| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <TYZPR06MB6568C3CE08659F86C301787DF139A@TYZPR06MB6568.apcprd06.prod.outlook.com>
Date: Wed, 19 Jul 2023 06:29:32 +0000
From: Jammy Huang <jammy_huang@...eedtech.com>
To: Hans Verkuil <hverkuil@...all.nl>,
Jammy Huang <orbit.huang@...il.com>,
"eajames@...ux.ibm.com" <eajames@...ux.ibm.com>,
"mchehab@...nel.org" <mchehab@...nel.org>,
"joel@....id.au" <joel@....id.au>,
"andrew@...id.au" <andrew@...id.au>,
"linux-media@...r.kernel.org" <linux-media@...r.kernel.org>,
"openbmc@...ts.ozlabs.org" <openbmc@...ts.ozlabs.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"linux-aspeed@...ts.ozlabs.org" <linux-aspeed@...ts.ozlabs.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH v2] media: aspeed: Fix memory overwrite if timing is
1600x900
Hi Hans,
ASPEED's mail server had some problem these days. I will try to resend the patch.
Thank you.
On 2023/7/19 下午 02:18, Hans Verkuil wrote:
> Hi Jammy,
>
> On 17/07/2023 11:51, Jammy Huang wrote:
>> When capturing 1600x900, system could crash when system memory usage is
>> tight.
>>
>> The way to reproduce this issue:
>> 1. Use 1600x900 to display on host
>> 2. Mount ISO through 'Virtual media' on OpenBMC's web
>> 3. Run script as below on host to do sha continuously
>> #!/bin/bash
>> while [ [1] ];
>> do
>> find /media -type f -printf '"%h/%f"\n' | xargs sha256sum
>> done
>> 4. Open KVM on OpenBMC's web
>>
>> The size of macro block captured is 8x8. Therefore, we should make sure
>> the height of src-buf is 8 aligned to fix this issue.
>>
>> Signed-off-by: Jammy Huang <jammy_huang@...eedtech.com>
>
> Your email address you sent this from differs from your SoB. Can you post
> again from the correct email address? Checkpatch complains about this.
>
> Regards,
>
> Hans
>
>> ---
>> v2 changes
>> - Add how to reproduce this issue.
>> ---
>> drivers/media/platform/aspeed/aspeed-video.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/media/platform/aspeed/aspeed-video.c b/drivers/media/platform/aspeed/aspeed-video.c
>> index 374eb7781936..14594f55a77f 100644
>> --- a/drivers/media/platform/aspeed/aspeed-video.c
>> +++ b/drivers/media/platform/aspeed/aspeed-video.c
>> @@ -1130,7 +1130,7 @@ static void aspeed_video_get_resolution(struct aspeed_video *video)
>> static void aspeed_video_set_resolution(struct aspeed_video *video)
>> {
>> struct v4l2_bt_timings *act = &video->active_timings;
>> - unsigned int size = act->width * act->height;
>> + unsigned int size = act->width * ALIGN(act->height, 8);
>>
>> /* Set capture/compression frame sizes */
>> aspeed_video_calc_compressed_size(video, size);
>> @@ -1147,7 +1147,7 @@ static void aspeed_video_set_resolution(struct aspeed_video *video)
>> u32 width = ALIGN(act->width, 64);
>>
>> aspeed_video_write(video, VE_CAP_WINDOW, width << 16 | act->height);
>> - size = width * act->height;
>> + size = width * ALIGN(act->height, 8);
>> } else {
>> aspeed_video_write(video, VE_CAP_WINDOW,
>> act->width << 16 | act->height);
>>
>> base-commit: 2605e80d3438c77190f55b821c6575048c68268e
>
--
Best Regards
Jammy
Powered by blists - more mailing lists