From patchwork Wed Oct 12 16:00:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Loic Pallardy X-Patchwork-Id: 77573 Delivered-To: patch@linaro.org Received: by 10.140.97.247 with SMTP id m110csp530605qge; Wed, 12 Oct 2016 09:55:42 -0700 (PDT) X-Received: by 10.66.156.229 with SMTP id wh5mr2643991pab.137.1476291342249; Wed, 12 Oct 2016 09:55:42 -0700 (PDT) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c5si6751912pga.267.2016.10.12.09.55.41; Wed, 12 Oct 2016 09:55:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755956AbcJLQzX (ORCPT + 27 others); Wed, 12 Oct 2016 12:55:23 -0400 Received: from mx08-00178001.pphosted.com ([91.207.212.93]:39467 "EHLO mx07-00178001.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1755926AbcJLQzA (ORCPT ); Wed, 12 Oct 2016 12:55:00 -0400 Received: from pps.filterd (m0046660.ppops.net [127.0.0.1]) by mx08-00178001.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u9CFuQq6028941; Wed, 12 Oct 2016 18:01:21 +0200 Received: from beta.dmz-eu.st.com (beta.dmz-eu.st.com [164.129.1.35]) by mx08-.pphosted.com with ESMTP id 2615cgwhxj-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 12 Oct 2016 18:01:21 +0200 Received: from zeta.dmz-eu.st.com (zeta.dmz-eu.st.com [164.129.230.9]) by beta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 5B9AA31; Wed, 12 Oct 2016 16:01:20 +0000 (GMT) Received: from Webmail-eu.st.com (Safex1hubcas22.st.com [10.75.90.92]) by zeta.dmz-eu.st.com (STMicroelectronics) with ESMTP id 46AD72AB4; Wed, 12 Oct 2016 16:01:20 +0000 (GMT) Received: from localhost (10.201.23.23) by Webmail-ga.st.com (10.75.90.48) with Microsoft SMTP Server (TLS) id 14.3.279.2; Wed, 12 Oct 2016 18:01:19 +0200 From: Loic Pallardy To: , , CC: , , , Subject: [PATCH v3 15/20] remoteproc: core: Append resource only if .resource_table section is large enough Date: Wed, 12 Oct 2016 18:00:33 +0200 Message-ID: <1476288038-24909-16-git-send-email-loic.pallardy@st.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1476288038-24909-1-git-send-email-loic.pallardy@st.com> References: <1476288038-24909-1-git-send-email-loic.pallardy@st.com> MIME-Version: 1.0 X-Originating-IP: [10.201.23.23] X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-10-12_09:, , signatures=0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org To guarantee remoteproc won't overwrite firmware data when copying back modified resource table, rproc_add_resource_table_entry verifies first that .resource_table elf section is large enough to support new resource appending. Signed-off-by: Loic Pallardy --- drivers/remoteproc/remoteproc_core.c | 81 +++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 25 deletions(-) -- 1.9.1 diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c index 3847fd4..f4a02f0 100644 --- a/drivers/remoteproc/remoteproc_core.c +++ b/drivers/remoteproc/remoteproc_core.c @@ -1057,39 +1057,73 @@ static int rproc_update_resource_table_entry(struct rproc *rproc, return !updated; } -static struct resource_table* -rproc_add_resource_table_entry(struct rproc *rproc, +static int rproc_add_resource_table_entry(struct rproc *rproc, struct rproc_request_resource *request, - struct resource_table *old_table, int *tablesz) + struct resource_table *table, int tablesz) { - struct resource_table *table; - struct fw_rsc_hdr h; + struct fw_rsc_hdr *hdr, h; void *new_rsc_loc; void *fw_header_loc; void *start_of_rscs; int new_rsc_offset; - int size = *tablesz; - int i; + struct fw_rsc_vdev *v; + int i, spare_len = 0, size; + unsigned int min_offset, max_offset = 0; + h.type = request->type; - new_rsc_offset = size; + /* Check available spare size to integrate new resource */ + for (i = 0; i < table->num; i++) + max_offset = max(max_offset, table->offset[i]); + + hdr = (void *)table + max_offset; + + switch (hdr->type) { + case RSC_CARVEOUT: + size = sizeof(struct fw_rsc_carveout); + break; + case RSC_DEVMEM: + size = sizeof(struct fw_rsc_devmem); + break; + case RSC_TRACE: + size = sizeof(struct fw_rsc_trace); + break; + case RSC_VDEV: + v = (void *)hdr + sizeof(*hdr); + size = sizeof(*v); + size += v->num_of_vrings * sizeof(struct fw_rsc_vdev_vring); + size += v->config_len; + break; + default: + dev_err(&rproc->dev, "Unsupported resource type: %d\n", + hdr->type); + return -EINVAL; + } + + new_rsc_offset = max_offset + size; + spare_len = tablesz - new_rsc_offset; /* - * Allocate another contiguous chunk of memory, large enough to - * contain the new, expanded resource table. - * - * The +4 is for the extra offset[] element in the top level header + * Available space must be greater or equal to : + * new offset entry size (4Bytes) + * + resource header size + * + new resource size */ - size += sizeof(struct fw_rsc_hdr) + request->size + 4; - table = devm_kmemdup(&rproc->dev, old_table, size, GFP_KERNEL); - if (!table) - return ERR_PTR(-ENOMEM); + if (spare_len < (4 + sizeof(h) + request->size)) + return -ENOSPC; + + /* Find the lowest resource table entry */ + min_offset = table->offset[0]; + for (i = 1; i < table->num; i++) + min_offset = min(min_offset, table->offset[i]); + /* Shunt table by 4 Bytes to account for the extra offset[] element */ - start_of_rscs = (void *)table + table->offset[0]; + start_of_rscs = (void *)table + min_offset; memmove(start_of_rscs + 4, - start_of_rscs, new_rsc_offset - table->offset[0]); + start_of_rscs, new_rsc_offset - min_offset); + new_rsc_offset += 4; /* Update existing resource entry's offsets */ @@ -1108,8 +1142,7 @@ rproc_add_resource_table_entry(struct rproc *rproc, new_rsc_loc = (void *)fw_header_loc + sizeof(h); memcpy(new_rsc_loc, request->resource, request->size); - *tablesz = size; - return table; + return 0; } static struct resource_table* @@ -1154,12 +1187,10 @@ rproc_apply_resource_overrides(struct rproc *rproc, continue; /* Didn't find matching resource entry -- creating a new one. */ - table = rproc_add_resource_table_entry(rproc, resource, - table, &size); - if (IS_ERR(table)) + updated = rproc_add_resource_table_entry(rproc, resource, + table, size); + if (updated) goto out; - - *orig_table = table; } if (IS_ENABLED(DEBUG) || IS_ENABLED(CONFIG_DYNAMIC_DEBUG))