| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Feb 2021 15:29:02 +0300
From: Vladimir Lypak <junak.pub@...il.com>
To: Vladimir Lypak <junak.pub@...il.com>
Cc: Robert Foss <robert.foss@...aro.org>,
Todor Tomov <todor.too@...il.com>,
Andy Gross <agross@...nel.org>,
Bjorn Andersson <bjorn.andersson@...aro.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-media@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] media: qcom: camss: Fix overflows in clock rate calculations
Because of u32 type being used to store pixel clock rate, expression used
to calculate pipeline clocks (pixel_clock * bpp) produces wrong value due
to integer overflow. This patch changes data type used to store, pass and
retrieve pixel_clock from u32 to u64 to make this mistake less likely to
be repeated in the future.
Signed-off-by: Vladimir Lypak <junak.pub@...il.com>
---
drivers/media/platform/qcom/camss/camss-csid.c | 2 +-
drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c | 4 ++--
drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c | 4 ++--
drivers/media/platform/qcom/camss/camss-csiphy.c | 4 ++--
drivers/media/platform/qcom/camss/camss-csiphy.h | 2 +-
drivers/media/platform/qcom/camss/camss-vfe.c | 4 ++--
drivers/media/platform/qcom/camss/camss.c | 2 +-
drivers/media/platform/qcom/camss/camss.h | 2 +-
8 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/drivers/media/platform/qcom/camss/camss-csid.c b/drivers/media/platform/qcom/camss/camss-csid.c
index be3fe76f3dc30..6307b889baa69 100644
--- a/drivers/media/platform/qcom/camss/camss-csid.c
+++ b/drivers/media/platform/qcom/camss/camss-csid.c
@@ -462,7 +462,7 @@ static irqreturn_t csid_isr(int irq, void *dev)
static int csid_set_clock_rates(struct csid_device *csid)
{
struct device *dev = csid->camss->dev;
- u32 pixel_clock;
+ u64 pixel_clock;
int i, j;
int ret;
diff --git a/drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c b/drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c
index 12bce391d71fd..ec66d1557b8b1 100644
--- a/drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c
+++ b/drivers/media/platform/qcom/camss/camss-csiphy-2ph-1-0.c
@@ -57,7 +57,7 @@ static void csiphy_reset(struct csiphy_device *csiphy)
* Return settle count value or 0 if the CSI2 pixel clock
* frequency is not available
*/
-static u8 csiphy_settle_cnt_calc(u32 pixel_clock, u8 bpp, u8 num_lanes,
+static u8 csiphy_settle_cnt_calc(u64 pixel_clock, u8 bpp, u8 num_lanes,
u32 timer_clk_rate)
{
u32 mipi_clock; /* Hz */
@@ -83,7 +83,7 @@ static u8 csiphy_settle_cnt_calc(u32 pixel_clock, u8 bpp, u8 num_lanes,
static void csiphy_lanes_enable(struct csiphy_device *csiphy,
struct csiphy_config *cfg,
- u32 pixel_clock, u8 bpp, u8 lane_mask)
+ u64 pixel_clock, u8 bpp, u8 lane_mask)
{
struct csiphy_lanes_cfg *c = &cfg->csi2->lane_cfg;
u8 settle_cnt;
diff --git a/drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c b/drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c
index 97cb9de850315..cd6eb88a7c153 100644
--- a/drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c
+++ b/drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c
@@ -113,7 +113,7 @@ static irqreturn_t csiphy_isr(int irq, void *dev)
* Return settle count value or 0 if the CSI2 pixel clock
* frequency is not available
*/
-static u8 csiphy_settle_cnt_calc(u32 pixel_clock, u8 bpp, u8 num_lanes,
+static u8 csiphy_settle_cnt_calc(u64 pixel_clock, u8 bpp, u8 num_lanes,
u32 timer_clk_rate)
{
u32 mipi_clock; /* Hz */
@@ -137,7 +137,7 @@ static u8 csiphy_settle_cnt_calc(u32 pixel_clock, u8 bpp, u8 num_lanes,
static void csiphy_lanes_enable(struct csiphy_device *csiphy,
struct csiphy_config *cfg,
- u32 pixel_clock, u8 bpp, u8 lane_mask)
+ u64 pixel_clock, u8 bpp, u8 lane_mask)
{
struct csiphy_lanes_cfg *c = &cfg->csi2->lane_cfg;
u8 settle_cnt;
diff --git a/drivers/media/platform/qcom/camss/camss-csiphy.c b/drivers/media/platform/qcom/camss/camss-csiphy.c
index 509c9a59c09cd..61628f55c4f63 100644
--- a/drivers/media/platform/qcom/camss/camss-csiphy.c
+++ b/drivers/media/platform/qcom/camss/camss-csiphy.c
@@ -102,7 +102,7 @@ static u8 csiphy_get_bpp(const struct csiphy_format *formats,
static int csiphy_set_clock_rates(struct csiphy_device *csiphy)
{
struct device *dev = csiphy->camss->dev;
- u32 pixel_clock;
+ u64 pixel_clock;
int i, j;
int ret;
@@ -238,7 +238,7 @@ static u8 csiphy_get_lane_mask(struct csiphy_lanes_cfg *lane_cfg)
static int csiphy_stream_on(struct csiphy_device *csiphy)
{
struct csiphy_config *cfg = &csiphy->cfg;
- u32 pixel_clock;
+ u64 pixel_clock;
u8 lane_mask = csiphy_get_lane_mask(&cfg->csi2->lane_cfg);
u8 bpp = csiphy_get_bpp(csiphy->formats, csiphy->nformats,
csiphy->fmt[MSM_CSIPHY_PAD_SINK].code);
diff --git a/drivers/media/platform/qcom/camss/camss-csiphy.h b/drivers/media/platform/qcom/camss/camss-csiphy.h
index f7967ef836dcc..450c8247bd533 100644
--- a/drivers/media/platform/qcom/camss/camss-csiphy.h
+++ b/drivers/media/platform/qcom/camss/camss-csiphy.h
@@ -50,7 +50,7 @@ struct csiphy_hw_ops {
void (*reset)(struct csiphy_device *csiphy);
void (*lanes_enable)(struct csiphy_device *csiphy,
struct csiphy_config *cfg,
- u32 pixel_clock, u8 bpp, u8 lane_mask);
+ u64 pixel_clock, u8 bpp, u8 lane_mask);
void (*lanes_disable)(struct csiphy_device *csiphy,
struct csiphy_config *cfg);
irqreturn_t (*isr)(int irq, void *dev);
diff --git a/drivers/media/platform/qcom/camss/camss-vfe.c b/drivers/media/platform/qcom/camss/camss-vfe.c
index fae2b513b2f9d..b2c95b46ce661 100644
--- a/drivers/media/platform/qcom/camss/camss-vfe.c
+++ b/drivers/media/platform/qcom/camss/camss-vfe.c
@@ -1112,7 +1112,7 @@ static inline void vfe_isr_halt_ack(struct vfe_device *vfe)
static int vfe_set_clock_rates(struct vfe_device *vfe)
{
struct device *dev = vfe->camss->dev;
- u32 pixel_clock[MSM_VFE_LINE_NUM];
+ u64 pixel_clock[MSM_VFE_LINE_NUM];
int i, j;
int ret;
@@ -1194,7 +1194,7 @@ static int vfe_set_clock_rates(struct vfe_device *vfe)
*/
static int vfe_check_clock_rates(struct vfe_device *vfe)
{
- u32 pixel_clock[MSM_VFE_LINE_NUM];
+ u64 pixel_clock[MSM_VFE_LINE_NUM];
int i, j;
int ret;
diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c
index 8fefce57bc49f..eb55cf436b717 100644
--- a/drivers/media/platform/qcom/camss/camss.c
+++ b/drivers/media/platform/qcom/camss/camss.c
@@ -555,7 +555,7 @@ struct media_entity *camss_find_sensor(struct media_entity *entity)
*
* Return 0 on success or a negative error code otherwise
*/
-int camss_get_pixel_clock(struct media_entity *entity, u32 *pixel_clock)
+int camss_get_pixel_clock(struct media_entity *entity, u64 *pixel_clock)
{
struct media_entity *sensor;
struct v4l2_subdev *subdev;
diff --git a/drivers/media/platform/qcom/camss/camss.h b/drivers/media/platform/qcom/camss/camss.h
index 3a0484683cd6e..fabfce9a3496c 100644
--- a/drivers/media/platform/qcom/camss/camss.h
+++ b/drivers/media/platform/qcom/camss/camss.h
@@ -108,7 +108,7 @@ int camss_enable_clocks(int nclocks, struct camss_clock *clock,
struct device *dev);
void camss_disable_clocks(int nclocks, struct camss_clock *clock);
struct media_entity *camss_find_sensor(struct media_entity *entity);
-int camss_get_pixel_clock(struct media_entity *entity, u32 *pixel_clock);
+int camss_get_pixel_clock(struct media_entity *entity, u64 *pixel_clock);
int camss_pm_domain_on(struct camss *camss, int id);
void camss_pm_domain_off(struct camss *camss, int id);
void camss_delete(struct camss *camss);
--
2.30.0
Powered by blists - more mailing lists