commit 3d13de4b027d5f6276c0f9d3a264f518747d83f2 upstream.
Currently, the following causes a kernel OOPS in memcpy:
echo 1073741825 > buffer/length
echo 1 > buffer/enable
Note that using 1073741824 instead of 1073741825 causes "write error:
Cannot allocate memory" but no OOPS.
This is because 1073741824 == 2^30 and 1073741825 == 2^30+1. Since kfifo
rounds up to the nearest power of 2, it will actually call kmalloc with
roundup_pow_of_two(length) * bytes_per_datum.
Using length == 1073741825 and bytes_per_datum == 2, we get:
kmalloc(roundup_pow_of_two(1073741825) * 2
or kmalloc(2147483648 * 2)
or kmalloc(4294967296)
or kmalloc(UINT_MAX + 1)
so this overflows to 0, causing kmalloc to return ZERO_SIZE_PTR and
subsequent memcpy to fail once the device is enabled.
Fix this by checking for overflow prior to allocating a kfifo. With this
check added, the above code returns -EINVAL when enabling the buffer,
rather than causing an OOPS.
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[bwh: Backported to 3.16: adjust filename]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
commit c043ec1ca5baae63726aae32abbe003192bc6eec upstream.
Currently, we use int for buffer length and bytes_per_datum. However,
kfifo uses unsigned int for length and size_t for element size. We need
to make sure these matches or we will have bugs related to overflow (in
the range between INT_MAX and UINT_MAX for length, for example).
In addition, set_bytes_per_datum uses size_t while bytes_per_datum is an
int, which would cause bugs for large values of bytes_per_datum.
Change buffer length to use unsigned int and bytes_per_datum to use
size_t.
Change-Id: I582f2cc918f788c85ba05924d901c2adae820fc8
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
[bwh: Backported to 3.16:
- Drop change in iio_dma_buffer_set_length()
- Adjust filenames, context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
__iio_update_buffer updates the buffer's bytes_per_datum and length fields.
But the only user of this function just passes in these exact fields, so the
call basically looks like this:
buffer->bytes_per_datum = buffer->bytes_per_datum;
buffer->length = buffer->length;
Which means it is a noop and can be removed. Also remove the function itself,
since it is now unused.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Drop timestamp parameter from buffer store_to callback and subsequently from
iio_push_to_buffer. The timestamp parameter is unused and it seems likely that
it will stay unused in the future, so it should be safe to remove it.
Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
These two elements were originally in the patch
iio:kfifo_buf Take advantage of the fixed record size used in IIO
but Lars-Peter Clausen pointed out they should not have been
so here they are.
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Tested-by: Lars-Peter Clausen <lars@metafoo.de>
By bypassing the standard macros for setting up the kfifo we can
take advantage of the fixed record size implementation without
having to have a type to pass in (from which the size of an element
is normally established).
In IIO we have variable 'scans' as our records in which any element
can be present or not. They do not however vary when we are
actually filling or reading from the buffer. Thus we have a fixed
record size whenever we are actually running. As setup and tear
down are not in the fast path we can take the overhead of reinitializing
the kfifo every time.
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Tested-by: Lars-Peter Clausen <lars@metafoo.de>
Take the core support + the kfifo buffer implentation out of
staging. Whilst we are far from done in improving this subsystem
it is now at a stage where the userspae interfaces (provided by
the core) can be considered stable.
Drivers will follow over a longer time scale.
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-04-25 11:11:38 -07:00
Renamed from drivers/staging/iio/kfifo_buf.c (Browse further)
Martin Kelly
Lars-Peter Clausen
Jonathan Cameron