From 94a9cbe4efa29b2eec442725e326e1bb55271353 Mon Sep 17 00:00:00 2001 From: Chia-I Wu Date: Thu, 26 Aug 2021 08:55:08 -0700 Subject: [PATCH] vkr: limit the ring buffer size It cannot exceed UINT32_MAX because the ring head and tail are 32-bit. util_is_power_of_two also truncates to 32-bit. Signed-off-by: Chia-I Wu Reviewed-by: Ryan Neph Reviewed-by: Yiwei Zhang --- src/venus/vkr_ring.h | 3 +++ src/venus/vkr_transport.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/venus/vkr_ring.h b/src/venus/vkr_ring.h index 7061331..d964340 100644 --- a/src/venus/vkr_ring.h +++ b/src/venus/vkr_ring.h @@ -8,6 +8,9 @@ #include "vkr_common.h" +/* this must not exceed UINT32_MAX because the ring head and tail are 32-bit */ +#define VKR_RING_BUFFER_MAX_SIZE UINT32_MAX + /* The layout of a ring in a virgl_resource. This is parsed and discarded by * vkr_ring_create. */ diff --git a/src/venus/vkr_transport.c b/src/venus/vkr_transport.c index 1a872a0..635b49e 100644 --- a/src/venus/vkr_transport.c +++ b/src/venus/vkr_transport.c @@ -221,8 +221,10 @@ vkr_ring_layout_init(struct vkr_ring_layout *layout, } const size_t buf_size = vkr_region_size(&layout->buffer); - if (!buf_size || !util_is_power_of_two(buf_size)) { - vkr_log("ring buffer size (%lu) must be a power of two", buf_size); + if (!buf_size || buf_size > VKR_RING_BUFFER_MAX_SIZE || + !util_is_power_of_two(buf_size)) { + vkr_log("ring buffer size (%lu) must be a power of two and not exceed %lu", + buf_size, VKR_RING_BUFFER_MAX_SIZE); return false; }