Re: [PATCH][1/2] add new Cobalt LCD framebuffer driver

Yoichi Yuasa <yoichi_yuasa@xxxxxxxxxxxxxx> · Wed, 25 Jun 2008 22:46:53 +0900

On Tue, 24 Jun 2008 14:15:15 -0700
Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote:

> On Tue, 24 Jun 2008 22:46:54 +0900
> Yoichi Yuasa <yoichi_yuasa@xxxxxxxxxxxxxx> wrote:
> 
> > Add new Cobalt LCD framebuffer driver.
> > 
> > Signed-off-by: Yoichi Yuasa <yoichi_yuasa@xxxxxxxxxxxxxx>
> > 
> >
> > ...
> >
> > +static ssize_t cobalt_lcdfb_read(struct fb_info *info, char __user *buf,
> > +				 size_t count, loff_t *ppos)
> > +{
> > +	char src[LCD_CHARS_MAX];
> > +	unsigned long pos;
> > +	int len, retval;
> > +
> > +	pos = *ppos;
> > +	if (pos >= LCD_CHARS_MAX)
> > +		return 0;
> > +
> > +	if (pos + count >= LCD_CHARS_MAX)
> > +		count = LCD_CHARS_MAX - pos;
> 
> I think if sizeof(pos) == sizeof(count), and `count' is sufficiently
> large (eg: 0xffffffff) then bad things will happen in this function.
> 
> > +	for (len = 0; len < count; len++) {
> > +		retval = lcd_busy_wait(info);
> > +		if (retval < 0)
> > +			break;
> > +
> > +		lcd_write_control(info, LCD_TEXT_POS(pos));
> > +
> > +		retval = lcd_busy_wait(info);
> > +		if (retval < 0)
> > +			break;
> > +
> > +		src[len] = lcd_read_data(info);
> > +		if (pos == 0x0f)
> > +			pos = 0x40;
> > +		else
> > +			pos++;
> > +	}
> > +
> > +	if (copy_to_user(buf, src, len))
> > +		return -EFAULT;
> > +
> > +	*ppos += len;
> > +
> > +	return len;
> > +}
> > +
> > +static ssize_t cobalt_lcdfb_write(struct fb_info *info, const char __user *buf,
> > +				  size_t count, loff_t *ppos)
> > +{
> > +	char dst[LCD_CHARS_MAX];
> > +	unsigned long pos;
> > +	int len, retval;
> > +
> > +	pos = *ppos;
> > +	if (pos >= LCD_CHARS_MAX)
> > +		return 0;
> > +
> > +	if (pos + count >= LCD_CHARS_MAX)
> > +		count = LCD_CHARS_MAX - pos;
> 
> Ditto.
> 
> > +	if (copy_from_user(dst, buf, count))
> > +		return -EFAULT;
> > +
> > +	for (len = 0; len < count; len++) {
> > +		retval = lcd_busy_wait(info);
> > +		if (retval < 0)
> > +			break;
> > +
> > +		lcd_write_control(info, LCD_TEXT_POS(pos));
> > +
> > +		retval = lcd_busy_wait(info);
> > +		if (retval < 0)
> > +			break;
> > +
> > +		lcd_write_data(info, dst[len]);
> > +		if (pos == 0x0f)
> > +			pos = 0x40;
> > +		else
> > +			pos++;
> > +	}
> > +
> > +	*ppos += len;
> > +
> > +	return len;
> > +}
> 
> Is there any real benefit in this handling of signal_pending()?  afaict
> it is done correctly, but why did we bother doing it?
> 

Thank you for your comments.
I'll update it.

Yoichi