Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755955AbcJLQzX (ORCPT <rfc822;w@1wt.eu>);
        Wed, 12 Oct 2016 12:55:23 -0400
Received: from mx08-00178001.pphosted.com ([91.207.212.93]:39467 "EHLO
        mx07-00178001.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1755926AbcJLQzA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Oct 2016 12:55:00 -0400
From: Loic Pallardy <loic.pallardy@st.com>
To: <bjorn.andersson@linaro.org>, <ohad@wizery.com>,
        <lee.jones@linaro.org>
CC: <loic.pallardy@st.com>, <linux-remoteproc@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>, <kernel@stlinux.com>
Subject: [PATCH v3 15/20] remoteproc: core: Append resource only if .resource_table section is large enough
Date: Wed, 12 Oct 2016 18:00:33 +0200
Message-ID: <1476288038-24909-16-git-send-email-loic.pallardy@st.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1476288038-24909-1-git-send-email-loic.pallardy@st.com>
References: <1476288038-24909-1-git-send-email-loic.pallardy@st.com>
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.201.23.23]
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-10-12_09:,,
 signatures=0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4070
Lines: 134

To guarantee remoteproc won't overwrite firmware data when copying
back modified resource table, rproc_add_resource_table_entry verifies
first that .resource_table elf section is large enough to support new
resource appending.

Signed-off-by: Loic Pallardy <loic.pallardy@st.com>
---
 drivers/remoteproc/remoteproc_core.c | 81 +++++++++++++++++++++++++-----------
 1 file changed, 56 insertions(+), 25 deletions(-)

diff --git a/drivers/remoteproc/remoteproc_core.c b/drivers/remoteproc/remoteproc_core.c
index 3847fd4..f4a02f0 100644
--- a/drivers/remoteproc/remoteproc_core.c
+++ b/drivers/remoteproc/remoteproc_core.c
@@ -1057,39 +1057,73 @@ static int rproc_update_resource_table_entry(struct rproc *rproc,
 	return !updated;
 }
 
-static struct resource_table*
-rproc_add_resource_table_entry(struct rproc *rproc,
+static int rproc_add_resource_table_entry(struct rproc *rproc,
 			       struct rproc_request_resource *request,
-			       struct resource_table *old_table, int *tablesz)
+			       struct resource_table *table, int tablesz)
 {
-	struct resource_table *table;
-	struct fw_rsc_hdr h;
+	struct fw_rsc_hdr *hdr, h;
 	void *new_rsc_loc;
 	void *fw_header_loc;
 	void *start_of_rscs;
 	int new_rsc_offset;
-	int size = *tablesz;
-	int i;
+	struct fw_rsc_vdev *v;
+	int i, spare_len = 0, size;
+	unsigned int min_offset, max_offset = 0;
+
 
 	h.type = request->type;
 
-	new_rsc_offset = size;
+	/* Check available spare size to integrate new resource */
+	for (i = 0; i < table->num; i++)
+		max_offset = max(max_offset, table->offset[i]);
+
+	hdr = (void *)table + max_offset;
+
+	switch (hdr->type) {
+	case RSC_CARVEOUT:
+		size = sizeof(struct fw_rsc_carveout);
+		break;
+	case RSC_DEVMEM:
+		size = sizeof(struct fw_rsc_devmem);
+		break;
+	case RSC_TRACE:
+		size = sizeof(struct fw_rsc_trace);
+		break;
+	case RSC_VDEV:
+		v = (void *)hdr + sizeof(*hdr);
+		size = sizeof(*v);
+		size += v->num_of_vrings * sizeof(struct fw_rsc_vdev_vring);
+		size += v->config_len;
+		break;
+	default:
+		dev_err(&rproc->dev, "Unsupported resource type: %d\n",
+			hdr->type);
+		return -EINVAL;
+	}
+
+	new_rsc_offset = max_offset + size;
+	spare_len = tablesz - new_rsc_offset;
 
 	/*
-	 * Allocate another contiguous chunk of memory, large enough to
-	 * contain the new, expanded resource table.
-	 *
-	 * The +4 is for the extra offset[] element in the top level header
+	 * Available space must be greater or equal to :
+	 * new offset entry size (4Bytes)
+	 * + resource header size
+	 * + new resource size
 	 */
-	size += sizeof(struct fw_rsc_hdr) + request->size + 4;
-	table = devm_kmemdup(&rproc->dev, old_table, size, GFP_KERNEL);
-	if (!table)
-		return ERR_PTR(-ENOMEM);
+	if (spare_len < (4 + sizeof(h) + request->size))
+		return -ENOSPC;
+
+	/* Find the lowest resource table entry */
+	min_offset = table->offset[0];
+	for (i = 1; i < table->num; i++)
+		min_offset = min(min_offset, table->offset[i]);
+
 
 	/* Shunt table by 4 Bytes to account for the extra offset[] element */
-	start_of_rscs = (void *)table + table->offset[0];
+	start_of_rscs = (void *)table + min_offset;
 	memmove(start_of_rscs + 4,
-		start_of_rscs, new_rsc_offset - table->offset[0]);
+		start_of_rscs, new_rsc_offset - min_offset);
+
 	new_rsc_offset += 4;
 
 	/* Update existing resource entry's offsets */
@@ -1108,8 +1142,7 @@ rproc_add_resource_table_entry(struct rproc *rproc,
 	new_rsc_loc = (void *)fw_header_loc + sizeof(h);
 	memcpy(new_rsc_loc, request->resource, request->size);
 
-	*tablesz = size;
-	return table;
+	return 0;
 }
 
 static struct resource_table*
@@ -1154,12 +1187,10 @@ rproc_apply_resource_overrides(struct rproc *rproc,
 			continue;
 
 		/* Didn't find matching resource entry -- creating a new one. */
-		table = rproc_add_resource_table_entry(rproc, resource,
-						       table, &size);
-		if (IS_ERR(table))
+		updated = rproc_add_resource_table_entry(rproc, resource,
+							 table, size);
+		if (updated)
 			goto out;
-
-		*orig_table = table;
 	}
 
 	if (IS_ENABLED(DEBUG) || IS_ENABLED(CONFIG_DYNAMIC_DEBUG))
-- 
1.9.1