From: Nicolas Dufresne <nicolas.dufresne@collabora.com>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Benjamin Gaignard <benjamin.gaignard@collabora.com>
Cc: tfiga@chromium.org, m.szyprowski@samsung.com, mchehab@kernel.org,
ming.qian@nxp.com, shijie.qin@nxp.com, eagle.zhou@nxp.com,
bin.liu@mediatek.com, matthias.bgg@gmail.com,
angelogioacchino.delregno@collabora.com,
tiffany.lin@mediatek.com, andrew-ct.chen@mediatek.com,
yunfei.dong@mediatek.com, stanimir.k.varbanov@gmail.com,
quic_vgarodia@quicinc.com, agross@kernel.org,
andersson@kernel.org, konrad.dybcio@linaro.org,
ezequiel@vanguardiasur.com.ar, p.zabel@pengutronix.de,
daniel.almeida@collabora.com, hverkuil-cisco@xs4all.nl,
jerbel@kernel.org, linux-media@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-mediatek@lists.infradead.org,
linux-arm-msm@vger.kernel.org,
linux-rockchip@lists.infradead.org, kernel@collabora.com
Subject: Re: [RFC 2/4] media: videobuf2: Replace bufs array by a list
Date: Wed, 15 Mar 2023 09:57:51 -0400 [thread overview]
Message-ID: <bdade438cd93230daa47ee48eafab60f65cd4224.camel@collabora.com> (raw)
In-Reply-To: <20230313181155.GC22646@pendragon.ideasonboard.com>
Le lundi 13 mars 2023 à 20:11 +0200, Laurent Pinchart a écrit :
> > - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */
> > - num_buffers = min_t(unsigned int, num_buffers,
> > - VB2_MAX_FRAME - q->num_buffers);
> > -
>
> We can indeed drop this check now, but shouldn't we introduce some kind
> of resource accounting and limitation ? Otherwise any unpriviledged
> userspace will be able to starve system memory. This could be
> implemented on top, as the problem largely exists today already, but I'd
> like to at least record this in a TODO comment.
The current limit already isn't work for resource accounting and limitation for
m2m drivers. You can open a device, allocate 32 buffers, and close that device
keeping the memory around. And redo this process as many times as you want.
A TODO is most appropriate, but I would prefer to see this done at a memory
layer level (rather then v4l2 specific), so that limits and accounting works
with containers and other sandboxes.
>
> I also wonder if we should still limit the number of allocated buffers.
> The limit could be large, for instance 1024 buffers, and it would be an
> in-kernel limit that could be increased later if needed. I'm concerned
> that dropping the limit completely will allow userspace to request
> UINT_MAX buffers, which may cause integer overflows somewhere. Limiting
> the number of buffers would avoid extensive review of all the code that
> deals with counting buffers.
next prev parent reply other threads:[~2023-03-15 13:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-13 13:59 [RFC 0/4] Allow more than 32 vb2 buffers per queue Benjamin Gaignard
2023-03-13 13:59 ` [RFC 1/4] media: videobuf2: Use vb2_get_buffer() as helper everywhere Benjamin Gaignard
2023-03-13 16:51 ` Andrzej Pietrasiewicz
2023-03-13 16:56 ` Benjamin Gaignard
2023-03-13 18:01 ` Laurent Pinchart
2023-03-13 18:04 ` Laurent Pinchart
2023-03-13 13:59 ` [RFC 2/4] media: videobuf2: Replace bufs array by a list Benjamin Gaignard
2023-03-13 18:11 ` Laurent Pinchart
2023-03-13 23:16 ` David Laight
2023-03-14 8:55 ` Hans Verkuil
2023-03-14 10:11 ` David Laight
2023-03-14 10:42 ` Hans Verkuil
2023-03-19 23:33 ` Laurent Pinchart
2023-03-22 14:50 ` Nicolas Dufresne
2023-03-22 15:01 ` Laurent Pinchart
2023-03-24 15:14 ` Nicolas Dufresne
2023-03-24 15:18 ` Hans Verkuil
2023-03-24 15:34 ` Nicolas Dufresne
2023-03-24 20:21 ` Laurent Pinchart
2023-03-15 13:57 ` Nicolas Dufresne [this message]
2023-03-19 23:33 ` Laurent Pinchart
2023-03-13 13:59 ` [RFC 3/4] media: videobuf2: Use bitmap to manage vb2 index Benjamin Gaignard
2023-03-13 18:14 ` Laurent Pinchart
2023-03-14 2:10 ` [EXT] " Ming Qian
2023-03-13 13:59 ` [RFC 4/4] media: videobuf2: Stop define VB2_MAX_FRAME as global Benjamin Gaignard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bdade438cd93230daa47ee48eafab60f65cd4224.camel@collabora.com \
--to=nicolas.dufresne@collabora.com \
--cc=agross@kernel.org \
--cc=andersson@kernel.org \
--cc=andrew-ct.chen@mediatek.com \
--cc=angelogioacchino.delregno@collabora.com \
--cc=benjamin.gaignard@collabora.com \
--cc=bin.liu@mediatek.com \
--cc=daniel.almeida@collabora.com \
--cc=eagle.zhou@nxp.com \
--cc=ezequiel@vanguardiasur.com.ar \
--cc=hverkuil-cisco@xs4all.nl \
--cc=jerbel@kernel.org \
--cc=kernel@collabora.com \
--cc=konrad.dybcio@linaro.org \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=linux-rockchip@lists.infradead.org \
--cc=m.szyprowski@samsung.com \
--cc=matthias.bgg@gmail.com \
--cc=mchehab@kernel.org \
--cc=ming.qian@nxp.com \
--cc=p.zabel@pengutronix.de \
--cc=quic_vgarodia@quicinc.com \
--cc=shijie.qin@nxp.com \
--cc=stanimir.k.varbanov@gmail.com \
--cc=tfiga@chromium.org \
--cc=tiffany.lin@mediatek.com \
--cc=yunfei.dong@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox