However read() system call itself can be called because it's
-	 * opened with O_RDWR.  So in this case, deny this read().
-	 */
-	if ((file->mode & AUMODE_RECORD) == 0) {
-		return EBADF;
-	}
-
 	usrbuf = &track->usrbuf;
 	input = track->input;

Reply via email to