ALSA: pcm: Fix unlocked runtime state reads in xfer ioctls

The recent runtime state locking cleanup converted several PCM ioctl state
checks to snd_pcm_get_state(), including snd_pcm_pre_prepare(),
snd_pcm_drain() and snd_pcm_kernel_ioctl(). The native and compat xfer
ioctl paths still sample runtime->state directly before dispatching to the
PCM transfer helpers, and snd_pcm_common_ioctl() still samples the
DISCONNECTED state directly in its common precheck.

Use snd_pcm_get_state() for those ioctl-side prechecks as well. This keeps
the externally visible ioctl entry checks consistent with the stream-locked
state access used by the recent PCM state-read cleanup.

Fixes: 032322b44c02 ("ALSA: pcm: oss: use proper stream lock for runtime->state access")
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Link: https://patch.msgid.link/20260605-alsa-pcm-xfer-state-helper-v1-1-eba97cecf820@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c
index 5313f50f17da5e8cd6527766f566349fa53c0d1f..55ecf87586c4ddc553a82997ddaf30a69ab6627a 100644 (file)
--- a/sound/core/pcm_compat.c
+++ b/sound/core/pcm_compat.c
@@ -293,7 +293,7 @@ static int snd_pcm_ioctl_xferi_compat(struct snd_pcm_substream *substream,
                return -ENOTTY;
        if (substream->stream != dir)
                return -EINVAL;
-       if (substream->runtime->state == SNDRV_PCM_STATE_OPEN)
+       if (snd_pcm_get_state(substream) == SNDRV_PCM_STATE_OPEN)
                return -EBADFD;
 
        if (get_user(buf, &data32->buf) ||
@@ -338,7 +338,7 @@ static int snd_pcm_ioctl_xfern_compat(struct snd_pcm_substream *substream,
                return -ENOTTY;
        if (substream->stream != dir)
                return -EINVAL;
-       if (substream->runtime->state == SNDRV_PCM_STATE_OPEN)
+       if (snd_pcm_get_state(substream) == SNDRV_PCM_STATE_OPEN)
                return -EBADFD;
 
        ch = substream->runtime->channels;

diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
index 50da38b141cb75930f60592eb94221d6ad7665db..cf9a074c6ce06df999f30ed235f7a43c9607af56 100644 (file)
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -3306,10 +3306,9 @@ static int snd_pcm_xferi_frames_ioctl(struct snd_pcm_substream *substream,
                                      struct snd_xferi __user *_xferi)
 {
        struct snd_xferi xferi;
-       struct snd_pcm_runtime *runtime = substream->runtime;
        snd_pcm_sframes_t result;
 
-       if (runtime->state == SNDRV_PCM_STATE_OPEN)
+       if (snd_pcm_get_state(substream) == SNDRV_PCM_STATE_OPEN)
                return -EBADFD;
        if (put_user(0, &_xferi->result))
                return -EFAULT;
@@ -3332,7 +3331,7 @@ static int snd_pcm_xfern_frames_ioctl(struct snd_pcm_substream *substream,
        void *bufs __free(kfree) = NULL;
        snd_pcm_sframes_t result;
 
-       if (runtime->state == SNDRV_PCM_STATE_OPEN)
+       if (snd_pcm_get_state(substream) == SNDRV_PCM_STATE_OPEN)
                return -EBADFD;
        if (runtime->channels > 128)
                return -EINVAL;
@@ -3395,7 +3394,7 @@ static int snd_pcm_common_ioctl(struct file *file,
        if (PCM_RUNTIME_CHECK(substream))
                return -ENXIO;
 
-       if (substream->runtime->state == SNDRV_PCM_STATE_DISCONNECTED)
+       if (snd_pcm_get_state(substream) == SNDRV_PCM_STATE_DISCONNECTED)
                return -EBADFD;
 
        res = snd_power_wait(substream->pcm->card);