lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 5 May 2020 17:18:40 +0200
From:   Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To:     Neil Armstrong <narmstrong@...libre.com>
Cc:     linux-media@...r.kernel.org, hverkuil-cisco@...all.nl,
        linux-amlogic@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Maxime Jourdan <mjourdan@...libre.com>
Subject: Re: [PATCH 2/3] media: meson: vdec: fix another case of VP9 buffer
 shortage

Em Tue, 28 Apr 2020 14:50:35 +0200
Neil Armstrong <narmstrong@...libre.com> escreveu:

> From: Maxime Jourdan <mjourdan@...libre.com>
> 
> - Redo the logic where VP9 gets fresh CAPTURE buffers. The previous code
>   could lead to a hardlock.
> - Reserve 4 margin buffers instead of 3, as apparently there are corner
>   cases where 3 is not enough.
> 
> Fixes: e9a3eb4819ca ("media: meson: vdec: add VP9 input support")
> Fixes: 00c43088aa68 ("media: meson: vdec: add VP9 decoder support")
> Signed-off-by: Maxime Jourdan <mjourdan@...libre.com>
> Signed-off-by: Neil Armstrong <narmstrong@...libre.com>

> +static struct vb2_v4l2_buffer *get_free_vbuf(struct amvdec_session *sess)
> +{
> +	struct codec_vp9 *vp9 = sess->priv;
> +	struct vb2_v4l2_buffer *vbuf = v4l2_m2m_dst_buf_remove(sess->m2m_ctx);
> +	struct vb2_v4l2_buffer *vbuf2;
> +
> +	if (!vbuf)
> +		return NULL;
> +
> +	if (!codec_vp9_get_frame_by_idx(vp9, vbuf->vb2_buf.index))
> +		return vbuf;
> +
> +	vbuf2 = get_free_vbuf(sess);

Huh!!!!

Never use recursive functions inside the Kernel! Kernel stack is too
limited.

Also, even if Kernel stack would be unlimited, the above logic
would endlessly be calling get_free_vbuf(sess).

Thanks,
Mauro

Powered by blists - more mailing lists