[PATCH 6/15] hypervisor console driver for Celleb
Ishizaki Kou
kou.ishizaki at toshiba.co.jp
Thu Dec 14 12:42:16 EST 2006
Linas-san,
Thanks for your comment.
> On Tue, Dec 12, 2006 at 12:31:29PM +0900, Ishizaki Kou wrote:
> > +
> > +static int hvc_beat_get_chars(uint32_t vtermno, char *buf, int cnt)
> > +{
> > + unsigned long kb[2];
> > + unsigned long got;
> > +
> > + if (beat_get_term_char(vtermno, &got, &kb[0], &kb[1]) == 0) {
> > + memcpy(buf, kb, got);
> > + return got;
> This seems to completely ignore "cnt". Thus, I presume that
> beat_get_term_char might return more chars than there is room for in buf,
> thus corrupting something, somewhere.
This depends "beat_get_term_char" returns only one character at once
(for now), and assumes cnt > 0. This assumption will reduce code for
now.
> > +static int hvc_beat_put_chars(uint32_t vtermno, const char *buf, int cnt)
> > +{
> > + unsigned long kb[2];
> > +
> > + memcpy(kb, buf, sizeof(kb));
> > + beat_put_term_char(vtermno, cnt, kb[0], kb[1]);
> > + return cnt;
> > +}
> I can't imagine how this can possibly work.
> What if "cnt" is greater than 8?
This routine assumes that 0 <= cnt <= 16, that is already checked by
caller. (Note that "unsigned long" is 8 bytes long at ppc64)
Best regards,
Kou Ishizaki
More information about the Linuxppc-dev
mailing list