From: ext Russell King - ARM Linux <li...@arm.linux.org.uk> Subject: Re: [PATCH 02/10] OMAP: iommu: add initial debugfs support Date: Sun, 16 Aug 2009 22:47:32 +0200
> On Sun, Aug 16, 2009 at 06:13:55PM +0300, Tony Lindgren wrote:
> > * Hiroshi DOYU <hiroshi.d...@nokia.com> [090815 15:06]:
> > > Hi Russell,
> > >
> > > From: ext Russell King - ARM Linux <li...@arm.linux.org.uk>
> > > Subject: Re: [PATCH 02/10] OMAP: iommu: add initial debugfs support
> > > Date: Thu, 13 Aug 2009 11:23:59 +0200
> > >
> > > > On Wed, Aug 12, 2009 at 03:13:24PM +0300, Tony Lindgren wrote:
> > > > > +static DEFINE_MUTEX(iommu_debug_lock);
> > > > > +static char local_buffer[SZ_4K];
> > > >
> > > > I don't like this - what if the data you're sprintf'ing into this
> > > > buffer overflows it?
> > >
> > > Right.
> > >
> > > I have attached the updated version which limits max write counts to
> > > avoid the above buffer overflow.
> >
> > Thanks, I've update my queue with it.
>
> I'm not sure the patch is correct yet. I think this update introduced
> some bugs.
I fixed wrong calculation of line length as below.
diff --git a/arch/arm/mach-omap2/iommu2.c b/arch/arm/mach-omap2/iommu2.c
index 27b4bfa..7fd97aa 100644
--- a/arch/arm/mach-omap2/iommu2.c
+++ b/arch/arm/mach-omap2/iommu2.c
@@ -223,11 +223,12 @@ static ssize_t omap2_dump_cr(struct iommu *obj, struct
cr_regs *cr, char *buf)
do { \
ssize_t bytes; \
const char *str = "%20s: %08x\n"; \
- bytes = snprintf(p, 32, str, __stringify(name), \
+ const int maxcol = 32; \
+ bytes = snprintf(p, maxcol, str, __stringify(name), \
iommu_read_reg(obj, MMU_##name)); \
p += bytes; \
len -= bytes; \
- if (len < strlen(str) + 1) \
+ if (len < maxcol) \
goto out; \
} while (0)
diff --git a/arch/arm/plat-omap/iommu-debug.c b/arch/arm/plat-omap/iommu-debug.c
index 536e897..5a7e409 100644
--- a/arch/arm/plat-omap/iommu-debug.c
+++ b/arch/arm/plat-omap/iommu-debug.c
@@ -121,15 +121,16 @@ static ssize_t debug_write_pagetable(struct file *file,
return count;
}
-#define dump_ioptable_entry_one(lv, da, pteval) \
+#define dump_ioptable_entry_one(lv, da, val) \
({ \
int __err = 0; \
ssize_t bytes; \
+ const int maxcol = 22; \
const char *str = "%d: %08x %08x\n"; \
- bytes = snprintf(p, 22, str, lv, da, pteval); \
+ bytes = snprintf(p, maxcol, str, lv, da, val); \
p += bytes; \
len -= bytes; \
- if (len < strlen(str) + 1) \
+ if (len < maxcol) \
__err = -ENOMEM; \
__err; \
})
@@ -229,12 +230,13 @@ static ssize_t debug_read_mmap(struct file *file, char
__user *userbuf,
list_for_each_entry(tmp, &obj->mmap, list) {
size_t len;
const char *str = "%3d %08x-%08x %6x %8x\n";
+ const int maxcol = 39;
len = tmp->da_end - tmp->da_start;
- p += snprintf(p, strlen(str) + 1, str,
+ p += snprintf(p, maxcol, str,
i, tmp->da_start, tmp->da_end, len, tmp->flags);
- if ((strlen(str) + 1) > (PAGE_SIZE - (p - buf)))
+ if (PAGE_SIZE - (p - buf) < maxcol)
break;
i++;
}
--
1.6.0.4
0001-OMAP-iommu-add-initial-debugfs-support.patch
Description: Binary data
