From: James Hogan <james.hogan@imgtec.com>
To: linux-kernel <linux-kernel@vger.kernel.org>,
<linux-media@vger.kernel.org>, Pekka Enberg <penberg@kernel.org>,
Jarod Wilson <jarod@redhat.com>,
Mauro Carvalho Chehab <mchehab@infradead.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Lucas De Marchi <lucas.demarchi@profusion.mobi>,
Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: [PATCH RESEND] rc/ir-raw: fix BUG_ON, using kfifo_rec_ptr_1 instead of kfifo
Date: Wed, 22 Feb 2012 12:58:06 +0000 [thread overview]
Message-ID: <4F44E65E.8010604@imgtec.com> (raw)
Raw IR events are passed to the raw event thread through a kfifo. The
size of the event struct is 12 bytes, and space for 512 events is
reserved in the kfifo (6144 bytes), however this is rounded down to 4096
bytes (the next power of 2) by __kfifo_alloc().
4096 bytes is not divisible by 12 therefore if the fifo fills up, a
third of a record will be written in the end of the kfifo by
ir_raw_event_store() because the recsize of the fifo is 0 (it doesn't
have records). When this is read by ir_raw_event_thread() a corrupted or
partial record will be read, and in the case of a partial record the
BUG_ON(retval != sizeof(ev)) gets hit too.
According to samples/kfifo/record-example.c struct kfifo_rec_ptr_1 can
handle records of a length between 0 and 255 bytes, so change struct
ir_raw_event_ctrl to use that instead of struct kfifo.
Signed-off-by: James Hogan <james.hogan@imgtec.com>
---
drivers/media/rc/rc-core-priv.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/media/rc/rc-core-priv.h b/drivers/media/rc/rc-core-priv.h
index c6ca870..989ea08 100644
--- a/drivers/media/rc/rc-core-priv.h
+++ b/drivers/media/rc/rc-core-priv.h
@@ -35,7 +35,7 @@ struct ir_raw_event_ctrl {
struct list_head list; /* to keep track of raw clients */
struct task_struct *thread;
spinlock_t lock;
- struct kfifo kfifo; /* fifo for the pulse/space durations */
+ struct kfifo_rec_ptr_1 kfifo; /* fifo for the pulse/space durations */
ktime_t last_event; /* when last event occurred */
enum raw_event_type last_type; /* last event type */
struct rc_dev *dev; /* pointer to the parent rc_dev */
--
1.7.2.3
reply other threads:[~2012-02-22 12:58 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F44E65E.8010604@imgtec.com \
--to=james.hogan@imgtec.com \
--cc=jarod@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=lucas.demarchi@profusion.mobi \
--cc=mchehab@infradead.org \
--cc=paul.gortmaker@windriver.com \
--cc=penberg@kernel.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox