Re: [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Warren <swarren@wwwdotorg.org>
To: Viresh Kumar <viresh.kumar@st.com>
Cc: "dmitry.torokhov@gmail.com" <dmitry.torokhov@gmail.com>,
	"devicetree-discuss@lists.ozlabs.org"
	<devicetree-discuss@lists.ozlabs.org>,
	spear-devel <spear-devel@list.st.com>,
	"viresh.linux@gmail.com" <viresh.linux@gmail.com>,
	"linux-input@vger.kernel.org" <linux-input@vger.kernel.org>,
	"sr@denx.de" <sr@denx.de>
Subject: Re: [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap()
Date: Wed, 28 Mar 2012 15:28:01 -0600	[thread overview]
Message-ID: <4F738261.1060002@wwwdotorg.org> (raw)
In-Reply-To: <4F7299D7.4020006@st.com>

On 03/27/2012 10:55 PM, Viresh Kumar wrote:
> On 3/27/2012 9:15 PM, Stephen Warren wrote:
>>>>  static int __devinit tegra_kbc_probe(struct platform_device *pdev)
>> ...
>>>> +	if (pdev->dev.of_node) {
>>>> +		/* FIXME: Add handling of linux,fn-keymap here */
>>>> +		err = matrix_keypad_of_build_keymap(&pdev->dev, KBC_ROW_SHIFT,
>>>> +				input_dev->keycode, input_dev->keybit,
>>>> +				"linux,keymap");
>>
>> Where do input_dev->keycode/keybit get allocated? As far as I can tell,
>> matrix_keypad_of_build_keymap() just writes to those and assumes they're
>> already allocated.
> 
> If i am not reading the code incorrectly, keycode is allocated memory with
> kbc. And then we do this:
> 
> 	input_dev->keycode = kbc->keycode;
> 
> keybit is again present as part of struct input_dev.
> Am i missing something.

Ah right, I'd been looking inside input_allocate_device() rather than
the specific driver's probe(). So, no issue here.

>>>> diff --git a/drivers/input/of_keymap.c b/drivers/input/of_keymap.c
>> ...
>>>> +int matrix_keypad_of_build_keymap(struct device *dev, unsigned int row_shift,
>> ...
>>>> +		keymap[MATRIX_SCAN_CODE(row, col, row_shift)] = code;
>>>> +		__set_bit(code, keybit);
>> How bit are keymap and keybit?
> 
> Couldn't get this one. :(
> Can you please elaborate the question a bit?

s/bit/big/ might make the question clearer:-)

>> I think we need range-checking here to
>> make sure that row/col/row_shift/code are valid and in-range.
> 
> I picked this directly from matrix_keypad_build_keymap() as is.
> Anyway there is no loss in improving it. :)
> 
> What kind of range-check you are looking for?
> Currently we do following
> 
> 		unsigned int row = KEY_ROW(key);
> 		unsigned int col = KEY_COL(key);
> 		unsigned short code = KEY_VAL(key);
> 
> All these macros '&' 'key' with 0xFF, 0xFF and 0xFFFF.
> Which is also kind of range checking.

The size of the keycode array is much smaller though:

mach-tegra's kbc.h:

#define KBC_MAX_ROW	16
#define KBC_MAX_COL	8
#define KBC_MAX_KEY	(KBC_MAX_ROW * KBC_MAX_COL)

tegra-kbc.c:

struct tegra_kbc {
...
	unsigned short keycode[KBC_MAX_KEY * 2];

so the DT parsing can easily overflow this, and is driven by
user-supplied data. I think you'll need to pass input_dev->keycodesize
into matrix_keypad_of_build_keymap() to achieve the overall
range-checking, but also checking col against (1<<row_shift) would be
needed to make sure the individual "fields" of the array index don't
overflow too.

next prev parent reply	other threads:[~2012-03-28 21:28 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-27  5:38 [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap() Viresh Kumar
2012-03-27  5:38 ` [PATCH V2 2/2] Input: spear-keyboard: add device tree bindings Viresh Kumar
2012-03-27  7:13   ` Dmitry Torokhov
2012-03-27  7:37     ` Viresh Kumar
2012-03-27  7:51       ` Dmitry Torokhov
2012-03-27  8:05         ` Viresh Kumar
2012-03-27 15:46   ` Stephen Warren
2012-03-27 15:45 ` [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap() Stephen Warren
2012-03-28  4:55   ` Viresh Kumar
2012-03-28 21:28     ` Stephen Warren [this message]
2012-03-29  8:23       ` Viresh Kumar
     [not found] ` <4aba6f2cd9f050f419660555bdb661915c1be9b1.1332826100.git.viresh.kumar-qxv4g6HH51o@public.gmane.org>
2012-03-28  9:54   ` [PATCH V3 2/2] Input: spear-keyboard: add device tree bindings Viresh Kumar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F738261.1060002@wwwdotorg.org \
    --to=swarren@wwwdotorg.org \
    --cc=devicetree-discuss@lists.ozlabs.org \
    --cc=dmitry.torokhov@gmail.com \
    --cc=linux-input@vger.kernel.org \
    --cc=spear-devel@list.st.com \
    --cc=sr@denx.de \
    --cc=viresh.kumar@st.com \
    --cc=viresh.linux@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.