Re: [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap()

devicetree.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Warren <swarren@wwwdotorg.org>
To: Viresh Kumar <viresh.kumar@st.com>
Cc: "dmitry.torokhov@gmail.com" <dmitry.torokhov@gmail.com>,
	"devicetree-discuss@lists.ozlabs.org"
	<devicetree-discuss@lists.ozlabs.org>,
	spear-devel <spear-devel@list.st.com>,
	"viresh.linux@gmail.com" <viresh.linux@gmail.com>,
	"linux-input@vger.kernel.org" <linux-input@vger.kernel.org>,
	"sr@denx.de" <sr@denx.de>
Subject: Re: [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap()
Date: Wed, 28 Mar 2012 15:28:01 -0600	[thread overview]
Message-ID: <4F738261.1060002@wwwdotorg.org> (raw)
In-Reply-To: <4F7299D7.4020006@st.com>

On 03/27/2012 10:55 PM, Viresh Kumar wrote:
> On 3/27/2012 9:15 PM, Stephen Warren wrote:
>>>>  static int __devinit tegra_kbc_probe(struct platform_device *pdev)
>> ...
>>>> +	if (pdev->dev.of_node) {
>>>> +		/* FIXME: Add handling of linux,fn-keymap here */
>>>> +		err = matrix_keypad_of_build_keymap(&pdev->dev, KBC_ROW_SHIFT,
>>>> +				input_dev->keycode, input_dev->keybit,
>>>> +				"linux,keymap");
>>
>> Where do input_dev->keycode/keybit get allocated? As far as I can tell,
>> matrix_keypad_of_build_keymap() just writes to those and assumes they're
>> already allocated.
> 
> If i am not reading the code incorrectly, keycode is allocated memory with
> kbc. And then we do this:
> 
> 	input_dev->keycode = kbc->keycode;
> 
> keybit is again present as part of struct input_dev.
> Am i missing something.

Ah right, I'd been looking inside input_allocate_device() rather than
the specific driver's probe(). So, no issue here.

>>>> diff --git a/drivers/input/of_keymap.c b/drivers/input/of_keymap.c
>> ...
>>>> +int matrix_keypad_of_build_keymap(struct device *dev, unsigned int row_shift,
>> ...
>>>> +		keymap[MATRIX_SCAN_CODE(row, col, row_shift)] = code;
>>>> +		__set_bit(code, keybit);
>> How bit are keymap and keybit?
> 
> Couldn't get this one. :(
> Can you please elaborate the question a bit?

s/bit/big/ might make the question clearer:-)

>> I think we need range-checking here to
>> make sure that row/col/row_shift/code are valid and in-range.
> 
> I picked this directly from matrix_keypad_build_keymap() as is.
> Anyway there is no loss in improving it. :)
> 
> What kind of range-check you are looking for?
> Currently we do following
> 
> 		unsigned int row = KEY_ROW(key);
> 		unsigned int col = KEY_COL(key);
> 		unsigned short code = KEY_VAL(key);
> 
> All these macros '&' 'key' with 0xFF, 0xFF and 0xFFFF.
> Which is also kind of range checking.

The size of the keycode array is much smaller though:

mach-tegra's kbc.h:

#define KBC_MAX_ROW	16
#define KBC_MAX_COL	8
#define KBC_MAX_KEY	(KBC_MAX_ROW * KBC_MAX_COL)

tegra-kbc.c:

struct tegra_kbc {
...
	unsigned short keycode[KBC_MAX_KEY * 2];

so the DT parsing can easily overflow this, and is driven by
user-supplied data. I think you'll need to pass input_dev->keycodesize
into matrix_keypad_of_build_keymap() to achieve the overall
range-checking, but also checking col against (1<<row_shift) would be
needed to make sure the individual "fields" of the array index don't
overflow too.

next prev parent reply	other threads:[~2012-03-28 21:28 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-27  5:38 [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap() Viresh Kumar
2012-03-27  5:38 ` [PATCH V2 2/2] Input: spear-keyboard: add device tree bindings Viresh Kumar
2012-03-27  7:13   ` Dmitry Torokhov
2012-03-27  7:37     ` Viresh Kumar
2012-03-27  7:51       ` Dmitry Torokhov
2012-03-27  8:05         ` Viresh Kumar
2012-03-27 15:46   ` Stephen Warren
2012-03-27 15:45 ` [PATCH V2 1/2] Input: of_keymap: Introduce matrix_keypad_of_build_keymap() Stephen Warren
2012-03-28  4:55   ` Viresh Kumar
2012-03-28 21:28     ` Stephen Warren [this message]
2012-03-29  8:23       ` Viresh Kumar
     [not found] ` <4aba6f2cd9f050f419660555bdb661915c1be9b1.1332826100.git.viresh.kumar-qxv4g6HH51o@public.gmane.org>
2012-03-28  9:54   ` [PATCH V3 2/2] Input: spear-keyboard: add device tree bindings Viresh Kumar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F738261.1060002@wwwdotorg.org \
    --to=swarren@wwwdotorg.org \
    --cc=devicetree-discuss@lists.ozlabs.org \
    --cc=dmitry.torokhov@gmail.com \
    --cc=linux-input@vger.kernel.org \
    --cc=spear-devel@list.st.com \
    --cc=sr@denx.de \
    --cc=viresh.kumar@st.com \
    --cc=viresh.linux@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).