From: Willy Tarreau <w@1wt.eu>
To: Kulikov Vasiliy <segooon@gmail.com>
Cc: kernel-janitors@vger.kernel.org,
Greg Kroah-Hartman <gregkh@suse.de>,
Peter Huewe <peterhuewe@gmx.de>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Julia Lawall <julia@diku.dk>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/9] staging: panel: check put_user() return value
Date: Fri, 30 Jul 2010 21:15:44 +0000 [thread overview]
Message-ID: <20100730211544.GH19782@1wt.eu> (raw)
In-Reply-To: <1280488123-20859-1-git-send-email-segooon@gmail.com>
On Fri, Jul 30, 2010 at 03:08:42PM +0400, Kulikov Vasiliy wrote:
> diff --git a/drivers/staging/panel/panel.c b/drivers/staging/panel/panel.c
> index f58da32..57f4946 100644
> --- a/drivers/staging/panel/panel.c
> +++ b/drivers/staging/panel/panel.c
> @@ -1589,25 +1589,30 @@ void lcd_init(void)
> static ssize_t keypad_read(struct file *file,
> char *buf, size_t count, loff_t *ppos)
> {
> -
> + int buflen = keypad_buflen;
> unsigned i = *ppos;
> char *tmp = buf;
> + int start = keypad_start;
>
> - if (keypad_buflen = 0) {
> + if (buflen = 0) {
> if (file->f_flags & O_NONBLOCK)
> return -EAGAIN;
>
> interruptible_sleep_on(&keypad_read_wait);
> if (signal_pending(current))
> return -EINTR;
> + buflen = keypad_buflen;
> }
Not sure what the intent was here, I think you're re-adjusting
the buffer's length in case something else was read. But then
I don't understand why buflen it not simply assigned after the
if() block.
The rest below looks fine otherwise.
>
> - for (; count-- > 0 && (keypad_buflen > 0);
> - ++i, ++tmp, --keypad_buflen) {
> - put_user(keypad_buffer[keypad_start], tmp);
> - keypad_start = (keypad_start + 1) % KEYPAD_BUFFER;
> + for (; count-- > 0 && (buflen > 0);
> + ++i, ++tmp, --buflen) {
> + if (put_user(keypad_buffer[start], tmp))
> + return -EFAULT;
> + start = (start + 1) % KEYPAD_BUFFER;
> }
> *ppos = i;
> + keypad_buflen = buflen;
> + keypad_start = start;
>
> return tmp - buf;
> }
Regards,
Willy
WARNING: multiple messages have this Message-ID (diff)
From: Willy Tarreau <w@1wt.eu>
To: Kulikov Vasiliy <segooon@gmail.com>
Cc: kernel-janitors@vger.kernel.org,
Greg Kroah-Hartman <gregkh@suse.de>,
Peter Huewe <peterhuewe@gmx.de>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Julia Lawall <julia@diku.dk>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 5/9] staging: panel: check put_user() return value
Date: Fri, 30 Jul 2010 23:15:44 +0200 [thread overview]
Message-ID: <20100730211544.GH19782@1wt.eu> (raw)
In-Reply-To: <1280488123-20859-1-git-send-email-segooon@gmail.com>
On Fri, Jul 30, 2010 at 03:08:42PM +0400, Kulikov Vasiliy wrote:
> diff --git a/drivers/staging/panel/panel.c b/drivers/staging/panel/panel.c
> index f58da32..57f4946 100644
> --- a/drivers/staging/panel/panel.c
> +++ b/drivers/staging/panel/panel.c
> @@ -1589,25 +1589,30 @@ void lcd_init(void)
> static ssize_t keypad_read(struct file *file,
> char *buf, size_t count, loff_t *ppos)
> {
> -
> + int buflen = keypad_buflen;
> unsigned i = *ppos;
> char *tmp = buf;
> + int start = keypad_start;
>
> - if (keypad_buflen == 0) {
> + if (buflen == 0) {
> if (file->f_flags & O_NONBLOCK)
> return -EAGAIN;
>
> interruptible_sleep_on(&keypad_read_wait);
> if (signal_pending(current))
> return -EINTR;
> + buflen = keypad_buflen;
> }
Not sure what the intent was here, I think you're re-adjusting
the buffer's length in case something else was read. But then
I don't understand why buflen it not simply assigned after the
if() block.
The rest below looks fine otherwise.
>
> - for (; count-- > 0 && (keypad_buflen > 0);
> - ++i, ++tmp, --keypad_buflen) {
> - put_user(keypad_buffer[keypad_start], tmp);
> - keypad_start = (keypad_start + 1) % KEYPAD_BUFFER;
> + for (; count-- > 0 && (buflen > 0);
> + ++i, ++tmp, --buflen) {
> + if (put_user(keypad_buffer[start], tmp))
> + return -EFAULT;
> + start = (start + 1) % KEYPAD_BUFFER;
> }
> *ppos = i;
> + keypad_buflen = buflen;
> + keypad_start = start;
>
> return tmp - buf;
> }
Regards,
Willy
next prev parent reply other threads:[~2010-07-30 21:15 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-30 11:08 [PATCH 5/9] staging: panel: check put_user() return value Kulikov Vasiliy
2010-07-30 11:08 ` Kulikov Vasiliy
2010-07-30 21:15 ` Willy Tarreau [this message]
2010-07-30 21:15 ` Willy Tarreau
2010-07-31 8:39 ` walter harms
2010-07-31 8:39 ` walter harms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100730211544.GH19782@1wt.eu \
--to=w@1wt.eu \
--cc=andy.shevchenko@gmail.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@suse.de \
--cc=julia@diku.dk \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=segooon@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.