| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Sep 2017 14:37:03 +0300
From: Dmitry Osipenko <digetx@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Thierry Reding <thierry.reding@...il.com>,
Jonathan Hunter <jonathanh@...dia.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Rob Herring <robh+dt@...nel.org>, linux-tegra@...r.kernel.org,
devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org,
devicetree@...r.kernel.org
Subject: Re: [PATCH v1 1/2] staging: Introduce NVIDIA Tegra20 video decoder
driver
On 28.09.2017 10:23, Dan Carpenter wrote:
> On Thu, Sep 28, 2017 at 02:28:04AM +0300, Dmitry Osipenko wrote:
>>>> + if (is_baseline_profile)
>>>> + frame->aux_paddr = 0xF4DEAD00;
>>>
>>> The handling of is_baseline_profile is strange to me. It feels like we
>>> should always check it before we use ->aux_paddr but we don't ever do
>>> that.
>>>
>>
>> In a case of baseline profile, aux buffer isn't needed, HW should't use it. Aux
>> phys address is set to a predefined and invalid address, so that in a case of
>> VDE trying to use it, its invalid memory accesses would be reported in KMSG by
>> memory controller driver and the reported invalid addresses would be known to be
>> associated with the aux buffer. I'm not sure what you are meaning.
>
> It's not used perhaps, but we do write it to the hardware, right?
>
That's right. I'm pretty sure HW won't use the aux in a case of baseline
profile, haven't seen an evidence of it. But in order to be on a safe side, the
addresses are initialized to an invalid value, so HW won't have a chance to
silently fetch/trash 'arbitrary' main memory and we will know if it tries to do it.
if (baseline_profile)
frame->aux_paddr = 0xF4DEAD00;
else {
So here ^ all *used* frame entries are being initialized.
> tegra_vde_write_iram_entry(iram_tables, 0, i, value, aux_paddr);
>
> It's just strange.
>
There up to 16 reference video frames (already decoded) that could be used for
decoding of a video frame. Addresses of reference frames that shouldn't be used
for decoding of the current frame are set to an invalid address. Userspace my
supply wrong frames list or frames list setup code may contain an obscure bug
and we will know about it.
} else {
aux_paddr = 0xFADEAD00;
value = 0;
}
Here ^ all *unused* frame entries are being initialized.
tegra_vde_write_iram_entry(iram_tables, 0, i, value, aux_paddr);
And here ^ these entries are written to the tables that are read by HW.
--
Dmitry
Powered by blists - more mailing lists