Re: [PATCH] media: aspeed: Fix memory overwrite if timing is 1600x900

From: Jammy Huang
Date: Wed Jul 12 2023 - 23:12:41 EST


Hi Paul,


On 2023/7/12 下午 06:09, Paul Menzel wrote:
Dear Jammy,


Thank you very much for your patch.

Am 12.07.23 um 11:26 schrieb Jammy Huang:
When capturing 1600x900, system could crash when system memory usage is
tight.

Please provide part of the trace, and if you have a commend to reproduce it, please also add it. Is it documented somewhere, that it needs to be aligned?

Sorry, but I didn't find trace when this issue happened.The system just crash and reboot.

It just takes a few minutes to reproduce this issue using the way as below,

1. Use 1600x900 to display on host

2. Mount ISO through 'Virtual media' on OpenBMC's web

3. Run script as below on host to do sha continuously

#!/bin/bash

while [ [1] ];
do
        find /media -type f -printf '"%h/%f"\n' | xargs sha256sum
done

4. Open KVM on OpenBMC's web


I will add above information to next patch.


The size of macro block captured is 8x8. Therefore, we should make sure
the height of src-buf is 8 aligned to fix this issue.

Signed-off-by: Jammy Huang <jammy_huang@xxxxxxxxxxxxxx>
---
  drivers/media/platform/aspeed/aspeed-video.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/aspeed/aspeed-video.c b/drivers/media/platform/aspeed/aspeed-video.c
index 374eb7781936..14594f55a77f 100644
--- a/drivers/media/platform/aspeed/aspeed-video.c
+++ b/drivers/media/platform/aspeed/aspeed-video.c
@@ -1130,7 +1130,7 @@ static void aspeed_video_get_resolution(struct aspeed_video *video)
  static void aspeed_video_set_resolution(struct aspeed_video *video)
  {
      struct v4l2_bt_timings *act = &video->active_timings;
-    unsigned int size = act->width * act->height;
+    unsigned int size = act->width * ALIGN(act->height, 8);
        /* Set capture/compression frame sizes */
      aspeed_video_calc_compressed_size(video, size);
@@ -1147,7 +1147,7 @@ static void aspeed_video_set_resolution(struct aspeed_video *video)
          u32 width = ALIGN(act->width, 64);
            aspeed_video_write(video, VE_CAP_WINDOW, width << 16 | act->height);
-        size = width * act->height;
+        size = width * ALIGN(act->height, 8);

Maybe add a comment.

Excuse my ignorance, but as `width` is already 64 bit aligned, how does aligning the second factor make a difference for `size`? Can you give an example?

      } else {
          aspeed_video_write(video, VE_CAP_WINDOW,
                     act->width << 16 | act->height);

base-commit: 2605e80d3438c77190f55b821c6575048c68268e


Kind regards,

Paul

--
Best Regards
Jammy