From patchwork Wed Jan 16 23:37:23 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?UTF-8?B?Wm9sdMOhbiBLxZF2w6Fnw7M=?=
 <dirty.ice.hu@gmail.com>
X-Patchwork-Id: 1026325
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=nongnu.org
	(client-ip=209.51.188.17; helo=lists.gnu.org;
	envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ELaqkhcv"; dkim-atps=neutral
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 43g4KJ3QG6z9sCX
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 Jan 2019 11:12:52 +1100 (AEDT)
Received: from localhost ([127.0.0.1]:39617 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1gjvIg-00060i-Cu
	for incoming@patchwork.ozlabs.org; Wed, 16 Jan 2019 19:12:50 -0500
Received: from eggs.gnu.org ([209.51.188.92]:58444)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dirty.ice.hu@gmail.com>) id 1gjulA-0004Sk-Vt
	for qemu-devel@nongnu.org; Wed, 16 Jan 2019 18:38:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dirty.ice.hu@gmail.com>) id 1gjul8-0003dU-NG
	for qemu-devel@nongnu.org; Wed, 16 Jan 2019 18:38:12 -0500
Received: from mail-wm1-x343.google.com ([2a00:1450:4864:20::343]:55756)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <dirty.ice.hu@gmail.com>)
	id 1gjul8-0003bb-Fw
	for qemu-devel@nongnu.org; Wed, 16 Jan 2019 18:38:10 -0500
Received: by mail-wm1-x343.google.com with SMTP id y139so3851887wmc.5
	for <qemu-devel@nongnu.org>; Wed, 16 Jan 2019 15:38:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=wEDj/G7ABwVSP60sak8/OqY1zNt0dE9Nkcw+RIT1qMY=;
	b=ELaqkhcvpylYIKRAZo1HRUhBzxymfQyb1hEdo0dc1cHh93zVsTyFL2NxwBRWrz3dK6
	EXU/77YRJuBBS7BYzWK/RxqhnmibYGYsk7c9rAtQnGV2i2FT3nQS0Ny0wBMnv45P2YLh
	1gRkDivfQ/OQgZmXesRR53rvCYk+Vx8H59pgPqaj89Clqi8aDeLQ/fRv7H9C9kqWLSlg
	Vdu5Ej47FC4+KptcOWc5chZtmi+JNqTLCBsTY6L/65x38BRLV/adWaGl/i9Yjwx/Sk/i
	IW18TwF16q3Ai297rHoqdMbW/b+bdU7iALkTVOpUdC8BmiP4PP3rOYDp5y5+I1i+I+NG
	jQfQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=wEDj/G7ABwVSP60sak8/OqY1zNt0dE9Nkcw+RIT1qMY=;
	b=EQ8Pv4ao5TzsHO6sbteTKlUHBKd5qJUcQzAxNlrr18dqFZMeqDgi6vTc0N+SdPAyTc
	nYXQGVntnWSRtGTpGpiGU/UP/jCXYngzvkLnDKejsxIH2u6Tp/UvLzt1wu8n3h7gSynV
	05kBrzsEb6cFovxvb4zeFHVm1WylNyXtFrUGbE2n4irXRqnAoaZL4Ti+urdEXzv2osMO
	B9JPQb8/0fqb8gkZuk0rYK8inpvG59EBhpSf9zj1cbO4vx3TkEv7TJfu8kpjaxACCw/B
	wHdYLGQhnksFH9g2sBgGG+kdBJK+gir0H1azi/a5kqQiRPSMTkZtHC8/7JJOA4P1TyKr
	u76g==
X-Gm-Message-State: AJcUukcukwJwpgVMzXvQIAR9jQubjmkn89cEdQqL38616yrGLlKY8+CM
	OYKwdxH3Df0bw7DnlkVH1lEj2171gxQ=
X-Google-Smtp-Source: 
 ALg8bN4HbPMpedZCopc+qGtQeDU/I44s3ooOQygNaEu4gcuHbV626uW1iVNZ6kl+ezq1S6yRKSfLoQ==
X-Received: by 2002:a1c:5dd1:: with SMTP id
	r200mr9728338wmb.93.1547681889252;
	Wed, 16 Jan 2019 15:38:09 -0800 (PST)
Received: from nullptr.home.dirty-ice.org
	(2a01-036c-0113-e4b0-0000-0000-0000-0005.pool6.digikabel.hu.
	[2a01:36c:113:e4b0::5]) by smtp.gmail.com with ESMTPSA id
	s66sm30760437wmf.34.2019.01.16.15.38.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 16 Jan 2019 15:38:08 -0800 (PST)
From: "=?UTF-8?q?K=C5=91v=C3=A1g=C3=B3=2C=20Zolt=C3=A1n?="
	<dirty.ice.hu@gmail.com>
X-Google-Original-From: =?utf-8?b?S8WRdsOhZ8OzLCBab2x0w6Fu?=
	<DirtY.iCE.hu@gmail.com>
To: qemu-devel@nongnu.org
Date: Thu, 17 Jan 2019 00:37:23 +0100
Message-Id: 
 <161ea7f0cc7aaf032116cf9f137898deafa59ffb.1547681517.git.DirtY.iCE.hu@gmail.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <cover.1547681517.git.DirtY.iCE.hu@gmail.com>
References: <cover.1547681517.git.DirtY.iCE.hu@gmail.com>
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2a00:1450:4864:20::343
Subject: [Qemu-devel] [PATCH v3 50/50] usbaudio: change playback counters to
	64 bit
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

With stereo playback, they need about 375 minutes of continuous audio
playback to overflow, which is usually not a problem (as stopping and
later resuming playback resets the counters).  But with 7.1 audio, they
only need about 95 minutes to overflow.

After the overflow, the buf->prod % USBAUDIO_PACKET_SIZE(channels)
assertion no longer holds true, which will result in overflowing the
buffer.  With 64 bit variables, it would take about 762000 years to
overflow.

Signed-off-by: Kővágó, Zoltán <DirtY.iCE.hu@gmail.com>
---
 hw/usb/dev-audio.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c
index f7406da5a4..82bc6eb88f 100644
--- a/hw/usb/dev-audio.c
+++ b/hw/usb/dev-audio.c
@@ -577,9 +577,9 @@ static const USBDesc desc_audio_multi = {
 
 struct streambuf {
     uint8_t *data;
-    uint32_t size;
-    uint32_t prod;
-    uint32_t cons;
+    size_t size;
+    uint64_t prod;
+    uint64_t cons;
 };
 
 static void streambuf_init(struct streambuf *buf, uint32_t size,
@@ -600,7 +600,7 @@ static void streambuf_fini(struct streambuf *buf)
 
 static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
 {
-    uint32_t free = buf->size - (buf->prod - buf->cons);
+    int64_t free = buf->size - (buf->prod - buf->cons);
 
     if (free < USBAUDIO_PACKET_SIZE(channels)) {
         return 0;
@@ -609,6 +609,8 @@ static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
         return 0;
     }
 
+    /* can happen if prod overflows */
+    assert(buf->prod % USBAUDIO_PACKET_SIZE(channels) == 0);
     usb_packet_copy(p, buf->data + (buf->prod % buf->size),
                     USBAUDIO_PACKET_SIZE(channels));
     buf->prod += USBAUDIO_PACKET_SIZE(channels);
@@ -617,10 +619,10 @@ static int streambuf_put(struct streambuf *buf, USBPacket *p, uint32_t channels)
 
 static uint8_t *streambuf_get(struct streambuf *buf, size_t *len)
 {
-    uint32_t used = buf->prod - buf->cons;
+    int64_t used = buf->prod - buf->cons;
     uint8_t *data;
 
-    if (!used) {
+    if (used <= 0) {
         *len = 0;
         return NULL;
     }