From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Cc: linux-renesas-soc@vger.kernel.org, linux-media@vger.kernel.org
Subject: Re: [PATCH v2 1/8] v4l: vsp1: Protect fragments against overflow
Date: Thu, 17 Aug 2017 00:53:34 +0300 [thread overview]
Message-ID: <1552146.CLukKW7q3G@avalon> (raw)
In-Reply-To: <a434f2ae9b782b0d8cb7a00b1e636c17c6dd48ad.1502723341.git-series.kieran.bingham+renesas@ideasonboard.com>
Hi Kieran,
Thank you for the patch.
On Monday 14 Aug 2017 16:13:24 Kieran Bingham wrote:
> The fragment write function relies on the code never asking it to
> write more than the entries available in the list.
>
> Currently with each list body containing 256 entries, this is fine,
> but we can reduce this number greatly saving memory.
>
> In preparation of this - add a level of protection to catch any
> buffer overflows.
>
> Signed-off-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
> ---
> drivers/media/platform/vsp1/vsp1_dl.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/media/platform/vsp1/vsp1_dl.c
> b/drivers/media/platform/vsp1/vsp1_dl.c index 8b5cbb6b7a70..cb4625ae13c2
> 100644
> --- a/drivers/media/platform/vsp1/vsp1_dl.c
> +++ b/drivers/media/platform/vsp1/vsp1_dl.c
> @@ -50,6 +50,7 @@ struct vsp1_dl_entry {
> * @dma: DMA address of the entries
> * @size: size of the DMA memory in bytes
> * @num_entries: number of stored entries
> + * @max_entries: number of entries available
> */
> struct vsp1_dl_body {
> struct list_head list;
> @@ -60,6 +61,7 @@ struct vsp1_dl_body {
> size_t size;
>
> unsigned int num_entries;
> + unsigned int max_entries;
> };
>
> /**
> @@ -138,6 +140,7 @@ static int vsp1_dl_body_init(struct vsp1_device *vsp1,
>
> dlb->vsp1 = vsp1;
> dlb->size = size;
> + dlb->max_entries = num_entries;
>
> dlb->entries = dma_alloc_wc(vsp1->bus_master, dlb->size, &dlb->dma,
> GFP_KERNEL);
> @@ -220,6 +223,11 @@ void vsp1_dl_fragment_free(struct vsp1_dl_body *dlb)
> */
> void vsp1_dl_fragment_write(struct vsp1_dl_body *dlb, u32 reg, u32 data)
> {
> + if (unlikely(dlb->num_entries >= dlb->max_entries)) {
> + WARN_ONCE(true, "DLB size exceeded (max %u)", dlb-
>max_entries);
> + return;
> + }
How about
if (WARN_ONCE(dlb->num_entries >= dlb->max_entries,
"DLB size exceeded (max %u)", dlb->max_entries))
return;
(WARN_ONCE contains the unlikely() already)
I'm not fussed either way,
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> dlb->entries[dlb->num_entries].addr = reg;
> dlb->entries[dlb->num_entries].data = data;
> dlb->num_entries++;
--
Regards,
Laurent Pinchart
next prev parent reply other threads:[~2017-08-16 21:53 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-14 15:13 [PATCH v2 0/8] vsp1: TLB optimisation and DL caching Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 1/8] v4l: vsp1: Protect fragments against overflow Kieran Bingham
2017-08-16 21:53 ` Laurent Pinchart [this message]
2017-08-17 8:16 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 2/8] v4l: vsp1: Provide a fragment pool Kieran Bingham
2017-08-17 12:13 ` Laurent Pinchart
2017-09-11 20:30 ` Kieran Bingham
2017-09-13 2:15 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 3/8] v4l: vsp1: Convert display lists to use new " Kieran Bingham
2017-08-17 12:13 ` Laurent Pinchart
2017-09-11 20:27 ` Kieran Bingham
2017-09-13 2:26 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 4/8] v4l: vsp1: Use reference counting for fragments Kieran Bingham
2017-08-17 12:53 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 5/8] v4l: vsp1: Refactor display list configure operations Kieran Bingham
2017-08-17 18:13 ` Laurent Pinchart
2017-09-11 21:16 ` Kieran Bingham
2017-09-12 19:19 ` Laurent Pinchart
2017-11-17 15:07 ` Kieran Bingham
2018-02-28 16:41 ` Kieran Bingham
2018-02-28 21:04 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 6/8] v4l: vsp1: Adapt entities to configure into a body Kieran Bingham
2017-08-17 17:58 ` Laurent Pinchart
2017-09-11 21:42 ` Kieran Bingham
2017-09-12 19:18 ` Laurent Pinchart
2017-11-17 13:40 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 7/8] v4l: vsp1: Move video configuration to a cached dlb Kieran Bingham
2017-08-17 18:10 ` Laurent Pinchart
2017-11-16 18:19 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 8/8] v4l: vsp1: Reduce display list body size Kieran Bingham
2017-08-17 16:11 ` Laurent Pinchart
2017-09-11 21:15 ` Kieran Bingham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552146.CLukKW7q3G@avalon \
--to=laurent.pinchart@ideasonboard.com \
--cc=kieran.bingham+renesas@ideasonboard.com \
--cc=linux-media@vger.kernel.org \
--cc=linux-renesas-soc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.