From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
To: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
Cc: linux-renesas-soc@vger.kernel.org, linux-media@vger.kernel.org
Subject: Re: [PATCH v2 1/8] v4l: vsp1: Protect fragments against overflow
Date: Thu, 17 Aug 2017 00:53:34 +0300 [thread overview]
Message-ID: <1552146.CLukKW7q3G@avalon> (raw)
In-Reply-To: <a434f2ae9b782b0d8cb7a00b1e636c17c6dd48ad.1502723341.git-series.kieran.bingham+renesas@ideasonboard.com>
Hi Kieran,
Thank you for the patch.
On Monday 14 Aug 2017 16:13:24 Kieran Bingham wrote:
> The fragment write function relies on the code never asking it to
> write more than the entries available in the list.
>
> Currently with each list body containing 256 entries, this is fine,
> but we can reduce this number greatly saving memory.
>
> In preparation of this - add a level of protection to catch any
> buffer overflows.
>
> Signed-off-by: Kieran Bingham <kieran.bingham+renesas@ideasonboard.com>
> ---
> drivers/media/platform/vsp1/vsp1_dl.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/media/platform/vsp1/vsp1_dl.c
> b/drivers/media/platform/vsp1/vsp1_dl.c index 8b5cbb6b7a70..cb4625ae13c2
> 100644
> --- a/drivers/media/platform/vsp1/vsp1_dl.c
> +++ b/drivers/media/platform/vsp1/vsp1_dl.c
> @@ -50,6 +50,7 @@ struct vsp1_dl_entry {
> * @dma: DMA address of the entries
> * @size: size of the DMA memory in bytes
> * @num_entries: number of stored entries
> + * @max_entries: number of entries available
> */
> struct vsp1_dl_body {
> struct list_head list;
> @@ -60,6 +61,7 @@ struct vsp1_dl_body {
> size_t size;
>
> unsigned int num_entries;
> + unsigned int max_entries;
> };
>
> /**
> @@ -138,6 +140,7 @@ static int vsp1_dl_body_init(struct vsp1_device *vsp1,
>
> dlb->vsp1 = vsp1;
> dlb->size = size;
> + dlb->max_entries = num_entries;
>
> dlb->entries = dma_alloc_wc(vsp1->bus_master, dlb->size, &dlb->dma,
> GFP_KERNEL);
> @@ -220,6 +223,11 @@ void vsp1_dl_fragment_free(struct vsp1_dl_body *dlb)
> */
> void vsp1_dl_fragment_write(struct vsp1_dl_body *dlb, u32 reg, u32 data)
> {
> + if (unlikely(dlb->num_entries >= dlb->max_entries)) {
> + WARN_ONCE(true, "DLB size exceeded (max %u)", dlb-
>max_entries);
> + return;
> + }
How about
if (WARN_ONCE(dlb->num_entries >= dlb->max_entries,
"DLB size exceeded (max %u)", dlb->max_entries))
return;
(WARN_ONCE contains the unlikely() already)
I'm not fussed either way,
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
> dlb->entries[dlb->num_entries].addr = reg;
> dlb->entries[dlb->num_entries].data = data;
> dlb->num_entries++;
--
Regards,
Laurent Pinchart
next prev parent reply other threads:[~2017-08-16 21:53 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-14 15:13 [PATCH v2 0/8] vsp1: TLB optimisation and DL caching Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 1/8] v4l: vsp1: Protect fragments against overflow Kieran Bingham
2017-08-16 21:53 ` Laurent Pinchart [this message]
2017-08-17 8:16 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 2/8] v4l: vsp1: Provide a fragment pool Kieran Bingham
2017-08-17 12:13 ` Laurent Pinchart
2017-09-11 20:30 ` Kieran Bingham
2017-09-13 2:15 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 3/8] v4l: vsp1: Convert display lists to use new " Kieran Bingham
2017-08-17 12:13 ` Laurent Pinchart
2017-09-11 20:27 ` Kieran Bingham
2017-09-13 2:26 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 4/8] v4l: vsp1: Use reference counting for fragments Kieran Bingham
2017-08-17 12:53 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 5/8] v4l: vsp1: Refactor display list configure operations Kieran Bingham
2017-08-17 18:13 ` Laurent Pinchart
2017-09-11 21:16 ` Kieran Bingham
2017-09-12 19:19 ` Laurent Pinchart
2017-11-17 15:07 ` Kieran Bingham
2018-02-28 16:41 ` Kieran Bingham
2018-02-28 21:04 ` Laurent Pinchart
2017-08-14 15:13 ` [PATCH v2 6/8] v4l: vsp1: Adapt entities to configure into a body Kieran Bingham
2017-08-17 17:58 ` Laurent Pinchart
2017-09-11 21:42 ` Kieran Bingham
2017-09-12 19:18 ` Laurent Pinchart
2017-11-17 13:40 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 7/8] v4l: vsp1: Move video configuration to a cached dlb Kieran Bingham
2017-08-17 18:10 ` Laurent Pinchart
2017-11-16 18:19 ` Kieran Bingham
2017-08-14 15:13 ` [PATCH v2 8/8] v4l: vsp1: Reduce display list body size Kieran Bingham
2017-08-17 16:11 ` Laurent Pinchart
2017-09-11 21:15 ` Kieran Bingham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1552146.CLukKW7q3G@avalon \
--to=laurent.pinchart@ideasonboard.com \
--cc=kieran.bingham+renesas@ideasonboard.com \
--cc=linux-media@vger.kernel.org \
--cc=linux-renesas-soc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).