From: Mauro Carvalho Chehab <m.chehab@samsung.com>
To: Hans Verkuil <hverkuil@xs4all.nl>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
Mauro Carvalho Chehab <mchehab@infradead.org>,
Antti Palosaari <crope@iki.fi>
Subject: Re: [PATCHv2 19/29] tuners: Don't use dynamic static allocation
Date: Sat, 02 Nov 2013 19:15:15 -0200 [thread overview]
Message-ID: <20131102191515.0af09112@samsung.com> (raw)
In-Reply-To: <5275357F.5090405@xs4all.nl>
Em Sat, 02 Nov 2013 18:25:19 +0100
Hans Verkuil <hverkuil@xs4all.nl> escreveu:
> Hi Mauro,
>
> I'll review this series more carefully on Monday,
Thanks!
> but for now I want to make
> a suggestion for the array checks:
>
> On 11/02/2013 02:31 PM, Mauro Carvalho Chehab wrote:
> > Dynamic static allocation is evil, as Kernel stack is too low, and
> > compilation complains about it on some archs:
> >
> > drivers/media/tuners/e4000.c:50:1: warning: 'e4000_wr_regs' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/e4000.c:83:1: warning: 'e4000_rd_regs' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/fc2580.c:66:1: warning: 'fc2580_wr_regs.constprop.1' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/fc2580.c:98:1: warning: 'fc2580_rd_regs.constprop.0' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/tda18212.c:57:1: warning: 'tda18212_wr_regs' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/tda18212.c:90:1: warning: 'tda18212_rd_regs.constprop.0' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/tda18218.c:60:1: warning: 'tda18218_wr_regs' uses dynamic stack allocation [enabled by default]
> > drivers/media/tuners/tda18218.c:92:1: warning: 'tda18218_rd_regs.constprop.0' uses dynamic stack allocation [enabled by default]
> >
> > Instead, let's enforce a limit for the buffer. Considering that I2C
> > transfers are generally limited, and that devices used on USB has a
> > max data length of 80, it seem safe to use 80 as the hard limit for all
> > those devices. On most cases, the limit is a way lower than that, but
> > 80 is small enough to not affect the Kernel stack, and it is a no brain
> > limit, as using smaller ones would require to either carefully each
> > driver or to take a look on each datasheet.
> >
> > Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
> > Cc: Antti Palosaari <crope@iki.fi>
> > ---
> > drivers/media/tuners/e4000.c | 18 ++++++++++++++++--
> > drivers/media/tuners/fc2580.c | 18 ++++++++++++++++--
> > drivers/media/tuners/tda18212.c | 18 ++++++++++++++++--
> > drivers/media/tuners/tda18218.c | 18 ++++++++++++++++--
> > 4 files changed, 64 insertions(+), 8 deletions(-)
> >
> > diff --git a/drivers/media/tuners/e4000.c b/drivers/media/tuners/e4000.c
> > index ad9309da4a91..235e90251609 100644
> > --- a/drivers/media/tuners/e4000.c
> > +++ b/drivers/media/tuners/e4000.c
> > @@ -24,7 +24,7 @@
> > static int e4000_wr_regs(struct e4000_priv *priv, u8 reg, u8 *val, int len)
> > {
> > int ret;
> > - u8 buf[1 + len];
> > + u8 buf[80];
> > struct i2c_msg msg[1] = {
> > {
> > .addr = priv->cfg->i2c_addr,
> > @@ -34,6 +34,13 @@ static int e4000_wr_regs(struct e4000_priv *priv, u8 reg, u8 *val, int len)
> > }
> > };
> >
> > + if (1 + len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c wr reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
>
> I think this can be greatly simplified to:
>
> if (WARN_ON(len + 1 > sizeof(buf))
> return -EREMOTEIO;
>
> This should really never happen, and it is a clear driver bug if it does. WARN_ON
> does the job IMHO.
Works for me. I'll wait for more comments, and go for it on v3.
> I also don't like the EREMOTEIO error: it has nothing to do with
> an I/O problem. Wouldn't EMSGSIZE be much better here?
EMSGSIZE is not used yet at drivers/media. So, it is probably not the
right error code.
I remember that there's an error code for that on I2C (EOPNOTSUPP?).
In any case, I don't think we should use an unusual error code here.
In theory, this error should never happen, but we don't want to break
userspace because of it. That's why I opted to use EREMOTEIO: this is
the error code that most of those drivers return when something gets
wrong during I2C transfers.
> Ditto for all the similar situations in the patch series.
>
> Regards,
>
> Hans
>
> > buf[0] = reg;
> > memcpy(&buf[1], val, len);
> >
> > @@ -53,7 +60,7 @@ static int e4000_wr_regs(struct e4000_priv *priv, u8 reg, u8 *val, int len)
> > static int e4000_rd_regs(struct e4000_priv *priv, u8 reg, u8 *val, int len)
> > {
> > int ret;
> > - u8 buf[len];
> > + u8 buf[80];
> > struct i2c_msg msg[2] = {
> > {
> > .addr = priv->cfg->i2c_addr,
> > @@ -68,6 +75,13 @@ static int e4000_rd_regs(struct e4000_priv *priv, u8 reg, u8 *val, int len)
> > }
> > };
> >
> > + if (len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c rd reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > ret = i2c_transfer(priv->i2c, msg, 2);
> > if (ret == 2) {
> > memcpy(val, buf, len);
> > diff --git a/drivers/media/tuners/fc2580.c b/drivers/media/tuners/fc2580.c
> > index 81f38aae9c66..e27bf5be311d 100644
> > --- a/drivers/media/tuners/fc2580.c
> > +++ b/drivers/media/tuners/fc2580.c
> > @@ -41,7 +41,7 @@
> > static int fc2580_wr_regs(struct fc2580_priv *priv, u8 reg, u8 *val, int len)
> > {
> > int ret;
> > - u8 buf[1 + len];
> > + u8 buf[80];
> > struct i2c_msg msg[1] = {
> > {
> > .addr = priv->cfg->i2c_addr,
> > @@ -51,6 +51,13 @@ static int fc2580_wr_regs(struct fc2580_priv *priv, u8 reg, u8 *val, int len)
> > }
> > };
> >
> > + if (1 + len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c wr reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > buf[0] = reg;
> > memcpy(&buf[1], val, len);
> >
> > @@ -69,7 +76,7 @@ static int fc2580_wr_regs(struct fc2580_priv *priv, u8 reg, u8 *val, int len)
> > static int fc2580_rd_regs(struct fc2580_priv *priv, u8 reg, u8 *val, int len)
> > {
> > int ret;
> > - u8 buf[len];
> > + u8 buf[80];
> > struct i2c_msg msg[2] = {
> > {
> > .addr = priv->cfg->i2c_addr,
> > @@ -84,6 +91,13 @@ static int fc2580_rd_regs(struct fc2580_priv *priv, u8 reg, u8 *val, int len)
> > }
> > };
> >
> > + if (len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c rd reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > ret = i2c_transfer(priv->i2c, msg, 2);
> > if (ret == 2) {
> > memcpy(val, buf, len);
> > diff --git a/drivers/media/tuners/tda18212.c b/drivers/media/tuners/tda18212.c
> > index e4a84ee231cf..765b9f9d4bc6 100644
> > --- a/drivers/media/tuners/tda18212.c
> > +++ b/drivers/media/tuners/tda18212.c
> > @@ -32,7 +32,7 @@ static int tda18212_wr_regs(struct tda18212_priv *priv, u8 reg, u8 *val,
> > int len)
> > {
> > int ret;
> > - u8 buf[len+1];
> > + u8 buf[80];
> > struct i2c_msg msg[1] = {
> > {
> > .addr = priv->cfg->i2c_address,
> > @@ -42,6 +42,13 @@ static int tda18212_wr_regs(struct tda18212_priv *priv, u8 reg, u8 *val,
> > }
> > };
> >
> > + if (1 + len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c wr reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > buf[0] = reg;
> > memcpy(&buf[1], val, len);
> >
> > @@ -61,7 +68,7 @@ static int tda18212_rd_regs(struct tda18212_priv *priv, u8 reg, u8 *val,
> > int len)
> > {
> > int ret;
> > - u8 buf[len];
> > + u8 buf[80];
> > struct i2c_msg msg[2] = {
> > {
> > .addr = priv->cfg->i2c_address,
> > @@ -76,6 +83,13 @@ static int tda18212_rd_regs(struct tda18212_priv *priv, u8 reg, u8 *val,
> > }
> > };
> >
> > + if (len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c rd reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > ret = i2c_transfer(priv->i2c, msg, 2);
> > if (ret == 2) {
> > memcpy(val, buf, len);
> > diff --git a/drivers/media/tuners/tda18218.c b/drivers/media/tuners/tda18218.c
> > index 2d31aeb6b088..e4e662c2e6ef 100644
> > --- a/drivers/media/tuners/tda18218.c
> > +++ b/drivers/media/tuners/tda18218.c
> > @@ -24,7 +24,7 @@
> > static int tda18218_wr_regs(struct tda18218_priv *priv, u8 reg, u8 *val, u8 len)
> > {
> > int ret = 0, len2, remaining;
> > - u8 buf[1 + len];
> > + u8 buf[80];
> > struct i2c_msg msg[1] = {
> > {
> > .addr = priv->cfg->i2c_address,
> > @@ -33,6 +33,13 @@ static int tda18218_wr_regs(struct tda18218_priv *priv, u8 reg, u8 *val, u8 len)
> > }
> > };
> >
> > + if (1 + len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c wr reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > for (remaining = len; remaining > 0;
> > remaining -= (priv->cfg->i2c_wr_max - 1)) {
> > len2 = remaining;
> > @@ -63,7 +70,7 @@ static int tda18218_wr_regs(struct tda18218_priv *priv, u8 reg, u8 *val, u8 len)
> > static int tda18218_rd_regs(struct tda18218_priv *priv, u8 reg, u8 *val, u8 len)
> > {
> > int ret;
> > - u8 buf[reg+len]; /* we must start read always from reg 0x00 */
> > + u8 buf[80]; /* we must start read always from reg 0x00 */
> > struct i2c_msg msg[2] = {
> > {
> > .addr = priv->cfg->i2c_address,
> > @@ -78,6 +85,13 @@ static int tda18218_rd_regs(struct tda18218_priv *priv, u8 reg, u8 *val, u8 len)
> > }
> > };
> >
> > + if (reg + len > sizeof(buf)) {
> > + dev_warn(&priv->i2c->dev,
> > + "%s: i2c wr reg=%04x: len=%d is too big!\n",
> > + KBUILD_MODNAME, reg, len);
> > + return -EREMOTEIO;
> > + }
> > +
> > ret = i2c_transfer(priv->i2c, msg, 2);
> > if (ret == 2) {
> > memcpy(val, &buf[reg], len);
> >
>
--
Cheers,
Mauro
next prev parent reply other threads:[~2013-11-02 21:15 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-02 13:31 [PATCHv2 00/29] Fix errors/warnings with allmodconfig/allyesconfig on non-x86 archs Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 01/29] tda9887: remove an warning when compiling for alpha Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 02/29] radio-shark: remove a warning when CONFIG_PM is not defined Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 03/29] zoran: don't build it on alpha Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 04/29] cx18: struct i2c_client is too big for stack Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 05/29] tef6862: fix warning on avr32 arch Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 06/29] iguanair: shut up a gcc " Mauro Carvalho Chehab
2013-11-03 22:10 ` Sean Young
2013-11-03 22:13 ` [PATCH] [media] iguanair: simplify calculation of carrier delay cycles Sean Young
2013-11-02 13:31 ` [PATCHv2 07/29] platform drivers: Fix build on cris and frv archs Mauro Carvalho Chehab
2013-11-04 4:03 ` Ben Hutchings
2013-11-04 11:28 ` Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 08/29] cx18: disable compilation on frv arch Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 09/29] radio-si470x-i2c: fix a warning on ia64 Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 10/29] rc: Fir warnings on m68k arch Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 11/29] uvc/lirc_serial: Fix some warnings on parisc arch Mauro Carvalho Chehab
2013-11-04 14:22 ` Laurent Pinchart
2013-11-04 14:43 ` Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 12/29] s5h1420: Don't use dynamic static allocation Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 13/29] dvb-frontends: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 14/29] " Mauro Carvalho Chehab
2013-11-02 17:10 ` Antti Palosaari
2013-11-02 13:31 ` [PATCHv2 15/29] stb0899_drv: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 16/29] stv0367: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 17/29] stv090x: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 18/29] av7110_hw: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 19/29] tuners: " Mauro Carvalho Chehab
2013-11-02 17:12 ` Antti Palosaari
2013-11-02 17:25 ` Hans Verkuil
2013-11-02 21:15 ` Mauro Carvalho Chehab [this message]
2013-11-02 21:53 ` Hans Verkuil
2013-11-02 21:59 ` Hans Verkuil
2013-11-03 0:21 ` Mauro Carvalho Chehab
2013-11-03 9:12 ` Mauro Carvalho Chehab
2013-11-03 11:54 ` Antti Palosaari
2013-11-04 13:26 ` Hans Verkuil
2013-11-04 14:24 ` Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 20/29] tuner-xc2028: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 21/29] cimax2: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 22/29] v4l2-async: " Mauro Carvalho Chehab
2013-11-04 13:15 ` Hans Verkuil
2013-11-05 11:36 ` Mauro Carvalho Chehab
2013-11-05 11:42 ` Sylwester Nawrocki
2013-11-05 12:03 ` Mauro Carvalho Chehab
2013-11-05 12:35 ` Hans Verkuil
2013-11-05 13:16 ` Mauro Carvalho Chehab
2013-11-05 14:18 ` Hans Verkuil
2013-11-02 13:31 ` [PATCHv2 23/29] cxusb: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 24/29] dibusb-common: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 25/29] dw2102: " Mauro Carvalho Chehab
2013-11-02 13:31 ` [PATCHv2 26/29] af9015: " Mauro Carvalho Chehab
2013-11-02 17:05 ` Antti Palosaari
2013-11-02 13:31 ` [PATCHv2 27/29] af9035: " Mauro Carvalho Chehab
2013-11-02 17:19 ` Antti Palosaari
2013-11-02 13:31 ` [PATCHv2 28/29] mxl111sf: " Mauro Carvalho Chehab
2013-11-04 0:50 ` Michael Krufky
2013-11-04 10:58 ` Mauro Carvalho Chehab
2013-11-04 11:04 ` Michael Krufky
2013-11-02 13:31 ` [PATCHv2 29/29] lirc_zilog: " Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131102191515.0af09112@samsung.com \
--to=m.chehab@samsung.com \
--cc=crope@iki.fi \
--cc=hverkuil@xs4all.nl \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).