From: Jonathan Corbet <corbet@lwn.net>
To: Hans Verkuil <hverkuil@xs4all.nl>
Cc: linux-media@vger.kernel.org, Hans Verkuil <hans.verkuil@cisco.com>
Subject: Re: [PATCHv1 29/38] marvell-ccic: check register address.
Date: Tue, 4 Jun 2013 10:05:16 -0600 [thread overview]
Message-ID: <20130604100516.076436d4@lwn.net> (raw)
In-Reply-To: <1369825211-29770-30-git-send-email-hverkuil@xs4all.nl>
On Wed, 29 May 2013 13:00:02 +0200
Hans Verkuil <hverkuil@xs4all.nl> wrote:
> From: Hans Verkuil <hans.verkuil@cisco.com>
>
> Prevent out-of-range register accesses.
Certainly I agree with the goal, and what's here is better than what the
driver does now. But...
> + if (reg->reg > cam->regs_size - 4)
> + return -EINVAL;
The alleged size of the MMIO region is likely to be quite a bit larger than
the offset of the last real register, and I wouldn't count on the hardware
to not lock up if you try to access something beyond that last register.
So I'd much rather add a MAX_MCAM_REG_OFFSET define to mcam-core.h after
the last register define and test against that. I can try to toss
something together shortly.
Thanks,
jon
next prev parent reply other threads:[~2013-06-04 16:05 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-29 10:59 [PATCHv1 00/38] Remove VIDIOC_DBG_G_CHIP_IDENT Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 01/38] v4l2-ioctl: dbg_g/s_register: only match BRIDGE and SUBDEV types Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 02/38] v4l2: remove g_chip_ident from bridge drivers where it is easy to do so Hans Verkuil
2013-05-30 7:20 ` Prabhakar Lad
2013-05-31 7:53 ` Scott Jiang
2013-05-29 10:59 ` [PATCHv1 03/38] cx18: remove g_chip_ident support Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 04/38] saa7115: add back the dropped 'found' message Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 05/38] ivtv: remove g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 06/38] cx23885: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 07/38] cx88: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 08/38] saa6752hs: drop obsolete g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 09/38] gspca: remove g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 10/38] cx231xx: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 11/38] marvell-ccic: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 12/38] tveeprom: remove v4l2-chip-ident.h include Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 13/38] v4l2: remove obsolete v4l2_chip_match_host() Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 14/38] au8522_decoder: remove g_chip_ident op Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 15/38] radio: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 16/38] indycam: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 17/38] soc_camera sensors: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 18/38] media/i2c: " Hans Verkuil
2013-05-30 1:17 ` Laurent Pinchart
2013-05-30 8:06 ` Prabhakar Lad
2013-05-29 10:59 ` [PATCHv1 19/38] cx25840: remove the v4l2-chip-ident.h include Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 20/38] v4l2-common: remove unused v4l2_chip_match/ident_i2c_client functions Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 21/38] v4l2-int-device: remove unused chip_ident reference Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 22/38] v4l2-core: remove support for obsolete VIDIOC_DBG_G_CHIP_IDENT Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 23/38] DocBook: remove references to the dropped VIDIOC_DBG_G_CHIP_IDENT ioctl Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 24/38] v4l2-framework: replace g_chip_ident by g_std in the examples Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 25/38] DocBook: remove obsolete note from the dbg_g_register doc Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 26/38] saa7134: check register address in g_register Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 27/38] mxb: check register address when reading/writing a register Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 28/38] vpbe_display: drop g/s_register ioctls Hans Verkuil
2013-05-30 7:21 ` Prabhakar Lad
2013-05-29 11:00 ` [PATCHv1 29/38] marvell-ccic: check register address Hans Verkuil
2013-06-04 16:05 ` Jonathan Corbet [this message]
2013-05-29 11:00 ` [PATCHv1 30/38] au0828: set reg->size Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 31/38] cx231xx: the reg->size field wasn't filled in Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 32/38] sn9c20x: " Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 33/38] pvrusb2: drop g/s_register ioctls Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 34/38] media/i2c: fill in missing reg->size fields Hans Verkuil
2013-05-30 7:22 ` Prabhakar Lad
2013-05-29 11:00 ` [PATCHv1 35/38] cx18: fix register range check Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 36/38] cx88: fix register mask Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 37/38] ivtv: fix register range check Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 38/38] DocBook/media/v4l: update VIDIOC_DBG_ documentation Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130604100516.076436d4@lwn.net \
--to=corbet@lwn.net \
--cc=hans.verkuil@cisco.com \
--cc=hverkuil@xs4all.nl \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.