From: Anton Vorontsov <anton.vorontsov@linaro.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Kees Cook <keescook@chromium.org>,
Colin Cross <ccross@android.com>
Cc: Arnd Bergmann <arnd@arndb.de>,
John Stultz <john.stultz@linaro.org>,
arve@android.com, Rebecca Schultz Zavin <rebecca@android.com>,
Jesper Juhl <jj@chaosbits.net>,
Randy Dunlap <rdunlap@xenotime.net>,
Stephen Boyd <sboyd@codeaurora.org>,
Thomas Meyer <thomas@m3y3r.de>,
Andrew Morton <akpm@linux-foundation.org>,
Marco Stornelli <marco.stornelli@gmail.com>,
WANG Cong <xiyou.wangcong@gmail.com>,
linux-kernel@vger.kernel.org, devel@driverdev.osuosl.org,
linaro-kernel@lists.linaro.org, patches@linaro.org,
kernel-team@android.com
Subject: [PATCH 02/11] persistent_ram: Fix buffer size clamping during writes
Date: Fri, 11 May 2012 17:17:17 -0700 [thread overview]
Message-ID: <20120512001717.GB14782@lizard> (raw)
In-Reply-To: <20120512001506.GA8653@lizard>
This is a longstanding bug, almost unnoticeable when calling
persistent_ram_write() for small buffers.
But when called for large data buffers, the write routine behaves
incorrectly, as the size may never update: instead of clamping
the size to the maximum buffer size, buffer_size_add_clamp() returns
an error (which is never checked by the write routine, btw).
To fix this, we now use buffer_size_add() that actually clamps the
size to the max value.
Also remove buffer_size_add_clamp(), it is no longer needed.
Signed-off-by: Anton Vorontsov <anton.vorontsov@linaro.org>
---
drivers/staging/android/persistent_ram.c | 19 +------------------
1 file changed, 1 insertion(+), 18 deletions(-)
diff --git a/drivers/staging/android/persistent_ram.c b/drivers/staging/android/persistent_ram.c
index 12444fd..13a12bc 100644
--- a/drivers/staging/android/persistent_ram.c
+++ b/drivers/staging/android/persistent_ram.c
@@ -79,23 +79,6 @@ static inline void buffer_size_add(struct persistent_ram_zone *prz, size_t a)
} while (atomic_cmpxchg(&prz->buffer->size, old, new) != old);
}
-/* increase the size counter, retuning an error if it hits the max size */
-static inline ssize_t buffer_size_add_clamp(struct persistent_ram_zone *prz,
- size_t a)
-{
- size_t old;
- size_t new;
-
- do {
- old = atomic_read(&prz->buffer->size);
- new = old + a;
- if (new > prz->buffer_size)
- return -ENOMEM;
- } while (atomic_cmpxchg(&prz->buffer->size, old, new) != old);
-
- return 0;
-}
-
static void notrace persistent_ram_encode_rs8(struct persistent_ram_zone *prz,
uint8_t *data, size_t len, uint8_t *ecc)
{
@@ -300,7 +283,7 @@ int notrace persistent_ram_write(struct persistent_ram_zone *prz,
c = prz->buffer_size;
}
- buffer_size_add_clamp(prz, c);
+ buffer_size_add(prz, c);
start = buffer_start_add(prz, c);
--
1.7.9.2
next prev parent reply other threads:[~2012-05-12 0:18 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-12 0:15 [PATCH 0/11] Merge ramoops and persistent_ram, generic pstore RAM backend Anton Vorontsov
2012-05-12 0:17 ` [PATCH 01/11] persistent_ram: Remove prz->node Anton Vorontsov
2012-05-12 0:17 ` Anton Vorontsov [this message]
2012-05-13 16:56 ` [PATCH 02/11] persistent_ram: Fix buffer size clamping during writes Dan Carpenter
2012-05-13 20:38 ` Anton Vorontsov
2012-05-14 3:23 ` Colin Cross
2012-05-14 4:17 ` Greg Kroah-Hartman
2012-05-12 0:17 ` [PATCH 03/11] persistent_ram: Introduce persistent_ram_post_init() Anton Vorontsov
2012-05-12 0:17 ` [PATCH 04/11] persistent_ram: Introduce persistent_ram_new() Anton Vorontsov
2012-05-15 0:37 ` Colin Cross
2012-05-16 0:22 ` Anton Vorontsov
2012-05-12 0:17 ` [PATCH 05/11] persistent_ram: Introduce persistent_ram_vmap() Anton Vorontsov
2012-05-12 0:17 ` [PATCH 06/11] persistent_ram: Make it possible to use memory outside of bootmem Anton Vorontsov
2012-06-06 21:10 ` Colin Cross
2012-06-06 22:11 ` Anton Vorontsov
2012-05-12 0:18 ` [PATCH 07/11] persistent_ram: Introduce persistent_ram_free() Anton Vorontsov
2012-05-12 0:18 ` [PATCH 08/11] ramoops: Move to fs/pstore/ram.c Anton Vorontsov
2012-05-14 21:34 ` Kees Cook
2012-05-16 0:19 ` Anton Vorontsov
2012-05-15 15:12 ` Shuah Khan
2012-05-16 7:30 ` Anton Vorontsov
2012-05-16 15:17 ` Shuah Khan
2012-05-12 0:18 ` [PATCH 09/11] persistent_ram: Move to fs/pstore/ram_core.c Anton Vorontsov
2012-05-14 21:43 ` Kees Cook
2012-05-12 0:18 ` [PATCH 10/11] pstore/ram: Switch to persistent_ram routines Anton Vorontsov
2012-05-14 22:21 ` Kees Cook
2012-05-16 6:14 ` Anton Vorontsov
2012-05-16 12:44 ` Kees Cook
2012-05-12 0:18 ` [PATCH 11/11] pstore/ram: Add ECC support Anton Vorontsov
2012-05-14 22:22 ` Kees Cook
2012-05-14 15:58 ` [PATCH 0/11] Merge ramoops and persistent_ram, generic pstore RAM backend Greg Kroah-Hartman
2012-05-14 16:30 ` Shuah Khan
2012-05-14 20:45 ` Anton Vorontsov
2012-05-14 20:55 ` Shuah Khan
2012-05-15 15:53 ` Greg Kroah-Hartman
2012-05-15 6:07 ` Marco Stornelli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120512001717.GB14782@lizard \
--to=anton.vorontsov@linaro.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=ccross@android.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=jj@chaosbits.net \
--cc=john.stultz@linaro.org \
--cc=keescook@chromium.org \
--cc=kernel-team@android.com \
--cc=linaro-kernel@lists.linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marco.stornelli@gmail.com \
--cc=patches@linaro.org \
--cc=rdunlap@xenotime.net \
--cc=rebecca@android.com \
--cc=sboyd@codeaurora.org \
--cc=thomas@m3y3r.de \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox