[media] dw2102: Don't use dynamic static allocation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Dynamic static allocation is evil, as Kernel stack is too low, and
compilation complains about it on some archs:
drivers/media/usb/dvb-usb/dw2102.c:368:1: warning: 'dw2102_earda_i2c_transfer' uses dynamic stack allocation [enabled by default]
drivers/media/usb/dvb-usb/dw2102.c:449:1: warning: 'dw2104_i2c_transfer' uses dynamic stack allocation [enabled by default]
drivers/media/usb/dvb-usb/dw2102.c:512:1: warning: 'dw3101_i2c_transfer' uses dynamic stack allocation [enabled by default]
drivers/media/usb/dvb-usb/dw2102.c:621:1: warning: 's6x0_i2c_transfer' uses dynamic stack allocation [enabled by default]
Instead, let's enforce a limit for the buffer to be the max size of
a control URB payload data (64 bytes).

Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <m.chehab@samsung.com>

Mauro Carvalho Chehab 12 years ago 0065a79a 1d7fa359

+80 -10

1 changed file

expand all

drivers

media

usb

dvb-usb

dw2102.c

+80 -10

drivers/media/usb/dvb-usb/dw2102.c

··· 30 30 #include "stb6100_proc.h" 31 31 #include "m88rs2000.h" 32 32 33 + /* Max transfer size done by I2C transfer functions */ 34 + #define MAX_XFER_SIZE 64 35 + 33 36 #ifndef USB_PID_DW2102 34 37 #define USB_PID_DW2102 0x2102 35 38 #endif ··· 311 308 case 2: { 312 309 /* read */ 313 310 /* first write first register number */ 314 - u8 ibuf[msg[1].len + 2], obuf[3]; 311 + u8 ibuf[MAX_XFER_SIZE], obuf[3]; 312 + 313 + if (2 + msg[1].len > sizeof(ibuf)) { 314 + warn("i2c rd: len=%d is too big!\n", 315 + msg[1].len); 316 + return -EOPNOTSUPP; 317 + } 318 + 315 319 obuf[0] = msg[0].addr << 1; 316 320 obuf[1] = msg[0].len; 317 321 obuf[2] = msg[0].buf[0]; ··· 335 325 switch (msg[0].addr) { 336 326 case 0x68: { 337 327 /* write to register */ 338 - u8 obuf[msg[0].len + 2]; 328 + u8 obuf[MAX_XFER_SIZE]; 329 + 330 + if (2 + msg[0].len > sizeof(obuf)) { 331 + warn("i2c wr: len=%d is too big!\n", 332 + msg[1].len); 333 + return -EOPNOTSUPP; 334 + } 335 + 339 336 obuf[0] = msg[0].addr << 1; 340 337 obuf[1] = msg[0].len; 341 338 memcpy(obuf + 2, msg[0].buf, msg[0].len); ··· 352 335 } 353 336 case 0x61: { 354 337 /* write to tuner */ 355 - u8 obuf[msg[0].len + 2]; 338 + u8 obuf[MAX_XFER_SIZE]; 339 + 340 + if (2 + msg[0].len > sizeof(obuf)) { 341 + warn("i2c wr: len=%d is too big!\n", 342 + msg[1].len); 343 + return -EOPNOTSUPP; 344 + } 345 + 356 346 obuf[0] = msg[0].addr << 1; 357 347 obuf[1] = msg[0].len; 358 348 memcpy(obuf + 2, msg[0].buf, msg[0].len); ··· 425 401 default: { 426 402 if (msg[j].flags == I2C_M_RD) { 427 403 /* read registers */ 428 - u8 ibuf[msg[j].len + 2]; 404 + u8 ibuf[MAX_XFER_SIZE]; 405 + 406 + if (2 + msg[j].len > sizeof(ibuf)) { 407 + warn("i2c rd: len=%d is too big!\n", 408 + msg[j].len); 409 + return -EOPNOTSUPP; 410 + } 411 + 429 412 dw210x_op_rw(d->udev, 0xc3, 430 413 (msg[j].addr << 1) + 1, 0, 431 414 ibuf, msg[j].len + 2, ··· 461 430 } while (len > 0); 462 431 } else { 463 432 /* write registers */ 464 - u8 obuf[msg[j].len + 2]; 433 + u8 obuf[MAX_XFER_SIZE]; 434 + 435 + if (2 + msg[j].len > sizeof(obuf)) { 436 + warn("i2c wr: len=%d is too big!\n", 437 + msg[j].len); 438 + return -EOPNOTSUPP; 439 + } 440 + 465 441 obuf[0] = msg[j].addr << 1; 466 442 obuf[1] = msg[j].len; 467 443 memcpy(obuf + 2, msg[j].buf, msg[j].len); ··· 501 463 case 2: { 502 464 /* read */ 503 465 /* first write first register number */ 504 - u8 ibuf[msg[1].len + 2], obuf[3]; 466 + u8 ibuf[MAX_XFER_SIZE], obuf[3]; 467 + 468 + if (2 + msg[1].len > sizeof(ibuf)) { 469 + warn("i2c rd: len=%d is too big!\n", 470 + msg[1].len); 471 + return -EOPNOTSUPP; 472 + } 505 473 obuf[0] = msg[0].addr << 1; 506 474 obuf[1] = msg[0].len; 507 475 obuf[2] = msg[0].buf[0]; ··· 525 481 case 0x60: 526 482 case 0x0c: { 527 483 /* write to register */ 528 - u8 obuf[msg[0].len + 2]; 484 + u8 obuf[MAX_XFER_SIZE]; 485 + 486 + if (2 + msg[0].len > sizeof(obuf)) { 487 + warn("i2c wr: len=%d is too big!\n", 488 + msg[0].len); 489 + return -EOPNOTSUPP; 490 + } 529 491 obuf[0] = msg[0].addr << 1; 530 492 obuf[1] = msg[0].len; 531 493 memcpy(obuf + 2, msg[0].buf, msg[0].len); ··· 613 563 default: { 614 564 if (msg[j].flags == I2C_M_RD) { 615 565 /* read registers */ 616 - u8 ibuf[msg[j].len]; 566 + u8 ibuf[MAX_XFER_SIZE]; 567 + 568 + if (msg[j].len > sizeof(ibuf)) { 569 + warn("i2c rd: len=%d is too big!\n", 570 + msg[j].len); 571 + return -EOPNOTSUPP; 572 + } 573 + 617 574 dw210x_op_rw(d->udev, 0x91, 0, 0, 618 575 ibuf, msg[j].len, 619 576 DW210X_READ_MSG); ··· 647 590 } while (len > 0); 648 591 } else if (j < (num - 1)) { 649 592 /* write register addr before read */ 650 - u8 obuf[msg[j].len + 2]; 593 + u8 obuf[MAX_XFER_SIZE]; 594 + 595 + if (2 + msg[j].len > sizeof(obuf)) { 596 + warn("i2c wr: len=%d is too big!\n", 597 + msg[j].len); 598 + return -EOPNOTSUPP; 599 + } 600 + 651 601 obuf[0] = msg[j + 1].len; 652 602 obuf[1] = (msg[j].addr << 1); 653 603 memcpy(obuf + 2, msg[j].buf, msg[j].len); ··· 666 602 break; 667 603 } else { 668 604 /* write registers */ 669 - u8 obuf[msg[j].len + 2]; 605 + u8 obuf[MAX_XFER_SIZE]; 606 + 607 + if (2 + msg[j].len > sizeof(obuf)) { 608 + warn("i2c wr: len=%d is too big!\n", 609 + msg[j].len); 610 + return -EOPNOTSUPP; 611 + } 670 612 obuf[0] = msg[j].len + 1; 671 613 obuf[1] = (msg[j].addr << 1); 672 614 memcpy(obuf + 2, msg[j].buf, msg[j].len);