Message ID | 20230622131349.144160-4-benjamin.gaignard@collabora.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp5069846vqr; Thu, 22 Jun 2023 06:29:46 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6hYNReeKYKByKk9QiUOT37yrqQCkbiRd7YS3ZQJueizs/pNWIIHGIk/6Tc39C1+qQLeR+E X-Received: by 2002:a17:90a:43a7:b0:25e:f696:1cf8 with SMTP id r36-20020a17090a43a700b0025ef6961cf8mr18460064pjg.14.1687440585617; Thu, 22 Jun 2023 06:29:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687440585; cv=none; d=google.com; s=arc-20160816; b=gfWVZ2dkVq/m47p1SRWiU7tV+/phrIrPfj8We+Q48a5C3evvCT34zOw3wylNeEaagM r+dJTc+x8y+xjCpcKHKwGsi2OzUcCUVjVW+Vcx0hFMcU3cf9SduWLQUMV/WubD+rsrX3 jW+RvmOs1nTYDbiVOdDdWwbJqbPWZ+bTe2P3gKKUh26cP0XN0Dds7iUNbkepDeEl3AgX xHkOCDiFkPnYtPyiPb4sWSE0BUg2uCO3WJQ+QteotFfBzCjECfzgZ7TAFKlhs/v1kk7t egKsyzHJeE6NHwjtbzHF7TxiC6HWP7JtkLcUQzQSvZKcS+Pcd0yrlTRp0erAvvXktXYP f7og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=aU4uqzyBnVXuHqSu4W5OX49lZdoy6EMluIy3VQqIk7w=; b=svoGvzFui9c2QVfkugKusrRlu0rDmg9JOvKi2k23oyArExliGBnWaI+3CjlIaSlFY3 CHWQjHStK8TibbyZKvC59wzunEcgmaooxVN32W/SUCf1s/vBeJoJydqzla6MAbMIGK7Q 0OPFNtUQYIMXiBMYlC1jgfAELzDXR7PVJB9ncKV62KMjwpyxbG1GAtNkvYdXsLZ6j9sG 2RaEcBnEIciz/+mw1qOzE9DVklDq3WQwI2WqwN0RiUOANMM8twPdxO0cIGRyZTFx09zz vq7PiI2/OgMabb9RXtGjTJ42QbcERWlUsP4x7LYIjK/g6XoiaolXHBurVcjpFAJjukm9 e9Yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=ZxTiNMH1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g7-20020a17090a4b0700b0024df18639fasi13099569pjh.154.2023.06.22.06.29.23; Thu, 22 Jun 2023 06:29:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@collabora.com header.s=mail header.b=ZxTiNMH1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231713AbjFVNOa (ORCPT <rfc822;maxin.john@gmail.com> + 99 others); Thu, 22 Jun 2023 09:14:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32834 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231586AbjFVNOB (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 22 Jun 2023 09:14:01 -0400 Received: from madras.collabora.co.uk (madras.collabora.co.uk [46.235.227.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EDCF1BD7; Thu, 22 Jun 2023 06:14:00 -0700 (PDT) Received: from benjamin-XPS-13-9310.. (unknown [IPv6:2a01:e0a:120:3210:7d72:676c:e745:a6ef]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: benjamin.gaignard) by madras.collabora.co.uk (Postfix) with ESMTPSA id CAD856607121; Thu, 22 Jun 2023 14:13:58 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=collabora.com; s=mail; t=1687439639; bh=AARgP4b8y2Xc1aS5YL8NqmR9rbb2o30p7zaaWtG32hU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZxTiNMH1hDCi1nmk94lamG1X/2drYWUgcsGIuJCmAR05Ubc5m56NTZ+iGvO/n0COj nne8y6hoklBPJ4I4t+WDe+eTO2xu+fS1eTuXPRnUScsede9aTvM654IoXdkFqk/GnG 3mlubjY9Uu2T3PqDO/7ETnGGa7FqWaMwdW5l/zCaTM9bRqXcsyj6ro6OMKhffFAnL6 jUETkWD2LsuwYKGL2MAfHw4aQEE6iuZZD+SfZ8qz1s9PM68lv2tgozf3XHVDQd3dHi k5RcUi5+R72uhu9shyNTsVUXzQDGH02zvUa16zSSJTA1JSma86yxCtjJ7lcwBFsmUI rQ2YJSV5cVQ1A== From: Benjamin Gaignard <benjamin.gaignard@collabora.com> To: mchehab@kernel.org, tfiga@chromium.org, m.szyprowski@samsung.com, ming.qian@nxp.com, ezequiel@vanguardiasur.com.ar, p.zabel@pengutronix.de, gregkh@linuxfoundation.org, hverkuil-cisco@xs4all.nl, nicolas.dufresne@collabora.com Cc: linux-media@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-mediatek@lists.infradead.org, linux-arm-msm@vger.kernel.org, linux-rockchip@lists.infradead.org, linux-staging@lists.linux.dev, kernel@collabora.com, Benjamin Gaignard <benjamin.gaignard@collabora.com> Subject: [PATCH v3 03/11] media: videobuf2: Remove VB2_MAX_FRAME limit on buffer storage Date: Thu, 22 Jun 2023 15:13:41 +0200 Message-Id: <20230622131349.144160-4-benjamin.gaignard@collabora.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230622131349.144160-1-benjamin.gaignard@collabora.com> References: <20230622131349.144160-1-benjamin.gaignard@collabora.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769409699444637807?= X-GMAIL-MSGID: =?utf-8?q?1769409699444637807?= |
Series |
Add DELETE_BUF ioctl
|
|
Commit Message
Benjamin Gaignard
June 22, 2023, 1:13 p.m. UTC
Remove VB2_MAX_FRAME buffer limit since Xarray allows to store
more than that.
Signed-off-by: Benjamin Gaignard <benjamin.gaignard@collabora.com>
---
drivers/media/common/videobuf2/videobuf2-core.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
Comments
On Thu, Jun 22, 2023 at 03:13:41PM +0200, Benjamin Gaignard wrote: > diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c > index f1ff7af34a9f..86e1e926fa45 100644 > --- a/drivers/media/common/videobuf2/videobuf2-core.c > +++ b/drivers/media/common/videobuf2/videobuf2-core.c > @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, > struct vb2_buffer *vb; > int ret; > > - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ > + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ > num_buffers = min_t(unsigned int, num_buffers, > - VB2_MAX_FRAME - q->num_buffers); > + UINT_MAX - q->num_buffers); The UINT_MAX limit adds a level of danger. It would be safer to do what the vfs layer does for MAX_RW_COUNT and use "INT_MAX - PAGE_SIZE". That way you can take size + sizeof() and it's only very rarely going to turn negative. Or at least just INT_MAX. I would keep the VB2_MAX_FRAME and define it as: #define VB2_MAX_FRAME (INT_MAX & PAGE_MASK) /* The mask prevents 85% of integer overflows */ > > for (buffer = 0; buffer < num_buffers; ++buffer) { > /* Allocate vb2 buffer structures */ > @@ -858,9 +858,9 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory, > /* > * Make sure the requested values and current defaults are sane. > */ > - WARN_ON(q->min_buffers_needed > VB2_MAX_FRAME); > + WARN_ON(q->min_buffers_needed > UINT_MAX); This will trigger a static checker warning because the condition is impossible. regards, dan carpenter
On Thu, Jun 22, 2023 at 03:13:41PM +0200, Benjamin Gaignard wrote: > diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c > index f1ff7af34a9f..86e1e926fa45 100644 > --- a/drivers/media/common/videobuf2/videobuf2-core.c > +++ b/drivers/media/common/videobuf2/videobuf2-core.c > @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, > struct vb2_buffer *vb; > int ret; > > - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ > + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ > num_buffers = min_t(unsigned int, num_buffers, > - VB2_MAX_FRAME - q->num_buffers); > + UINT_MAX - q->num_buffers); > > for (buffer = 0; buffer < num_buffers; ++buffer) { > /* Allocate vb2 buffer structures */ Ah... Here's one of the integer overflow bugs I was talking about. The __vb2_queue_alloc() function returns an int so if num_buffers goes over INT_MAX we are hosed. regards, dan carpenter
Le 22/06/2023 à 16:11, Dan Carpenter a écrit : > On Thu, Jun 22, 2023 at 03:13:41PM +0200, Benjamin Gaignard wrote: >> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c >> index f1ff7af34a9f..86e1e926fa45 100644 >> --- a/drivers/media/common/videobuf2/videobuf2-core.c >> +++ b/drivers/media/common/videobuf2/videobuf2-core.c >> @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, >> struct vb2_buffer *vb; >> int ret; >> >> - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ >> + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ >> num_buffers = min_t(unsigned int, num_buffers, >> - VB2_MAX_FRAME - q->num_buffers); >> + UINT_MAX - q->num_buffers); >> >> for (buffer = 0; buffer < num_buffers; ++buffer) { >> /* Allocate vb2 buffer structures */ > Ah... Here's one of the integer overflow bugs I was talking about. The > __vb2_queue_alloc() function returns an int so if num_buffers goes over > INT_MAX we are hosed. I will limit it to: #define VB2_QUEUE_MAX_BUFFERS (INT_MAX & PAGE_MASK) /* The mask prevents 85% of integer overflows */ as you have suggest it. That will be in version 4. Thanks, Benjamin > > regards, > dan carpenter >
On 22/06/2023 16:13, Benjamin Gaignard wrote: > > Le 22/06/2023 à 16:11, Dan Carpenter a écrit : >> On Thu, Jun 22, 2023 at 03:13:41PM +0200, Benjamin Gaignard wrote: >>> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c >>> index f1ff7af34a9f..86e1e926fa45 100644 >>> --- a/drivers/media/common/videobuf2/videobuf2-core.c >>> +++ b/drivers/media/common/videobuf2/videobuf2-core.c >>> @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, >>> struct vb2_buffer *vb; >>> int ret; >>> - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ >>> + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ >>> num_buffers = min_t(unsigned int, num_buffers, >>> - VB2_MAX_FRAME - q->num_buffers); >>> + UINT_MAX - q->num_buffers); >>> for (buffer = 0; buffer < num_buffers; ++buffer) { >>> /* Allocate vb2 buffer structures */ >> Ah... Here's one of the integer overflow bugs I was talking about. The >> __vb2_queue_alloc() function returns an int so if num_buffers goes over >> INT_MAX we are hosed. > > I will limit it to: > #define VB2_QUEUE_MAX_BUFFERS (INT_MAX & PAGE_MASK) /* The mask prevents 85% of integer overflows */ > as you have suggest it. IMHO INT_MAX is way overkill. How about (1U << 20)? I would like some sort of sanity check here. 1048576 buffers of 640x480 and 4 bytes per pixel is 1.2 TB. Since a TB of memory is doable these days, I think this is a reasonable value for MAX_BUFFERS without allowing just anything. An alternative is to make this a kernel config. Regards, Hans > > That will be in version 4. > > Thanks, > Benjamin > >> >> regards, >> dan carpenter >>
Le 23/06/2023 à 09:02, Hans Verkuil a écrit : > On 22/06/2023 16:13, Benjamin Gaignard wrote: >> Le 22/06/2023 à 16:11, Dan Carpenter a écrit : >>> On Thu, Jun 22, 2023 at 03:13:41PM +0200, Benjamin Gaignard wrote: >>>> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c >>>> index f1ff7af34a9f..86e1e926fa45 100644 >>>> --- a/drivers/media/common/videobuf2/videobuf2-core.c >>>> +++ b/drivers/media/common/videobuf2/videobuf2-core.c >>>> @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, >>>> struct vb2_buffer *vb; >>>> int ret; >>>> - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ >>>> + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ >>>> num_buffers = min_t(unsigned int, num_buffers, >>>> - VB2_MAX_FRAME - q->num_buffers); >>>> + UINT_MAX - q->num_buffers); >>>> for (buffer = 0; buffer < num_buffers; ++buffer) { >>>> /* Allocate vb2 buffer structures */ >>> Ah... Here's one of the integer overflow bugs I was talking about. The >>> __vb2_queue_alloc() function returns an int so if num_buffers goes over >>> INT_MAX we are hosed. >> I will limit it to: >> #define VB2_QUEUE_MAX_BUFFERS (INT_MAX & PAGE_MASK) /* The mask prevents 85% of integer overflows */ >> as you have suggest it. > IMHO INT_MAX is way overkill. How about (1U << 20)? I would like some sort of > sanity check here. 1048576 buffers of 640x480 and 4 bytes per pixel is 1.2 TB. I will go for (1U << 20) in next version. Regards, Benjamin > > Since a TB of memory is doable these days, I think this is a reasonable > value for MAX_BUFFERS without allowing just anything. > > An alternative is to make this a kernel config. > > Regards, > > Hans > >> That will be in version 4. >> >> Thanks, >> Benjamin >> >>> regards, >>> dan carpenter >>>
diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c index f1ff7af34a9f..86e1e926fa45 100644 --- a/drivers/media/common/videobuf2/videobuf2-core.c +++ b/drivers/media/common/videobuf2/videobuf2-core.c @@ -455,9 +455,9 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory, struct vb2_buffer *vb; int ret; - /* Ensure that q->num_buffers+num_buffers is below VB2_MAX_FRAME */ + /* Ensure that q->num_buffers + num_buffers is UINT_MAX */ num_buffers = min_t(unsigned int, num_buffers, - VB2_MAX_FRAME - q->num_buffers); + UINT_MAX - q->num_buffers); for (buffer = 0; buffer < num_buffers; ++buffer) { /* Allocate vb2 buffer structures */ @@ -858,9 +858,9 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory, /* * Make sure the requested values and current defaults are sane. */ - WARN_ON(q->min_buffers_needed > VB2_MAX_FRAME); + WARN_ON(q->min_buffers_needed > UINT_MAX); num_buffers = max_t(unsigned int, *count, q->min_buffers_needed); - num_buffers = min_t(unsigned int, num_buffers, VB2_MAX_FRAME); + num_buffers = min_t(unsigned int, num_buffers, UINT_MAX); memset(q->alloc_devs, 0, sizeof(q->alloc_devs)); /* * Set this now to ensure that drivers see the correct q->memory value @@ -976,11 +976,6 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory, bool no_previous_buffers = !q->num_buffers; int ret; - if (q->num_buffers == VB2_MAX_FRAME) { - dprintk(q, 1, "maximum number of buffers already allocated\n"); - return -ENOBUFS; - } - if (no_previous_buffers) { if (q->waiting_in_dqbuf && *count) { dprintk(q, 1, "another dup()ped fd is waiting for a buffer\n"); @@ -1005,7 +1000,7 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory, return -EINVAL; } - num_buffers = min(*count, VB2_MAX_FRAME - q->num_buffers); + num_buffers = min(*count, UINT_MAX - q->num_buffers); if (requested_planes && requested_sizes) { num_planes = requested_planes;