[PATCH 6/15] hypervisor console driver for Celleb

Ishizaki Kou kou.ishizaki at toshiba.co.jp
Wed Dec 20 19:37:34 EST 2006


Linas-san,

> On Thu, Dec 14, 2006 at 10:42:16AM +0900, Ishizaki Kou wrote:
> > Linas-san,
> > 
> > Thanks for your comment.
> > 
> > > On Tue, Dec 12, 2006 at 12:31:29PM +0900, Ishizaki Kou wrote:
> > > > +
> > > > +static int hvc_beat_get_chars(uint32_t vtermno, char *buf, int cnt)
> > > > +{
> > > > +	unsigned long kb[2];
> > > > +	unsigned long got;
> > > > +
> > > > +	if (beat_get_term_char(vtermno, &got, &kb[0], &kb[1]) == 0) {
> > > > +	   memcpy(buf, kb, got);
> > > > +		              return got;
> > 
> > > This seems to completely ignore "cnt". Thus, I presume that
> > > beat_get_term_char might return more chars than there is room for in buf,
> > > thus corrupting something, somewhere.

> > This depends "beat_get_term_char" returns only one character at once
> > (for now), and assumes cnt > 0. This assumption will reduce code for
> > now.

> But it will break in the future. If new firmware is released for beat,
> that returns more than one char, then it will silently corrupt old kernels
> on rare occasions, making the problem hard to find. What's more, the 
> firmware people might forget to tell you about thier change, and
> so you won't submit a matching update to the linux kernel. (Or you may
> have a new job by then, or have lost interest/got bored, etc.)
> Years later, someone will finally debug the problem, after a long and
> difficult search, and they'll curse this code.  Better do it right, now.

Okay, we will do.

We have to remark 'this is NOT FOR PRODUCT,' since console I/O of Beat
is HORRIBLY slow (putting characters to console waits till
the characters actually putted to the serial port. No queue is available.)


> > > > +static int hvc_beat_put_chars(uint32_t vtermno, const char *buf, int cnt)
> > > > +{
> > > > +	unsigned long kb[2];
> > > > +
> > > > +	memcpy(kb, buf, sizeof(kb));
> > > > +	beat_put_term_char(vtermno, cnt, kb[0], kb[1]);
> > > > +	return cnt;
> > > > +}
> > 
> > > I can't imagine how this can possibly work. 
> > > What if "cnt" is greater than 8?
> > 
> > This routine assumes that 0 <= cnt <= 16, that is already checked by
> > caller. (Note that "unsigned long" is 8 bytes long at ppc64)
> 
> Actually, its N_OUTBUF which is currently defined to be 16. However,
> that may someday change, in which case you'd have a bug, again.

Okay, we understand your opinion, and will do so.

Best regards,
Kou Ishizaki.



More information about the Linuxppc-dev mailing list