Re: [PATCH 3/4] HID: debug: empty output queue on read

Jiri Kosina Thu, 18 Apr 2013 18:56:38 -0700

On Wed, 17 Apr 2013, Benjamin Tissoires wrote:

> If an event occurs while the hid debugfs is forwarding events, list->tail
> is updated during copy_to_user().
> 
> Remove the gotos and use a regular while-loop to empty the queue.
> 
> Second benefit, it checks that we are not writing more than count bytes
> to the user-space output buffer.
> 
> Signed-off-by: Benjamin Tissoires <benjamin.tissoi...@redhat.com>
> ---
>  drivers/hid/hid-debug.c | 27 +++++++++++----------------
>  1 file changed, 11 insertions(+), 16 deletions(-)
> 
> diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c
> index 094cbcf..1dc8104 100644
> --- a/drivers/hid/hid-debug.c
> +++ b/drivers/hid/hid-debug.c
> @@ -1000,6 +1000,7 @@ static ssize_t hid_debug_events_read(struct file *file, 
> char __user *buffer,
>               size_t count, loff_t *ppos)
>  {
>       struct hid_debug_list *list = file->private_data;
> +     char *buf_head;
>       int ret = 0, len;
>       DECLARE_WAITQUEUE(wait, current);
>  
> @@ -1039,28 +1040,22 @@ static ssize_t hid_debug_events_read(struct file 
> *file, char __user *buffer,
>                       goto out;
>  
>               /* pass the ringbuffer contents to userspace */
> -copy_rest:
> -             if (list->tail == list->head)
> -                     goto out;
> -             if (list->tail > list->head) {
> -                     len = list->tail - list->head;
> +             while (list->tail != list->head && ret < count) {
> +                     buf_head = &list->hid_debug_buf[list->head];
>  
> -                     if (copy_to_user(buffer + ret, 
> &list->hid_debug_buf[list->head], len)) {
> -                             ret = -EFAULT;
> -                             goto out;
> -                     }
> -                     ret += len;
> -                     list->head += len;
> -             } else {
> -                     len = HID_DEBUG_BUFSIZE - list->head;
> +                     if (list->tail > list->head)
> +                             len = list->tail - list->head;
> +                     else
> +                             len = HID_DEBUG_BUFSIZE - list->head;
> +
> +                     len = min(count - ret, len);


This triggers a type checking warning in min(), and it seems to be correct 
on this one (mixing size_t with signed int).

drivers/hid/hid-debug.c:1079: warning: comparison of distinct pointer types 
lacks a cast

-- 
Jiri Kosina
SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH 3/4] HID: debug: empty output queue on read

Reply via email to