From patchwork Fri Oct 21 14:11:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tvrtko Ursulin X-Patchwork-Id: 9389309 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B1F56607F0 for ; Fri, 21 Oct 2016 14:12:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A37AB299A5 for ; Fri, 21 Oct 2016 14:12:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9826F2A239; Fri, 21 Oct 2016 14:12:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 31F96299A5 for ; Fri, 21 Oct 2016 14:12:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933967AbcJUOLs (ORCPT ); Fri, 21 Oct 2016 10:11:48 -0400 Received: from mail-lf0-f66.google.com ([209.85.215.66]:33495 "EHLO mail-lf0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933706AbcJUOLm (ORCPT ); Fri, 21 Oct 2016 10:11:42 -0400 Received: by mail-lf0-f66.google.com with SMTP id l131so5858890lfl.0 for ; Fri, 21 Oct 2016 07:11:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ursulin-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=m/jxJyuG2A9jNyT5XUYdudrGGQGETMoxYR1AOAhVwbE=; b=n3io6iJDa8D/gnEYDwGGooExjNO34JaEh8SfspJ439HCITFdvFhe36jDlQhdZH636R 21YxfMZOqHppjcFTNxXiLZjuSgHjHPByj/DsPl30u1tY4PTV+CaEy6BoT1QQ1yQZccr2 oq9ekcYgjvaNSqN4Wzsfn24mbCmlfaySbERXaFToWoTg+8k+Mw4e28QW1lEWNtt3vUMI Q9VNTgqqoBX+MDdW6GdSepOimOaTuQ3QLHG9bqdjF9ScRBkts1rhHS30Sp+ohaV8C+go m4chDHrvEIjl1I2NHAlpXBSPiT/82BXq79D36wK7fWpige+0zf5Ki8087dj3mBNu18Gv KbKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=m/jxJyuG2A9jNyT5XUYdudrGGQGETMoxYR1AOAhVwbE=; b=XMYVSUXZfs6H36vCHbdFBGfW6IzA8ERjOw0PMlkmpNgBLBKlarWkTJz0VetIbUHkoy PB8ckyHSfRqA8JUHnXqXpayuPuggpXxXVaNMrtzPFKBcXreDWkKS0YAm2ArQxB/Vkefs 3WrycBAHGLjk3TXD0X5NUxKlCEQUFy//zCCT4m7dFHqQAs3rXcAxtHfzRBviO0r8GXdc UuoD7jyQr05xsVjEoLzFNjaJvqxhDAgsOIwJmJIaACYhtIxV19xVBEpANz8hKMZFSnHS Yg9y9To/EoB06Tmz+BxKt+rd3nr6ExDsc3WwuwCHfUwCE4ZYwoaL7rVm85KTOX31TIJ+ T2Pw== X-Gm-Message-State: ABUngvfsitkploullX0KNxvScsvqy9XbnRYuKTxwU1STko/mrRZujyqMlh93DhzYg809eg== X-Received: by 10.194.147.67 with SMTP id ti3mr906109wjb.17.1477059099976; Fri, 21 Oct 2016 07:11:39 -0700 (PDT) Received: from e31.Home ([2a02:c7d:9b6d:e300:916a:6cab:ac67:71c2]) by smtp.gmail.com with ESMTPSA id ya1sm3114013wjb.23.2016.10.21.07.11.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 21 Oct 2016 07:11:39 -0700 (PDT) From: Tvrtko Ursulin X-Google-Original-From: Tvrtko Ursulin To: Intel-gfx@lists.freedesktop.org Cc: linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, Chris Wilson , Tvrtko Ursulin , Masahiro Yamada Subject: [PATCH 2/5] lib/scatterlist: Avoid potential scatterlist entry overflow Date: Fri, 21 Oct 2016 15:11:20 +0100 Message-Id: <1477059083-3500-3-git-send-email-tvrtko.ursulin@linux.intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1477059083-3500-1-git-send-email-tvrtko.ursulin@linux.intel.com> References: <1477059083-3500-1-git-send-email-tvrtko.ursulin@linux.intel.com> Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Tvrtko Ursulin Since the scatterlist length field is an unsigned int, make sure that sg_alloc_table_from_pages does not overflow it while coallescing pages to a single entry. It is I think only a theoretical possibility at the moment, but the ability to limit the coallesced size will have another use in following patches. Signed-off-by: Tvrtko Ursulin Cc: Masahiro Yamada Cc: linux-kernel@vger.kernel.org --- lib/scatterlist.c | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index e05e7fc98892..d928fa04aee3 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -394,7 +394,8 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, unsigned int offset, unsigned long size, gfp_t gfp_mask) { - unsigned int chunks; + const unsigned int max_segment = ~0; + unsigned int seg_len, chunks; unsigned int i; unsigned int cur_page; int ret; @@ -402,9 +403,16 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* compute number of contiguous chunks */ chunks = 1; - for (i = 1; i < n_pages; ++i) - if (page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) + seg_len = PAGE_SIZE; + for (i = 1; i < n_pages; ++i) { + if (seg_len >= max_segment || + page_to_pfn(pages[i]) != page_to_pfn(pages[i - 1]) + 1) { ++chunks; + seg_len = PAGE_SIZE; + } else { + seg_len += PAGE_SIZE; + } + } ret = sg_alloc_table(sgt, chunks, gfp_mask); if (unlikely(ret)) @@ -413,17 +421,22 @@ int sg_alloc_table_from_pages(struct sg_table *sgt, /* merging chunks and putting them into the scatterlist */ cur_page = 0; for_each_sg(sgt->sgl, s, sgt->orig_nents, i) { - unsigned long chunk_size; + unsigned int chunk_size; unsigned int j; /* look for the end of the current chunk */ + seg_len = PAGE_SIZE; for (j = cur_page + 1; j < n_pages; ++j) - if (page_to_pfn(pages[j]) != + if (seg_len >= max_segment || + page_to_pfn(pages[j]) != page_to_pfn(pages[j - 1]) + 1) break; + else + seg_len += PAGE_SIZE; chunk_size = ((j - cur_page) << PAGE_SHIFT) - offset; - sg_set_page(s, pages[cur_page], min(size, chunk_size), offset); + sg_set_page(s, pages[cur_page], + min_t(unsigned long, size, chunk_size), offset); size -= chunk_size; offset = 0; cur_page = j;