lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 2 Oct 2023 19:59:43 +0900
From:   Tomasz Figa <tfiga@...omium.org>
To:     Hans Verkuil <hverkuil@...all.nl>
Cc:     Ma Ke <make_ruc2021@....com>, m.szyprowski@...sung.com,
        mchehab@...nel.org, linux-media@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] media: videobuf2: Fix IS_ERR checking in vb2_vmalloc_put_userptr()

On Mon, Oct 2, 2023 at 7:16 PM Hans Verkuil <hverkuil@...all.nl> wrote:
>
> Hi Ma Ke,
>
> On 24/09/2023 14:44, Ma Ke wrote:
> > In order to avoid error pointers from frame_vector_pages(), we could
> > use IS_ERR() to check the return value to fix this. This checking
> > operation could make sure that vector contains pages.
> >
> > Signed-off-by: Ma Ke <make_ruc2021@....com>
> > ---
> >  drivers/media/common/videobuf2/videobuf2-vmalloc.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/media/common/videobuf2/videobuf2-vmalloc.c b/drivers/media/common/videobuf2/videobuf2-vmalloc.c
> > index 7c635e292106..c37775080aff 100644
> > --- a/drivers/media/common/videobuf2/videobuf2-vmalloc.c
> > +++ b/drivers/media/common/videobuf2/videobuf2-vmalloc.c
> > @@ -134,6 +134,7 @@ static void vb2_vmalloc_put_userptr(void *buf_priv)
> >       if (!buf->vec->is_pfns) {
> >               n_pages = frame_vector_count(buf->vec);
> >               pages = frame_vector_pages(buf->vec);
> > +             BUG_ON(IS_ERR(pages));

Can this even happen? We removed support for pfn maps from
get_vaddr_frames() quite long ago, so we should always have pages in
the frame vector if vb2_crate_framevec() in get_userptr() succeeds.

Or am I reading something wrong?

> >               if (vaddr)
> >                       vm_unmap_ram((void *)vaddr, n_pages);
> >               if (buf->dma_dir == DMA_FROM_DEVICE ||
>
> The use of BUG_ON is discouraged in the kernel. I did notice that is it
> also used in the put_userptr callback in videobuf2-dma-contig.c.
>
> I think it is much better to do something like this:
>
>         if (!buf->vec->is_pfns) {
>                 n_pages = frame_vector_count(buf->vec);
>                 if (vaddr)
>                         vm_unmap_ram((void *)vaddr, n_pages);
>                 if (buf->dma_dir == DMA_FROM_DEVICE ||
>                     buf->dma_dir == DMA_BIDIRECTIONAL) {
>                         pages = frame_vector_pages(buf->vec);
>                         if (!WARN_ON_ONCE(IS_ERR(pages)))
>                                 for (i = 0; i < n_pages; i++)
>                                         set_page_dirty_lock(pages[i]);
>                 }
>         } else {
>
> and do something similar in videobuf2-dma-contig.c.
>
> Regards,
>
>         Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ