From: Patrick Boettcher <patrick.boettcher@posteo.de>
To: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: "Linux Media Mailing List" <linux-media@vger.kernel.org>,
"Mauro Carvalho Chehab" <mchehab@infradead.org>,
"Andy Lutomirski" <luto@amacapital.net>,
"Johannes Stezenbach" <js@linuxtv.org>,
"Jiri Kosina" <jikos@kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Andy Lutomirski" <luto@kernel.org>,
"Michael Krufky" <mkrufky@linuxtv.org>,
"Mauro Carvalho Chehab" <mchehab@kernel.org>,
"Jörg Otte" <jrg.otte@gmail.com>,
"Hans Verkuil" <hans.verkuil@cisco.com>,
"Sean Young" <sean@mess.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Kees Cook" <keescook@chromium.org>,
"Wolfram Sang" <wsa-dev@sang-engineering.com>
Subject: Re: [PATCH 08/26] dib0700_core: don't use stack on I2C reads
Date: Mon, 10 Oct 2016 08:37:44 +0200 [thread overview]
Message-ID: <20161010083744.1fc6171a@posteo.de> (raw)
In-Reply-To: <bbcbc1d7e3cebee244e425931a2ad2cbd23bc6c8.1475860773.git.mchehab@s-opensource.com>
On Fri, 7 Oct 2016 14:24:18 -0300
Mauro Carvalho Chehab <mchehab@s-opensource.com> wrote:
> Be sure that I2C reads won't use stack by passing
> a pointer to the state buffer, that we know it was
> allocated via kmalloc, instead of relying on the buffer
> allocated by an I2C client.
>
> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
> ---
> drivers/media/usb/dvb-usb/dib0700_core.c | 27
> ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1
> deletion(-)
>
> diff --git a/drivers/media/usb/dvb-usb/dib0700_core.c
> b/drivers/media/usb/dvb-usb/dib0700_core.c index
> 515f89dba199..92d5408684ac 100644 ---
> a/drivers/media/usb/dvb-usb/dib0700_core.c +++
> b/drivers/media/usb/dvb-usb/dib0700_core.c @@ -213,7 +213,7 @@ static
> int dib0700_i2c_xfer_new(struct i2c_adapter *adap, struct i2c_msg
> *msg, usb_rcvctrlpipe(d->udev, 0), REQUEST_NEW_I2C_READ,
> USB_TYPE_VENDOR |
> USB_DIR_IN,
> - value, index,
> msg[i].buf,
> + value, index,
> st->buf, msg[i].len,
> USB_CTRL_GET_TIMEOUT);
> if (result < 0) {
> @@ -221,6 +221,14 @@ static int dib0700_i2c_xfer_new(struct
> i2c_adapter *adap, struct i2c_msg *msg, break;
> }
>
> + if (msg[i].len > sizeof(st->buf)) {
> + deb_info("buffer too small to fit %d
> bytes\n",
> + msg[i].len);
> + return -EIO;
> + }
> +
> + memcpy(msg[i].buf, st->buf, msg[i].len);
> +
> deb_data("<<< ");
> debug_dump(msg[i].buf, msg[i].len, deb_data);
>
> @@ -238,6 +246,13 @@ static int dib0700_i2c_xfer_new(struct
> i2c_adapter *adap, struct i2c_msg *msg, /* I2C ctrl + FE bus; */
> st->buf[3] = ((gen_mode << 6) & 0xC0) |
> ((bus_mode << 4) & 0x30);
> +
> + if (msg[i].len > sizeof(st->buf) - 4) {
> + deb_info("i2c message to big: %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> +
> /* The Actual i2c payload */
> memcpy(&st->buf[4], msg[i].buf, msg[i].len);
>
> @@ -283,6 +298,11 @@ static int dib0700_i2c_xfer_legacy(struct
> i2c_adapter *adap, /* fill in the address */
> st->buf[1] = msg[i].addr << 1;
> /* fill the buffer */
> + if (msg[i].len > sizeof(st->buf) - 2) {
> + deb_info("i2c xfer to big: %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> memcpy(&st->buf[2], msg[i].buf, msg[i].len);
>
> /* write/read request */
> @@ -299,6 +319,11 @@ static int dib0700_i2c_xfer_legacy(struct
> i2c_adapter *adap, break;
> }
>
> + if (msg[i + 1].len > sizeof(st->buf)) {
> + deb_info("i2c xfer buffer to small
> for %d\n",
> + msg[i].len);
> + return -EIO;
> + }
> memcpy(msg[i + 1].buf, st->buf, msg[i +
> 1].len);
> msg[i+1].len = len;
Reviewed-By: Patrick Boettcher <patrick.boettcher@posteo.de>
next prev parent reply other threads:[~2016-10-10 6:38 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-07 17:24 [PATCH 00/26] Don't use stack for DMA transers on dvb-usb drivers Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 01/26] af9005: don't do DMA on stack Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 02/26] cinergyT2-core: " Mauro Carvalho Chehab
2016-10-10 6:39 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 03/26] cinergyT2-core:: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 04/26] cinergyT2-fe: cache stats at cinergyt2_fe_read_status() Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 05/26] cinergyT2-fe: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:39 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 06/26] cxusb: " Mauro Carvalho Chehab
2016-10-10 6:38 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 07/26] dib0700: be sure that dib0700_ctrl_rd() users can do DMA Mauro Carvalho Chehab
2016-10-10 6:38 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 08/26] dib0700_core: don't use stack on I2C reads Mauro Carvalho Chehab
2016-10-10 6:37 ` Patrick Boettcher [this message]
2016-10-07 17:24 ` [PATCH 09/26] dibusb: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:37 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 10/26] dibusb: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 11/26] digitv: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:36 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 12/26] dtt200u-fe: " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 13/26] dtt200u-fe: handle errors on USB control messages Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 14/26] dtt200u: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:36 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 15/26] dtt200u: handle USB control message errors Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 16/26] dtv5100: : don't do DMA on stack Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 17/26] gp8psk: " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 18/26] gp8psk: don't go past the buffer size Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 19/26] nova-t-usb2: don't do DMA on stack Mauro Carvalho Chehab
2016-10-10 6:35 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 20/26] pctv452e: " Mauro Carvalho Chehab
2016-10-10 6:35 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 21/26] pctv452e: don't call BUG_ON() on non-fatal error Mauro Carvalho Chehab
2016-10-08 10:11 ` [PATCH v2 " Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 22/26] technisat-usb2: use DMA buffers for I2C transfers Mauro Carvalho Chehab
2016-10-10 6:34 ` Patrick Boettcher
2016-10-07 17:24 ` [PATCH 23/26] dvb-usb: warn if return value for USB read/write routines is not checked Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 24/26] nova-t-usb2: handle error code on RC query Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 25/26] dw2102: return error if su3000_power_ctrl() fails Mauro Carvalho Chehab
2016-10-07 17:24 ` [PATCH 26/26] digitv: handle error code on RC query Mauro Carvalho Chehab
2016-10-10 11:24 ` [PATCH 00/26] Don't use stack for DMA transers on dvb-usb drivers Antti Palosaari
2016-10-10 11:44 ` Michael Ira Krufky
2016-10-11 10:12 ` Mauro Carvalho Chehab
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161010083744.1fc6171a@posteo.de \
--to=patrick.boettcher@posteo.de \
--cc=akpm@linux-foundation.org \
--cc=hans.verkuil@cisco.com \
--cc=jikos@kernel.org \
--cc=jrg.otte@gmail.com \
--cc=js@linuxtv.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mchehab@infradead.org \
--cc=mchehab@kernel.org \
--cc=mchehab@s-opensource.com \
--cc=mkrufky@linuxtv.org \
--cc=sean@mess.org \
--cc=wsa-dev@sang-engineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).