| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Oct 2015 16:59:13 +0000
From: Ian Abbott <abbotti@....co.uk>
To: driverdev-devel@...uxdriverproject.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Ian Abbott <abbotti@....co.uk>,
H Hartley Sweeten <hsweeten@...ionengravers.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH 04/16] staging: comedi: comedi_test: limit maximum convert_arg
When testing the parameters for setting up an asynchronous command on
the AI subdevice, limit the maximum conversion period
(`cmd->convert_arg`) so that the number of conversions in a scan
(`cmd->scan_end_arg`, same as `cmd->chanlist_len`) multiplied by the
conversion period fits within an `unsigned int`, as that is used to
limit the minimum scan period (`cmd->scan_begin_arg`).
Also ensure rounding of the conversion period and scan period to the
nearest microsecond both fit in an `unsigned int`. Do all this in stage
4 ("fix up any arguments") of the command testing.
Signed-off-by: Ian Abbott <abbotti@....co.uk>
---
drivers/staging/comedi/drivers/comedi_test.c | 42 ++++++++++++++--------------
1 file changed, 21 insertions(+), 21 deletions(-)
diff --git a/drivers/staging/comedi/drivers/comedi_test.c b/drivers/staging/comedi/drivers/comedi_test.c
index d9810ca..f011fbd 100644
--- a/drivers/staging/comedi/drivers/comedi_test.c
+++ b/drivers/staging/comedi/drivers/comedi_test.c
@@ -234,7 +234,7 @@ static int waveform_ai_cmdtest(struct comedi_device *dev,
struct comedi_cmd *cmd)
{
int err = 0;
- unsigned int arg;
+ unsigned int arg, limit;
/* Step 1 : check if triggers are trivially valid */
@@ -265,16 +265,8 @@ static int waveform_ai_cmdtest(struct comedi_device *dev,
if (cmd->convert_src == TRIG_NOW)
err |= comedi_check_trigger_arg_is(&cmd->convert_arg, 0);
- if (cmd->scan_begin_src == TRIG_TIMER) {
- err |= comedi_check_trigger_arg_min(&cmd->scan_begin_arg,
- NSEC_PER_USEC);
- if (cmd->convert_src == TRIG_TIMER) {
- err |= comedi_check_trigger_arg_min(&cmd->
- scan_begin_arg,
- cmd->convert_arg *
- cmd->chanlist_len);
- }
- }
+ err |= comedi_check_trigger_arg_min(&cmd->scan_begin_arg,
+ NSEC_PER_USEC);
err |= comedi_check_trigger_arg_min(&cmd->chanlist_len, 1);
err |= comedi_check_trigger_arg_is(&cmd->scan_end_arg,
@@ -290,21 +282,29 @@ static int waveform_ai_cmdtest(struct comedi_device *dev,
/* step 4: fix up any arguments */
- if (cmd->scan_begin_src == TRIG_TIMER) {
- arg = cmd->scan_begin_arg;
- /* round to nearest microsec */
- arg = NSEC_PER_USEC *
- ((arg + (NSEC_PER_USEC / 2)) / NSEC_PER_USEC);
- err |= comedi_check_trigger_arg_is(&cmd->scan_begin_arg, arg);
- }
if (cmd->convert_src == TRIG_TIMER) {
+ /* round convert_arg to nearest microsecond */
arg = cmd->convert_arg;
- /* round to nearest microsec */
- arg = NSEC_PER_USEC *
- ((arg + (NSEC_PER_USEC / 2)) / NSEC_PER_USEC);
+ arg = min(arg,
+ rounddown(UINT_MAX, (unsigned int)NSEC_PER_USEC));
+ arg = NSEC_PER_USEC * DIV_ROUND_CLOSEST(arg, NSEC_PER_USEC);
+ /* limit convert_arg to keep scan_begin_arg in range */
+ limit = UINT_MAX / cmd->scan_end_arg;
+ limit = rounddown(limit, (unsigned int)NSEC_PER_SEC);
+ arg = min(arg, limit);
err |= comedi_check_trigger_arg_is(&cmd->convert_arg, arg);
}
+ /* round scan_begin_arg to nearest microsecond */
+ arg = cmd->scan_begin_arg;
+ arg = min(arg, rounddown(UINT_MAX, (unsigned int)NSEC_PER_USEC));
+ arg = NSEC_PER_USEC * DIV_ROUND_CLOSEST(arg, NSEC_PER_USEC);
+ if (cmd->convert_src == TRIG_TIMER) {
+ /* but ensure scan_begin_arg is large enough */
+ arg = max(arg, cmd->convert_arg * cmd->scan_end_arg);
+ }
+ err |= comedi_check_trigger_arg_is(&cmd->scan_begin_arg, arg);
+
if (err)
return 4;
--
2.6.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists