From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751371AbdHEHup (ORCPT ); Sat, 5 Aug 2017 03:50:45 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:45225 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751198AbdHEHuo (ORCPT ); Sat, 5 Aug 2017 03:50:44 -0400 Date: Sat, 5 Aug 2017 09:50:36 +0200 From: Heiko Carstens To: sohu0106 Cc: schwidefsky@de.ibm.com, linux-s390@vger.kernel.org, torvalds@linux-foundation.org, linux-kernel@vger.kernel.org Subject: Re: Re: drivers/s390/char/keyboard.c NULL pointer reference References: <3b10f99f.aa01.15da8632dec.Coremail.sohu0106@126.com> <20170804092608.GB3278@osiris> <5ad3af06.c08.15db010eb92.Coremail.sohu0106@126.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5ad3af06.c08.15db010eb92.Coremail.sohu0106@126.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-TM-AS-GCONF: 00 x-cbid: 17080507-0012-0000-0000-0000056C2F52 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17080507-0013-0000-0000-000018E2691D Message-Id: <20170805075036.GA3376@osiris> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-08-05_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1708050126 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Aug 05, 2017 at 09:44:45AM +0800, sohu0106 wrote: > > > I don't understand a bit,My idea is > > in userland > > fd=open("tty3270",O_RDONLY) > ... > ret=ioctl(fd,KDGKBDIACR,NULL) > ... > > then here > drivers/s390/char/keyboard.c > 477 > case KDGKBDIACR: > { > struct kbdiacrs __user *a = argp; > struct kbdiacr diacr; > int i; > > //a is NULL,a->kb_cnt will crash > if (put_user(kbd->accent_table_size, &a->kb_cnt)) a->kb_cnt and &a->kb_cnt is not the same...