From: linas@austin.ibm.com (Linas Vepstas)
To: Ishizaki Kou <kou.ishizaki@toshiba.co.jp>
Cc: linuxppc-dev@ozlabs.org, paulus@samba.org
Subject: Re: [PATCH 6/15] hypervisor console driver for Celleb
Date: Thu, 14 Dec 2006 11:36:36 -0600 [thread overview]
Message-ID: <20061214173636.GU4329@austin.ibm.com> (raw)
In-Reply-To: <200612140142.kBE1gINa003786@toshiba.co.jp>
On Thu, Dec 14, 2006 at 10:42:16AM +0900, Ishizaki Kou wrote:
> Linas-san,
>
> Thanks for your comment.
>
> > On Tue, Dec 12, 2006 at 12:31:29PM +0900, Ishizaki Kou wrote:
> > > +
> > > +static int hvc_beat_get_chars(uint32_t vtermno, char *buf, int cnt)
> > > +{
> > > + unsigned long kb[2];
> > > + unsigned long got;
> > > +
> > > + if (beat_get_term_char(vtermno, &got, &kb[0], &kb[1]) == 0) {
> > > + memcpy(buf, kb, got);
> > > + return got;
>
> > This seems to completely ignore "cnt". Thus, I presume that
> > beat_get_term_char might return more chars than there is room for in buf,
> > thus corrupting something, somewhere.
>
> This depends "beat_get_term_char" returns only one character at once
> (for now), and assumes cnt > 0. This assumption will reduce code for
> now.
But it will break in the future. If new firmware is released for beat,
that returns more than one char, then it will silently corrupt old kernels
on rare occasions, making the problem hard to find. What's more, the
firmware people might forget to tell you about thier change, and
so you won't submit a matching update to the linux kernel. (Or you may
have a new job by then, or have lost interest/got bored, etc.)
Years later, someone will finally debug the problem, after a long and
difficult search, and they'll curse this code. Better do it right, now.
> > > +static int hvc_beat_put_chars(uint32_t vtermno, const char *buf, int cnt)
> > > +{
> > > + unsigned long kb[2];
> > > +
> > > + memcpy(kb, buf, sizeof(kb));
> > > + beat_put_term_char(vtermno, cnt, kb[0], kb[1]);
> > > + return cnt;
> > > +}
>
> > I can't imagine how this can possibly work.
> > What if "cnt" is greater than 8?
>
> This routine assumes that 0 <= cnt <= 16, that is already checked by
> caller. (Note that "unsigned long" is 8 bytes long at ppc64)
Actually, its N_OUTBUF which is currently defined to be 16. However,
that may someday change, in which case you'd have a bug, again.
--linas
next prev parent reply other threads:[~2006-12-14 17:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-12 3:31 [PATCH 6/15] hypervisor console driver for Celleb Ishizaki Kou
2006-12-12 4:09 ` Michael Ellerman
2006-12-12 11:27 ` Ishizaki Kou
2006-12-12 11:30 ` Ishizaki Kou
2006-12-12 12:03 ` Ishizaki Kou
2006-12-12 19:41 ` Linas Vepstas
2006-12-14 1:42 ` Ishizaki Kou
2006-12-14 17:36 ` Linas Vepstas [this message]
2006-12-20 8:37 ` Ishizaki Kou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061214173636.GU4329@austin.ibm.com \
--to=linas@austin.ibm.com \
--cc=kou.ishizaki@toshiba.co.jp \
--cc=linuxppc-dev@ozlabs.org \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).