On Thu, Oct 7, 2021 at 8:11 PM Thierry Reding <thierry.reding@xxxxxxxxx> wrote: > > On Mon, Sep 27, 2021 at 02:41:40PM +0200, Arnd Bergmann wrote: > > From: Arnd Bergmann <arnd@xxxxxxxx> > > > > Building the bpmp-debugfs driver for Arm results in a warning for stack usage: > > > > drivers/firmware/tegra/bpmp-debugfs.c:321:16: error: stack frame size of 1224 bytes in function 'bpmp_debug_store' [-Werror,-Wframe-larger-than=] > > static ssize_t bpmp_debug_store(struct file *file, const char __user *buf, > > > > It should be possible to rearrange the code to not require two separate > > buffers for the file name, but the easiest workaround is to use dynamic > > allocation. > > > > Fixes: 5e37b9c137ee ("firmware: tegra: Add support for in-band debug") > > Link: https://lore.kernel.org/all/20201204193714.3134651-1-arnd@xxxxxxxxxx/ > > Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx> > > --- > > I sent this one in 2020 but got no reply. It still appears to be > > required, please have a look. > > --- > > drivers/firmware/tegra/bpmp-debugfs.c | 16 +++++++++++----- > > 1 file changed, 11 insertions(+), 5 deletions(-) > > If this is not a problem on 64-bit ARM, then perhaps we should add that > as a dependency. BPMP is only available in Tegra210 and later, all of > which are 64-bit. > > But dynamic allocation also doesn't sound that bad. This is debugfs > support, after all, so shouldn't be in any fast path. Right, it stays below the warning threshold on 64-bit kernels, but using this much stack is still a bad idea, so fixing it in the driver seems better than hiding it in Kconfig. > > diff --git a/drivers/firmware/tegra/bpmp-debugfs.c b/drivers/firmware/tegra/bpmp-debugfs.c > > index 3e9fa4b54358..f6888cee83ee 100644 > > --- a/drivers/firmware/tegra/bpmp-debugfs.c > > +++ b/drivers/firmware/tegra/bpmp-debugfs.c > > @@ -74,28 +74,34 @@ static void seqbuf_seek(struct seqbuf *seqbuf, ssize_t offset) > > static const char *get_filename(struct tegra_bpmp *bpmp, > > const struct file *file, char *buf, int size) > > { > > - char root_path_buf[512]; > > + char *root_path_buf; > > const char *root_path; > > - const char *filename; > > + const char *filename = NULL; > > size_t root_len; > > > > + root_path_buf = kzalloc(512, GFP_KERNEL); > > + if (!root_path_buf) > > + goto out; > > + > > root_path = dentry_path(bpmp->debugfs_mirror, root_path_buf, > > sizeof(root_path_buf)); > > if (IS_ERR(root_path)) > > - return NULL; > > + goto out; > > > > root_len = strlen(root_path); > > > > filename = dentry_path(file->f_path.dentry, buf, size); > > if (IS_ERR(filename)) > > - return NULL; > > + goto out; > > Shouldn't this and... > > > if (strlen(filename) < root_len || > > strncmp(filename, root_path, root_len)) > > - return NULL; > > + goto out; > > this reset filename to NULL? All callers check for !filename as their > error condition. > > I can fix that up as I apply this, but perhaps shout if you did this on > purpose and it needs to stay this way. Indeed, you are absolutely correct. Thanks for finding the bug and offering to fix it. Arnd