[PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support
Scott Wood
scottwood at freescale.com
Wed Mar 27 04:35:42 EST 2013
On 03/25/2013 10:27:24 PM, Wang Dongsheng-B40534 wrote:
>
>
> > -----Original Message-----
> > From: Wood Scott-B07421
> > Sent: Saturday, March 23, 2013 6:11 AM
> > To: Wang Dongsheng-B40534
> > Cc: Wood Scott-B07421; Gala Kumar-B11780;
> linuxppc-dev at lists.ozlabs.org;
> > Zhao Chenhui-B35336; Li Yang-R58472
> > Subject: Re: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support
> >
> > On 03/22/2013 12:46:24 AM, Wang Dongsheng-B40534 wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Wood Scott-B07421
> > > > Sent: Thursday, March 21, 2013 5:49 AM
> > > > To: Wang Dongsheng-B40534
> > > > Cc: Wood Scott-B07421; Gala Kumar-B11780;
> > > linuxppc-dev at lists.ozlabs.org;
> > > > Zhao Chenhui-B35336; Li Yang-R58472
> > > > Subject: Re: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup
> support
> > > >
> > > > On 03/19/2013 10:48:53 PM, Wang Dongsheng-B40534 wrote:
> > > > > while (*s) {
> > > > > if ('0' <= *s && *s <= '9')
> > > > > val = *s - '0';
> > > > > else if ('a' <= _tolower(*s) && _tolower(*s) <=
> 'f')
> > > > > val = _tolower(*s) - 'a' + 10;
> > > > > else
> > > > > break; //this will break out to
> convert.
> > > >
> > > > Really? How do you know that the next byte after the buffer
> isn't a
> > > > valid hex digit? How do you even know that we won't take a
> fault
> > > > accessing it?
> > > >
> > > Under what case is unsafe, please make sense.
> >
> > char buffer[1] = { '5' };
> > write(fd, &buffer, 1);
> >
> > What comes after that '5' byte in the pointer you pass to kstrtol?
> >
> The buffer is userspace. It will fall in the kernel space.
> Kernel will get a free page, and copy the buffer to page.
> This page has been cleared before copy to page.
> The page has already have null-terminated.
It doesn't allocate a whole page, it uses kmalloc (not kzalloc!). Even
if kzalloc were used, a larger user buffer could be the exact size of
the region that was allocated.
See memdup_user() in mm/util.c
-Scott
More information about the Linuxppc-dev
mailing list