From: Patrick Boettcher <patrick.boettcher@posteo.de>
To: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: "Linux Media Mailing List" <linux-media@vger.kernel.org>,
"Mauro Carvalho Chehab" <mchehab@infradead.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Johannes Stezenbach" <js@linuxtv.org>,
"Jiri Kosina" <jikos@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Andy Lutomirski" <luto@kernel.org>,
"Michael Krufky" <mkrufky@linuxtv.org>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Jörg Otte" <jrg.otte@gmail.com>,
"Hans Verkuil" <hans.verkuil@cisco.com>,
"Sean Young" <sean@mess.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Kees Cook" <keescook@chromium.org>,
"Wolfram Sang" <wsa-dev@sang-engineering.com>
Subject: Re: [PATCH 08/26] dib0700_core: don't use stack on I2C reads
Date: Mon, 10 Oct 2016 08:37:44 +0200 [thread overview]
Message-ID: <20161010083744.1fc6171a@posteo.de> (raw)
In-Reply-To: <bbcbc1d7e3cebee244e425931a2ad2cbd23bc6c8.1475860773.git.mchehab@s-opensource.com>
On Fri, 7 Oct 2016 14:24:18 -0300
Mauro Carvalho Chehab <mchehab@s-opensource.com> wrote:
> Be sure that I2C reads won't use stack by passing
> a pointer to the state buffer, that we know it was
> allocated via kmalloc, instead of relying on the buffer
> allocated by an I2C client.
>
> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
> ---
> drivers/media/usb/dvb-usb/dib0700_core.c | 27
> ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1
> deletion(-)
>
> diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c
> b/drivers/media/usb/dvb-usb/dib0700_core.c index
> 515f89dba199..92d5408684ac 100644 ---
> a/drivers/media/usb/dvb-usb/dib0700_core.c +++
> b/drivers/media/usb/dvb-usb/dib0700_core.c @@ -213,7 +213,7 @@ static
> int dib0700_i2c_xfer_new(struct i2c_adapter *adap, struct i2c_msg
> *msg, usb_rcvctrlpipe(d->udev, 0), REQUEST_NEW_I2C_READ,
> USB_TYPE_VENDOR |
> USB_DIR_IN,
> - value, index,
> msg[i].buf,
> + value, index,
> st->buf, msg[i].len,
> USB_CTRL_GET_TIMEOUT);
> if (result < 0) {
> @@ -221,6 +221,14 @@ static int dib0700_i2c_xfer_new(struct
> i2c_adapter *adap, struct i2c_msg *msg, break;
> }
>
> + if (msg[i].len > sizeof(st->buf)) {
> + deb_info("buffer too small to fit %d
> bytes\n",
> + msg[i].len);
> + return -EIO;
> + }
> +
> + memcpy(msg[i].buf, st->buf, msg[i].len);
> +
> deb_data("<<< ");
> debug_dump(msg[i].buf, msg[i].len, deb_data);
>
> @@ -238,6 +246,13 @@ static int dib0700_i2c_xfer_new(struct
> i2c_adapter *adap, struct i2c_msg *msg, /* I2C ctrl + FE bus; */
> st->buf[3] = ((gen_mode << 6) & 0xC0) |
> ((bus_mode << 4) & 0x30);
> +
> + if (msg[i].len > sizeof(st->buf) - 4) {
> + deb_info("i2c message to big: %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> +
> /* The Actual i2c payload */
> memcpy(&st->buf[4], msg[i].buf, msg[i].len);
>
> @@ -283,6 +298,11 @@ static int dib0700_i2c_xfer_legacy(struct
> i2c_adapter *adap, /* fill in the address */
> st->buf[1] = msg[i].addr << 1;
> /* fill the buffer */
> + if (msg[i].len > sizeof(st->buf) - 2) {
> + deb_info("i2c xfer to big: %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> memcpy(&st->buf[2], msg[i].buf, msg[i].len);
>
> /* write/read request */
> @@ -299,6 +319,11 @@ static int dib0700_i2c_xfer_legacy(struct
> i2c_adapter *adap, break;
> }
>
> + if (msg[i + 1].len > sizeof(st->buf)) {
> + deb_info("i2c xfer buffer to small
> for %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> memcpy(msg[i + 1].buf, st->buf, msg[i +
> 1].len);
> msg[i+1].len = len;
Reviewed-By: Patrick Boettcher <patrick.boettcher@posteo.de>
next prev parent reply other threads:[~2016-10-10 6:38 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-07 17:24 [PATCH 00/26] Don't use stack for DMA transers on dvb-usb drivers Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 01/26] af9005: don't do DMA on stack Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 02/26] cinergyT2-core: " Mauro Carvalho Chehab
2016-10-10 6:39 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 03/26] cinergyT2-core:: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 04/26] cinergyT2-fe: cache stats at cinergyt2_fe_read_status() Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 05/26] cinergyT2-fe: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:39 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 06/26] cxusb: " Mauro Carvalho Chehab
2016-10-10 6:38 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 07/26] dib0700: be sure that dib0700_ctrl_rd() users can do DMA Mauro Carvalho Chehab
2016-10-10 6:38 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 08/26] dib0700_core: don't use stack on I2C reads Mauro Carvalho Chehab
2016-10-10 6:37 ` Patrick Boettcher [this message]
2016-10-07 17:24 ` [PATCH 09/26] dibusb: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:37 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 10/26] dibusb: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 11/26] digitv: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:36 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 12/26] dtt200u-fe: " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 13/26] dtt200u-fe: handle errors on USB control messages Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 14/26] dtt200u: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:36 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 15/26] dtt200u: handle USB control message errors Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 16/26] dtv5100: : don't do DMA on stack Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 17/26] gp8psk: " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 18/26] gp8psk: don't go past the buffer size Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 19/26] nova-t-usb2: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:35 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 20/26] pctv452e: " Mauro Carvalho Chehab
2016-10-10 6:35 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 21/26] pctv452e: don't call BUG_ON() on non-fatal error Mauro Carvalho Chehab
2016-10-08 10:11 ` [PATCH v2 " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 22/26] technisat-usb2: use DMA buffers for I2C transfers Mauro Carvalho Chehab
2016-10-10 6:34 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 23/26] dvb-usb: warn if return value for USB read/write routines is not checked Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 24/26] nova-t-usb2: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 25/26] dw2102: return error if su3000_power_ctrl() fails Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 26/26] digitv: handle error code on RC query Mauro Carvalho Chehab
2016-10-10 11:24 ` [PATCH 00/26] Don't use stack for DMA transers on dvb-usb drivers Antti Palosaari
2016-10-10 11:44 ` Michael Ira Krufky
2016-10-11 10:12 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161010083744.1fc6171a@posteo.de \
--to=patrick.boettcher@posteo.de \
--cc=akpm@linux-foundation.org \
--cc=hans.verkuil@cisco.com \
--cc=jikos@kernel.org \
--cc=jrg.otte@gmail.com \
--cc=js@linuxtv.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mchehab@infradead.org \
--cc=mchehab@kernel.org \
--cc=mchehab@s-opensource.com \
--cc=mkrufky@linuxtv.org \
--cc=sean@mess.org \
--cc=wsa-dev@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.