lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 13 Jul 2023 11:12:33 +0800
From:   Jammy Huang <jammy_huang@...eedtech.com>
To:     Paul Menzel <pmenzel@...gen.mpg.de>
CC:     <eajames@...ux.ibm.com>, <mchehab@...nel.org>, <joel@....id.au>,
        <andrew@...id.au>, <linux-media@...r.kernel.org>,
        <openbmc@...ts.ozlabs.org>, <linux-arm-kernel@...ts.infradead.org>,
        <linux-aspeed@...ts.ozlabs.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] media: aspeed: Fix memory overwrite if timing is 1600x900

Hi Paul,


On 2023/7/12 下午 06:09, Paul Menzel wrote:
> Dear Jammy,
>
>
> Thank you very much for your patch.
>
> Am 12.07.23 um 11:26 schrieb Jammy Huang:
>> When capturing 1600x900, system could crash when system memory usage is
>> tight.
>
> Please provide part of the trace, and if you have a commend to 
> reproduce it, please also add it. Is it documented somewhere, that it 
> needs to be aligned?

Sorry, but I didn't find trace when this issue happened.The system just 
crash and reboot.

It just takes a few minutes to reproduce this issue using the way as below,

1. Use 1600x900 to display on host

2. Mount ISO through 'Virtual media' on OpenBMC's web

3. Run script as below on host to do sha continuously

#!/bin/bash

while [ [1] ];
do
         find /media -type f -printf '"%h/%f"\n' | xargs sha256sum
done

4. Open KVM on OpenBMC's web


I will add above information to next patch.

>
>> The size of macro block captured is 8x8. Therefore, we should make sure
>> the height of src-buf is 8 aligned to fix this issue.
>>
>> Signed-off-by: Jammy Huang <jammy_huang@...eedtech.com>
>> ---
>>   drivers/media/platform/aspeed/aspeed-video.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/media/platform/aspeed/aspeed-video.c 
>> b/drivers/media/platform/aspeed/aspeed-video.c
>> index 374eb7781936..14594f55a77f 100644
>> --- a/drivers/media/platform/aspeed/aspeed-video.c
>> +++ b/drivers/media/platform/aspeed/aspeed-video.c
>> @@ -1130,7 +1130,7 @@ static void aspeed_video_get_resolution(struct 
>> aspeed_video *video)
>>   static void aspeed_video_set_resolution(struct aspeed_video *video)
>>   {
>>       struct v4l2_bt_timings *act = &video->active_timings;
>> -    unsigned int size = act->width * act->height;
>> +    unsigned int size = act->width * ALIGN(act->height, 8);
>>         /* Set capture/compression frame sizes */
>>       aspeed_video_calc_compressed_size(video, size);
>> @@ -1147,7 +1147,7 @@ static void aspeed_video_set_resolution(struct 
>> aspeed_video *video)
>>           u32 width = ALIGN(act->width, 64);
>>             aspeed_video_write(video, VE_CAP_WINDOW, width << 16 | 
>> act->height);
>> -        size = width * act->height;
>> +        size = width * ALIGN(act->height, 8);
>
> Maybe add a comment.
>
> Excuse my ignorance, but as `width` is already 64 bit aligned, how 
> does aligning the second factor make a difference for `size`? Can you 
> give an example?
>
>>       } else {
>>           aspeed_video_write(video, VE_CAP_WINDOW,
>>                      act->width << 16 | act->height);
>>
>> base-commit: 2605e80d3438c77190f55b821c6575048c68268e
>
>
> Kind regards,
>
> Paul

-- 
Best Regards
Jammy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ