diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2013-09-16 10:43:30 +0200 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2013-09-16 10:54:51 +0200 |
commit | 390e987eb365c935ea3f3d2c958ddbb8bd52e5e5 (patch) | |
tree | 514ecd46f36fabaff027d337a7d94f772bf7f552 /cpukit | |
parent | bsps/arm: Fix exception entries (diff) | |
download | rtems-390e987eb365c935ea3f3d2c958ddbb8bd52e5e5.tar.bz2 |
libblock: PR2145: Limit maximum read-ahead blocks
This helps to prevent stack overflows due to configuration errors.
Diffstat (limited to 'cpukit')
-rw-r--r-- | cpukit/libblock/include/rtems/bdbuf.h | 2 | ||||
-rw-r--r-- | cpukit/libblock/src/bdbuf.c | 15 |
2 files changed, 14 insertions, 3 deletions
diff --git a/cpukit/libblock/include/rtems/bdbuf.h b/cpukit/libblock/include/rtems/bdbuf.h index cde32d7c4c..2794af7300 100644 --- a/cpukit/libblock/include/rtems/bdbuf.h +++ b/cpukit/libblock/include/rtems/bdbuf.h @@ -460,7 +460,7 @@ extern const rtems_bdbuf_config rtems_bdbuf_configuration; * @retval RTEMS_SUCCESSFUL Successful operation. * @retval RTEMS_CALLED_FROM_ISR Called from an interrupt context. * @retval RTEMS_INVALID_NUMBER The buffer maximum is not an integral multiple - * of the buffer minimum. + * of the buffer minimum. The maximum read-ahead blocks count is too large. * @retval RTEMS_RESOURCE_IN_USE Already initialized. * @retval RTEMS_UNSATISFIED Not enough resources. */ diff --git a/cpukit/libblock/src/bdbuf.c b/cpukit/libblock/src/bdbuf.c index b7663f1408..9f5274c024 100644 --- a/cpukit/libblock/src/bdbuf.c +++ b/cpukit/libblock/src/bdbuf.c @@ -1378,6 +1378,13 @@ rtems_bdbuf_swapout_workers_create (void) return sc; } +static size_t +rtems_bdbuf_read_request_size (uint32_t transfer_count) +{ + return sizeof (rtems_blkdev_request) + + sizeof (rtems_blkdev_sg_buffer) * transfer_count; +} + /** * Initialise the cache. * @@ -1403,9 +1410,14 @@ rtems_bdbuf_init (void) /* * Check the configuration table values. */ + if ((bdbuf_config.buffer_max % bdbuf_config.buffer_min) != 0) return RTEMS_INVALID_NUMBER; + if (rtems_bdbuf_read_request_size (bdbuf_config.max_read_ahead_blocks) + > RTEMS_MINIMUM_STACK_SIZE / 8U) + return RTEMS_INVALID_NUMBER; + /* * We use a special variable to manage the initialisation incase we have * completing threads doing this. You may get errors if the another thread @@ -2077,8 +2089,7 @@ rtems_bdbuf_execute_read_request (rtems_disk_device *dd, */ #define bdbuf_alloc(size) __builtin_alloca (size) - req = bdbuf_alloc (sizeof (rtems_blkdev_request) + - sizeof (rtems_blkdev_sg_buffer) * transfer_count); + req = bdbuf_alloc (rtems_bdbuf_read_request_size (transfer_count)); req->req = RTEMS_BLKDEV_REQ_READ; req->done = rtems_bdbuf_transfer_done; |