From 390e987eb365c935ea3f3d2c958ddbb8bd52e5e5 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Mon, 16 Sep 2013 10:43:30 +0200 Subject: libblock: PR2145: Limit maximum read-ahead blocks This helps to prevent stack overflows due to configuration errors. --- cpukit/libblock/src/bdbuf.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'cpukit/libblock/src') diff --git a/cpukit/libblock/src/bdbuf.c b/cpukit/libblock/src/bdbuf.c index b7663f1408..9f5274c024 100644 --- a/cpukit/libblock/src/bdbuf.c +++ b/cpukit/libblock/src/bdbuf.c @@ -1378,6 +1378,13 @@ rtems_bdbuf_swapout_workers_create (void) return sc; } +static size_t +rtems_bdbuf_read_request_size (uint32_t transfer_count) +{ + return sizeof (rtems_blkdev_request) + + sizeof (rtems_blkdev_sg_buffer) * transfer_count; +} + /** * Initialise the cache. * @@ -1403,9 +1410,14 @@ rtems_bdbuf_init (void) /* * Check the configuration table values. */ + if ((bdbuf_config.buffer_max % bdbuf_config.buffer_min) != 0) return RTEMS_INVALID_NUMBER; + if (rtems_bdbuf_read_request_size (bdbuf_config.max_read_ahead_blocks) + > RTEMS_MINIMUM_STACK_SIZE / 8U) + return RTEMS_INVALID_NUMBER; + /* * We use a special variable to manage the initialisation incase we have * completing threads doing this. You may get errors if the another thread @@ -2077,8 +2089,7 @@ rtems_bdbuf_execute_read_request (rtems_disk_device *dd, */ #define bdbuf_alloc(size) __builtin_alloca (size) - req = bdbuf_alloc (sizeof (rtems_blkdev_request) + - sizeof (rtems_blkdev_sg_buffer) * transfer_count); + req = bdbuf_alloc (rtems_bdbuf_read_request_size (transfer_count)); req->req = RTEMS_BLKDEV_REQ_READ; req->done = rtems_bdbuf_transfer_done; -- cgit v1.2.3