From: Jonathan Corbet <corbet@lwn.net>
To: Hans Verkuil <hverkuil@xs4all.nl>
Cc: linux-media@vger.kernel.org, Hans Verkuil <hans.verkuil@cisco.com>
Subject: Re: [PATCHv1 29/38] marvell-ccic: check register address.
Date: Tue, 4 Jun 2013 10:05:16 -0600 [thread overview]
Message-ID: <20130604100516.076436d4@lwn.net> (raw)
In-Reply-To: <1369825211-29770-30-git-send-email-hverkuil@xs4all.nl>
On Wed, 29 May 2013 13:00:02 +0200
Hans Verkuil <hverkuil@xs4all.nl> wrote:
> From: Hans Verkuil <hans.verkuil@cisco.com>
>
> Prevent out-of-range register accesses.
Certainly I agree with the goal, and what's here is better than what the
driver does now. But...
> + if (reg->reg > cam->regs_size - 4)
> + return -EINVAL;
The alleged size of the MMIO region is likely to be quite a bit larger than
the offset of the last real register, and I wouldn't count on the hardware
to not lock up if you try to access something beyond that last register.
So I'd much rather add a MAX_MCAM_REG_OFFSET define to mcam-core.h after
the last register define and test against that. I can try to toss
something together shortly.
Thanks,
jon
next prev parent reply other threads:[~2013-06-04 16:05 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-29 10:59 [PATCHv1 00/38] Remove VIDIOC_DBG_G_CHIP_IDENT Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 01/38] v4l2-ioctl: dbg_g/s_register: only match BRIDGE and SUBDEV types Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 02/38] v4l2: remove g_chip_ident from bridge drivers where it is easy to do so Hans Verkuil
2013-05-30 7:20 ` Prabhakar Lad
2013-05-31 7:53 ` Scott Jiang
2013-05-29 10:59 ` [PATCHv1 03/38] cx18: remove g_chip_ident support Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 04/38] saa7115: add back the dropped 'found' message Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 05/38] ivtv: remove g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 06/38] cx23885: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 07/38] cx88: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 08/38] saa6752hs: drop obsolete g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 09/38] gspca: remove g_chip_ident Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 10/38] cx231xx: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 11/38] marvell-ccic: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 12/38] tveeprom: remove v4l2-chip-ident.h include Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 13/38] v4l2: remove obsolete v4l2_chip_match_host() Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 14/38] au8522_decoder: remove g_chip_ident op Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 15/38] radio: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 16/38] indycam: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 17/38] soc_camera sensors: " Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 18/38] media/i2c: " Hans Verkuil
2013-05-30 1:17 ` Laurent Pinchart
2013-05-30 8:06 ` Prabhakar Lad
2013-05-29 10:59 ` [PATCHv1 19/38] cx25840: remove the v4l2-chip-ident.h include Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 20/38] v4l2-common: remove unused v4l2_chip_match/ident_i2c_client functions Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 21/38] v4l2-int-device: remove unused chip_ident reference Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 22/38] v4l2-core: remove support for obsolete VIDIOC_DBG_G_CHIP_IDENT Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 23/38] DocBook: remove references to the dropped VIDIOC_DBG_G_CHIP_IDENT ioctl Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 24/38] v4l2-framework: replace g_chip_ident by g_std in the examples Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 25/38] DocBook: remove obsolete note from the dbg_g_register doc Hans Verkuil
2013-05-29 10:59 ` [PATCHv1 26/38] saa7134: check register address in g_register Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 27/38] mxb: check register address when reading/writing a register Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 28/38] vpbe_display: drop g/s_register ioctls Hans Verkuil
2013-05-30 7:21 ` Prabhakar Lad
2013-05-29 11:00 ` [PATCHv1 29/38] marvell-ccic: check register address Hans Verkuil
2013-06-04 16:05 ` Jonathan Corbet [this message]
2013-05-29 11:00 ` [PATCHv1 30/38] au0828: set reg->size Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 31/38] cx231xx: the reg->size field wasn't filled in Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 32/38] sn9c20x: " Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 33/38] pvrusb2: drop g/s_register ioctls Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 34/38] media/i2c: fill in missing reg->size fields Hans Verkuil
2013-05-30 7:22 ` Prabhakar Lad
2013-05-29 11:00 ` [PATCHv1 35/38] cx18: fix register range check Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 36/38] cx88: fix register mask Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 37/38] ivtv: fix register range check Hans Verkuil
2013-05-29 11:00 ` [PATCHv1 38/38] DocBook/media/v4l: update VIDIOC_DBG_ documentation Hans Verkuil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130604100516.076436d4@lwn.net \
--to=corbet@lwn.net \
--cc=hans.verkuil@cisco.com \
--cc=hverkuil@xs4all.nl \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox