lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200530025735.GC1367069@ubuntu-s3-xlarge-x86>
Date:   Fri, 29 May 2020 19:57:35 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        linux-media@...r.kernel.org, devel@...verdev.osuosl.org,
        linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com
Subject: Re: [PATCH 5/9] staging: media: atomisp: fix stack overflow in
 init_pipe_defaults()

On Fri, May 29, 2020 at 10:00:27PM +0200, Arnd Bergmann wrote:
> When building with clang, multiple copies of the structures to be
> initialized are passed around on the stack and copied locally, using an
> insane amount of stack space:
> 
> drivers/staging/media/atomisp/pci/sh_css.c:2371:1: error: stack frame size of 26864 bytes in function 'create_pipe' [-Werror,-Wframe-larger-than=]
> 
> Use constantly-allocated variables plus an explicit memcpy()
> to avoid that.
> 
> Fixes: 6dc9a2568f84 ("media: atomisp: convert default struct values to use compound-literals with designated initializers")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>

Reviewed-by: Nathan Chancellor <natechancellor@...il.com>

> ---
>  drivers/staging/media/atomisp/pci/sh_css.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/staging/media/atomisp/pci/sh_css.c b/drivers/staging/media/atomisp/pci/sh_css.c
> index e91c6029c651..1e8b9d637116 100644
> --- a/drivers/staging/media/atomisp/pci/sh_css.c
> +++ b/drivers/staging/media/atomisp/pci/sh_css.c
> @@ -2264,6 +2264,12 @@ static enum ia_css_err
>  init_pipe_defaults(enum ia_css_pipe_mode mode,
>  		   struct ia_css_pipe *pipe,
>  		   bool copy_pipe) {
> +	static const struct ia_css_pipe default_pipe = IA_CSS_DEFAULT_PIPE;
> +	static const struct ia_css_preview_settings preview = IA_CSS_DEFAULT_PREVIEW_SETTINGS;
> +	static const struct ia_css_capture_settings capture = IA_CSS_DEFAULT_CAPTURE_SETTINGS;
> +	static const struct ia_css_video_settings video = IA_CSS_DEFAULT_VIDEO_SETTINGS;
> +	static const struct ia_css_yuvpp_settings yuvpp = IA_CSS_DEFAULT_YUVPP_SETTINGS;
> +
>  	if (!pipe)
>  	{
>  		IA_CSS_ERROR("NULL pipe parameter");
> @@ -2271,14 +2277,14 @@ init_pipe_defaults(enum ia_css_pipe_mode mode,
>  	}
>  
>  	/* Initialize pipe to pre-defined defaults */
> -	*pipe = IA_CSS_DEFAULT_PIPE;
> +	memcpy(pipe, &default_pipe, sizeof(default_pipe));
>  
>  	/* TODO: JB should not be needed, but temporary backward reference */
>  	switch (mode)
>  	{
>  	case IA_CSS_PIPE_MODE_PREVIEW:
>  		pipe->mode = IA_CSS_PIPE_ID_PREVIEW;
> -		pipe->pipe_settings.preview = IA_CSS_DEFAULT_PREVIEW_SETTINGS;
> +		memcpy(&pipe->pipe_settings.preview, &preview, sizeof(preview));
>  		break;
>  	case IA_CSS_PIPE_MODE_CAPTURE:
>  		if (copy_pipe) {
> @@ -2286,11 +2292,11 @@ init_pipe_defaults(enum ia_css_pipe_mode mode,
>  		} else {
>  			pipe->mode = IA_CSS_PIPE_ID_CAPTURE;
>  		}
> -		pipe->pipe_settings.capture = IA_CSS_DEFAULT_CAPTURE_SETTINGS;
> +		memcpy(&pipe->pipe_settings.capture, &capture, sizeof(capture));
>  		break;
>  	case IA_CSS_PIPE_MODE_VIDEO:
>  		pipe->mode = IA_CSS_PIPE_ID_VIDEO;
> -		pipe->pipe_settings.video = IA_CSS_DEFAULT_VIDEO_SETTINGS;
> +		memcpy(&pipe->pipe_settings.video, &video, sizeof(video));
>  		break;
>  	case IA_CSS_PIPE_MODE_ACC:
>  		pipe->mode = IA_CSS_PIPE_ID_ACC;
> @@ -2300,7 +2306,7 @@ init_pipe_defaults(enum ia_css_pipe_mode mode,
>  		break;
>  	case IA_CSS_PIPE_MODE_YUVPP:
>  		pipe->mode = IA_CSS_PIPE_ID_YUVPP;
> -		pipe->pipe_settings.yuvpp = IA_CSS_DEFAULT_YUVPP_SETTINGS;
> +		memcpy(&pipe->pipe_settings.yuvpp, &yuvpp, sizeof(yuvpp));
>  		break;
>  	default:
>  		return IA_CSS_ERR_INVALID_ARGUMENTS;
> -- 
> 2.26.2
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ