From: Wang Dongsheng-B40534 <B40534@freescale.com>
To: Wood Scott-B07421 <B07421@freescale.com>
Cc: Gala Kumar-B11780 <B11780@freescale.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
Li Yang-R58472 <r58472@freescale.com>,
Zhao Chenhui-B35336 <B35336@freescale.com>
Subject: RE: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support
Date: Wed, 27 Mar 2013 03:21:04 +0000 [thread overview]
Message-ID: <ABB05CD9C9F68C46A5CEDC7F15439259EBB71C@039-SN2MPN1-022.039d.mgd.msft.net> (raw)
In-Reply-To: <1364319342.469.7@snotra>
> -----Original Message-----
> From: Wood Scott-B07421
> Sent: Wednesday, March 27, 2013 1:36 AM
> To: Wang Dongsheng-B40534
> Cc: Wood Scott-B07421; Gala Kumar-B11780; linuxppc-dev@lists.ozlabs.org;
> Zhao Chenhui-B35336; Li Yang-R58472
> Subject: Re: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support
>=20
> On 03/25/2013 10:27:24 PM, Wang Dongsheng-B40534 wrote:
> >
> >
> > > -----Original Message-----
> > > From: Wood Scott-B07421
> > > Sent: Saturday, March 23, 2013 6:11 AM
> > > To: Wang Dongsheng-B40534
> > > Cc: Wood Scott-B07421; Gala Kumar-B11780;
> > linuxppc-dev@lists.ozlabs.org;
> > > Zhao Chenhui-B35336; Li Yang-R58472
> > > Subject: Re: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support
> > >
> > > On 03/22/2013 12:46:24 AM, Wang Dongsheng-B40534 wrote:
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Wood Scott-B07421
> > > > > Sent: Thursday, March 21, 2013 5:49 AM
> > > > > To: Wang Dongsheng-B40534
> > > > > Cc: Wood Scott-B07421; Gala Kumar-B11780;
> > > > linuxppc-dev@lists.ozlabs.org;
> > > > > Zhao Chenhui-B35336; Li Yang-R58472
> > > > > Subject: Re: [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup
> > support
> > > > >
> > > > > On 03/19/2013 10:48:53 PM, Wang Dongsheng-B40534 wrote:
> > > > > > while (*s) {
> > > > > > if ('0' <=3D *s && *s <=3D '9')
> > > > > > val =3D *s - '0';
> > > > > > else if ('a' <=3D _tolower(*s) && _tolower(*s) <=3D
> > 'f')
> > > > > > val =3D _tolower(*s) - 'a' + 10;
> > > > > > else
> > > > > > break; //this will break out to
> > convert.
> > > > >
> > > > > Really? How do you know that the next byte after the buffer
> > isn't a
> > > > > valid hex digit? How do you even know that we won't take a
> > fault
> > > > > accessing it?
> > > > >
> > > > Under what case is unsafe, please make sense.
> > >
> > > char buffer[1] =3D { '5' };
> > > write(fd, &buffer, 1);
> > >
> > > What comes after that '5' byte in the pointer you pass to kstrtol?
> > >
> > The buffer is userspace. It will fall in the kernel space.
> > Kernel will get a free page, and copy the buffer to page.
> > This page has been cleared before copy to page.
> > The page has already have null-terminated.
>=20
> It doesn't allocate a whole page, it uses kmalloc (not kzalloc!). Even
> if kzalloc were used, a larger user buffer could be the exact size of the
> region that was allocated.
>=20
> See memdup_user() in mm/util.c
>=20
Did you miss something?
See fill_write_buffer() in fs/sysfs/file.c. It's used get_zeroed_page()...
See SYSCALL_DEFINE3(write,...) in fs/read_write.c
[c0000000f1ff3a60] [c000000000008224] .show_stack+0x74/0x1b0 (unreliable)
[c0000000f1ff3b10] [c00000000002f370] .fsl_timer_wakeup_store+0x30/0x200
[c0000000f1ff3bc0] [c00000000030accc] .dev_attr_store+0x3c/0x50
[c0000000f1ff3c30] [c00000000018c47c] .sysfs_write_file+0xec/0x1f0
[c0000000f1ff3ce0] [c00000000010dfb4] .vfs_write+0xf4/0x1b0
[c0000000f1ff3d80] [c00000000010e360] .SyS_write+0x60/0xe0
[c0000000f1ff3e30] [c000000000000590] syscall_exit+0x0/0x80
next prev parent reply other threads:[~2013-03-27 3:21 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-08 7:38 [PATCH 1/3] powerpc/mpic: add irq_set_wake support Wang Dongsheng
2013-03-08 7:38 ` [PATCH 2/3] powerpc/mpic: add global timer support Wang Dongsheng
2013-03-18 23:46 ` Scott Wood
2013-03-19 7:55 ` Wang Dongsheng-B40534
2013-03-19 22:59 ` Scott Wood
2013-03-20 6:45 ` Wang Dongsheng-B40534
2013-03-20 22:59 ` Scott Wood
2013-03-22 6:14 ` Wang Dongsheng-B40534
2013-03-22 22:29 ` Scott Wood
2013-03-26 3:29 ` Wang Dongsheng-B40534
2013-03-26 17:31 ` Scott Wood
2013-03-27 3:23 ` Wang Dongsheng-B40534
2013-03-27 17:11 ` Scott Wood
2013-03-28 2:29 ` Wang Dongsheng-B40534
2013-03-28 19:47 ` Scott Wood
2013-03-29 1:58 ` Wang Dongsheng-B40534
2013-03-08 7:38 ` [PATCH 3/3] powerpc/fsl: add MPIC timer wakeup support Wang Dongsheng
2013-03-19 0:30 ` Scott Wood
2013-03-19 6:25 ` Wang Dongsheng-B40534
2013-03-19 22:54 ` Scott Wood
2013-03-20 3:48 ` Wang Dongsheng-B40534
2013-03-20 21:48 ` Scott Wood
2013-03-22 5:46 ` Wang Dongsheng-B40534
2013-03-22 22:11 ` Scott Wood
2013-03-26 3:27 ` Wang Dongsheng-B40534
2013-03-26 17:35 ` Scott Wood
2013-03-27 3:21 ` Wang Dongsheng-B40534 [this message]
2013-03-27 20:25 ` Scott Wood
2013-03-28 3:09 ` Wang Dongsheng-B40534
2013-03-18 9:28 ` [PATCH 1/3] powerpc/mpic: add irq_set_wake support Wang Dongsheng-B40534
2013-03-18 14:41 ` Benjamin Herrenschmidt
2013-03-18 14:44 ` Gala Kumar-B11780
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ABB05CD9C9F68C46A5CEDC7F15439259EBB71C@039-SN2MPN1-022.039d.mgd.msft.net \
--to=b40534@freescale.com \
--cc=B07421@freescale.com \
--cc=B11780@freescale.com \
--cc=B35336@freescale.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=r58472@freescale.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).