From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Brian Norris <computersforpeace@gmail.com>
Subject: [PATCH 4.4 06/20] mtd: avoid stack overflow in MTD CFI code
Date: Fri, 5 May 2017 11:32:56 -0700 [thread overview]
Message-ID: <20170505183231.195649159@linuxfoundation.org> (raw)
In-Reply-To: <20170505183230.937615081@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit fddcca5107051adf9e4481d2a79ae0616577fd2c upstream.
When map_word gets too large, we use a lot of kernel stack, and for
MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended
1024 bytes in a number of functions:
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers':
drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize':
drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer':
drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=]
This can be avoided if all operations on the map word are done
indirectly and the stack gets reused between the calls. We can
mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever
MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other
bank width is enabled, we also need to use a non-constant
map_bankwidth() to convince the compiler to use less stack.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[Brian: this patch mostly achieves its goal by forcing
MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit
mappings; the rest of the change is mostly a wash, though it helps
reduce stack size slightly. If we really care about supporting
256-bit mappings though, we should consider rewriting some of this
code to avoid keeping and assigning so many 256-bit objects on the
stack.]
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mtd/chips/Kconfig | 1 +
include/linux/mtd/map.h | 19 +++++++------------
2 files changed, 8 insertions(+), 12 deletions(-)
--- a/drivers/mtd/chips/Kconfig
+++ b/drivers/mtd/chips/Kconfig
@@ -111,6 +111,7 @@ config MTD_MAP_BANK_WIDTH_16
config MTD_MAP_BANK_WIDTH_32
bool "Support 256-bit buswidth" if MTD_CFI_GEOMETRY
+ select MTD_COMPLEX_MAPPINGS if HAS_IOMEM
default n
help
If you wish to support CFI devices on a physical bus which is
--- a/include/linux/mtd/map.h
+++ b/include/linux/mtd/map.h
@@ -122,18 +122,13 @@
#endif
#ifdef CONFIG_MTD_MAP_BANK_WIDTH_32
-# ifdef map_bankwidth
-# undef map_bankwidth
-# define map_bankwidth(map) ((map)->bankwidth)
-# undef map_bankwidth_is_large
-# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8)
-# undef map_words
-# define map_words(map) map_calc_words(map)
-# else
-# define map_bankwidth(map) 32
-# define map_bankwidth_is_large(map) (1)
-# define map_words(map) map_calc_words(map)
-# endif
+/* always use indirect access for 256-bit to preserve kernel stack */
+# undef map_bankwidth
+# define map_bankwidth(map) ((map)->bankwidth)
+# undef map_bankwidth_is_large
+# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8)
+# undef map_words
+# define map_words(map) map_calc_words(map)
#define map_bankwidth_is_32(map) (map_bankwidth(map) == 32)
#undef MAX_MAP_BANKWIDTH
#define MAX_MAP_BANKWIDTH 32
next prev parent reply other threads:[~2017-05-05 18:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 18:32 [PATCH 4.4 00/20] 4.4.67-stable review Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 01/20] timerfd: Protect the might cancel mechanism proper Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 02/20] Handle mismatched open calls Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 03/20] ASoC: intel: Fix PM and non-atomic crash in bytcr drivers Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 04/20] ALSA: ppc/awacs: shut up maybe-uninitialized warning Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 05/20] drbd: avoid redefinition of BITS_PER_PAGE Greg Kroah-Hartman
2017-05-05 18:32 ` Greg Kroah-Hartman [this message]
2017-05-05 18:32 ` [PATCH 4.4 07/20] net: tg3: avoid uninitialized variable warning Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 08/20] scsi: cxlflash: Scan host only after the port is ready for I/O Greg Kroah-Hartman
2017-05-05 18:32 ` [PATCH 4.4 09/20] scsi: cxlflash: Fix to avoid EEH and host reset collisions Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 10/20] scsi: cxlflash: Improve EEH recovery time Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 11/20] 8250_pci: Fix potential use-after-free in error path Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 12/20] netlink: Allow direct reclaim for fallback allocation Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 13/20] IB/qib: rename BITS_PER_PAGE to RVT_BITS_PER_PAGE Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 14/20] IB/ehca: fix maybe-uninitialized warnings Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 15/20] ext4: require encryption feature for EXT4_IOC_SET_ENCRYPTION_POLICY Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 16/20] ext4 crypto: revalidate dentry after adding or removing the key Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 17/20] ext4 crypto: use dget_parent() in ext4_d_revalidate() Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 18/20] ext4/fscrypto: avoid RCU lookup in d_revalidate Greg Kroah-Hartman
2017-05-05 18:33 ` [PATCH 4.4 19/20] nfsd4: minor NFSv2/v3 write decoding cleanup Greg Kroah-Hartman
2017-05-06 1:58 ` [PATCH 4.4 00/20] 4.4.67-stable review Shuah Khan
2017-05-06 3:41 ` Greg Kroah-Hartman
2017-05-07 20:53 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170505183231.195649159@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=computersforpeace@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).