On 2013年04月24日 15:23, Vasant Hegde wrote: > On 04/24/2013 12:33 PM, Chen Gang wrote: >> On 2013年04月24日 14:28, Vasant Hegde wrote: >>> On 04/23/2013 08:42 AM, Chen Gang wrote: >>>> >>>> need set '\0' for 'local_buffer'. >>>> >>>> SPLPAR_MAXLENGTH is 1026, RTAS_DATA_BUF_SIZE is 4096. so the >>>> contents of >>>> rtas_data_buf may truncated in memcpy. >>>> >>>> if contents are really truncated. >>>> the splpar_strlen is more than 1026. the next while loop >>>> checking will >>>> not find the end of buffer. that will cause memory access >>>> violation. >>>> >>> >>> Per parameter length in ibm,get-system-parameter RTAS call is limited to >>> 1026 bytes (1024 bytes of data + 2 bytes length). And 'rtas_data_buf' >>> was set to 0 (first 1026 bytes) before call RTAS call. At the worst if >>> we get junk in RTAS output length field helps to exit from the while >>> loop. So I don't think we need this patch. >> >> Is get-system-parameter return the NUL terminated string ? if so, it >> will no issue (just like your discription). >> > > Length includes the length of the NULL. So (idx < splpar_strlen) > is safe. IMO existing code is proper.
OK, since it is not an issue, I will try another patches for powerpc POWER7. :-) -- Chen Gang Asianux Corporation _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
