Re: [PATCH] mailbox: imx-mailbox: fix scu msg header size check

From: Uwe Kleine-König
Date: Tue Apr 14 2020 - 06:34:14 EST

Next message: Peter Zijlstra: "Re: [PATCH v3 3/3] x86/delay: Introduce TPAUSE delay"
Previous message: Michael Ellerman: "Re: Build regressions/improvements in v5.7-rc1"
In reply to: Peng Fan: "RE: [PATCH] mailbox: imx-mailbox: fix scu msg header size check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 14, 2020 at 08:40:19AM +0000, Peng Fan wrote:
> > Subject: Re: [PATCH] mailbox: imx-mailbox: fix scu msg header size check
> >
> > On Tue, Apr 14, 2020 at 04:10:26PM +0800, peng.fan@xxxxxxx wrote:
> > > From: Peng Fan <peng.fan@xxxxxxx>
> > >
> > > The i.MX8 SCU message header size is the number of "u32" elements, not
> > > "u8", so fix the check.
> > >
> > > Reported-by: coverity-bot <keescook+coverity-bot@xxxxxxxxxxxx>
> > > Addresses-Coverity-ID: 1461658 ("Memory - corruptions")
> > > Signed-off-by: Peng Fan <peng.fan@xxxxxxx>
> > > ---
> > >
> > > V2:
> > > I not include the fixes tag, since this patch still in next tree.
> > >
> > > drivers/mailbox/imx-mailbox.c | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/drivers/mailbox/imx-mailbox.c
> > > b/drivers/mailbox/imx-mailbox.c index 7906624a731c..c2398cb63ea0
> > > 100644
> > > --- a/drivers/mailbox/imx-mailbox.c
> > > +++ b/drivers/mailbox/imx-mailbox.c
> > > @@ -154,12 +154,12 @@ static int imx_mu_scu_tx(struct imx_mu_priv
> > > *priv,
> > >
> > > switch (cp->type) {
> > > case IMX_MU_TYPE_TX:
> > > - if (msg->hdr.size > sizeof(*msg)) {
> > > + if (msg->hdr.size > (sizeof(*msg) / 4)) {
> >
> > No need for the parenthesis. Maybe a comment would be helpful here,
> > something like:
> >
> > /*
> > * msg->hdr.size specifies the number of u32 words while sizeof
> > * yields bytes.
> > */
>
> V2 will have the update.
>
> >
> > > /*
> > > * The real message size can be different to
> > > * struct imx_sc_rpc_msg_max size
> > > */
> > > - dev_err(priv->dev, "Exceed max msg size (%zu) on TX,
> > got: %i\n", sizeof(*msg), msg->hdr.size);
> > > + dev_err(priv->dev, "Exceed max msg size (%zu) on TX,
> > got: %i\n",
> > > +sizeof(*msg) / 4, msg->hdr.size);
> >
> > The unit here is also "number of u32 words", maybe bytes is more natural?
>
> ok. Will change to msg->hdr.size << 2 keeping sizeof(*msg).
>
> > And I suggesting specifying the unit in the error message.
>
> Is this ok to you?
> dev_err(priv->dev, "Exceed max msg size (%zu) on TX, got: %i,
> msg->hdr.size: %i\n", sizeof(*msg), msg->hdr.size << 2, msg->hdr.size);

I'd prefer:

dev_err(priv->dev, "Maximal message size (%zu bytes) exceeded on TX; got: %i bytes\n"

. Duplicating the value doesn't add much value.

Best regards
Uwe

--
Pengutronix e.K. | Uwe Kleine-König |
Industrial Linux Solutions | https://www.pengutronix.de/ |

Next message: Peter Zijlstra: "Re: [PATCH v3 3/3] x86/delay: Introduce TPAUSE delay"
Previous message: Michael Ellerman: "Re: Build regressions/improvements in v5.7-rc1"
In reply to: Peng Fan: "RE: [PATCH] mailbox: imx-mailbox: fix scu msg header size check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]