From: stuart hayes <stuart.w.hayes@gmail.com>
To: "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
Hans de Goede <hdegoede@redhat.com>,
platform-driver-x86@vger.kernel.org
Subject: Re: [PATCH v3 3/4] platform/x86: dell_rbu: Stop overwriting data buffer
Date: Fri, 30 May 2025 10:27:52 -0500 [thread overview]
Message-ID: <8a8ff0b4-49a9-4b07-abbd-243b754bfc0e@gmail.com> (raw)
In-Reply-To: <ad0301a0-f45f-900a-028d-dff5e08b9525@linux.intel.com>
On 5/30/2025 3:03 AM, Ilpo Järvinen wrote:
> On Thu, 29 May 2025, Stuart Hayes wrote:
>
>> The dell_rbu driver will use memset() to clear the data held by each
>> packet when it is no longer needed (when the driver is unloaded, the
>> packet size is changed, etc).
>>
>> The amount of memory that is cleared (before this patch) is the normal
>> packet size. However, the last packet in the list may be smaller.
>>
>> Fix this to only clear the memory actually used by each packet, to prevent
>> it from writing past the end of data buffer.
>>
>> Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com>
>
> This still doesn't have Fixes tag? If it writes part the buffer, there
> certainly should be one in this one. Did you perhaps add it to a wrong
> patch?
>
This fixes a bug that's existed for the life of the driver. Should I use
the patch that introduced the driver for "Fixes:"?
I don't think this has ever caused a problem, because, as far as I know,
the Dell BIOS update program is the only user of this module, and it
uses 4096 as the packet size. Because the packet data buffers are
allocated with...
ordernum = get_order(size);
image_update_buffer =
(unsigned char *)__get_free_pages(GRP_DMA32, ordernum);
...this will always allocate one full page for every packet data buffer.
I just happened to notice that the driver could overwrite the end of the
buffer for the last packet if a packet size of more than 4096 was used,
so I thought I'd fix that.
>> ---
>> drivers/platform/x86/dell/dell_rbu.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/platform/x86/dell/dell_rbu.c b/drivers/platform/x86/dell/dell_rbu.c
>> index c03d4d55fcc1..7d5b26735a20 100644
>> --- a/drivers/platform/x86/dell/dell_rbu.c
>> +++ b/drivers/platform/x86/dell/dell_rbu.c
>> @@ -322,7 +322,7 @@ static void packet_empty_list(void)
>> * zero out the RBU packet memory before freeing
>> * to make sure there are no stale RBU packets left in memory
>> */
>> - memset(newpacket->data, 0, rbu_data.packetsize);
>> + memset(newpacket->data, 0, newpacket->length);
>> set_memory_wb((unsigned long)newpacket->data,
>> 1 << newpacket->ordernum);
>> free_pages((unsigned long) newpacket->data,
>>
>
next prev parent reply other threads:[~2025-05-30 15:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-29 20:27 [PATCH v3 0/4] platform/x86: dell_rbu: Packet data fixes Stuart Hayes
2025-05-29 20:27 ` [PATCH v3 1/4] platform/x86: dell_rbu: Fix lock context warning Stuart Hayes
2025-05-29 20:27 ` [PATCH v3 2/4] platform/x86: dell_rbu: Fix list usage Stuart Hayes
2025-05-30 7:54 ` Ilpo Järvinen
2025-05-30 15:16 ` stuart hayes
2025-05-30 15:25 ` Ilpo Järvinen
2025-05-30 15:35 ` stuart hayes
2025-05-30 15:48 ` Ilpo Järvinen
2025-05-29 20:27 ` [PATCH v3 3/4] platform/x86: dell_rbu: Stop overwriting data buffer Stuart Hayes
2025-05-30 8:03 ` Ilpo Järvinen
2025-05-30 15:27 ` stuart hayes [this message]
2025-05-30 15:46 ` Ilpo Järvinen
2025-05-29 20:27 ` [PATCH v3 4/4] platform/x86: dell_rbu: Bump version Stuart Hayes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a8ff0b4-49a9-4b07-abbd-243b754bfc0e@gmail.com \
--to=stuart.w.hayes@gmail.com \
--cc=hdegoede@redhat.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=platform-driver-x86@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.