From patchwork Mon Apr 25 20:20:29 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Stultz X-Patchwork-Id: 1173 Return-Path: Delivered-To: unknown Received: from imap.gmail.com (74.125.159.109) by localhost6.localdomain6 with IMAP4-SSL; 08 Jun 2011 14:49:52 -0000 Delivered-To: patches@linaro.org Received: by 10.224.2.73 with SMTP id 9cs48734qai; Mon, 25 Apr 2011 13:20:50 -0700 (PDT) Received: by 10.101.15.18 with SMTP id s18mr2311910ani.99.1303762849985; Mon, 25 Apr 2011 13:20:49 -0700 (PDT) Received: from e39.co.us.ibm.com (e39.co.us.ibm.com [32.97.110.160]) by mx.google.com with ESMTPS id 16si14057256ank.157.2011.04.25.13.20.48 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Apr 2011 13:20:48 -0700 (PDT) Received-SPF: pass (google.com: domain of jstultz@us.ibm.com designates 32.97.110.160 as permitted sender) client-ip=32.97.110.160; Authentication-Results: mx.google.com; spf=pass (google.com: domain of jstultz@us.ibm.com designates 32.97.110.160 as permitted sender) smtp.mail=jstultz@us.ibm.com Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e39.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id p3PK7EZV029675; Mon, 25 Apr 2011 14:07:14 -0600 Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p3PKKhT6058926; Mon, 25 Apr 2011 14:20:43 -0600 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p3PKKg3w026475; Mon, 25 Apr 2011 14:20:42 -0600 Received: from kernel.beaverton.ibm.com (kernel.beaverton.ibm.com [9.47.67.96]) by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p3PKKg7n026398; Mon, 25 Apr 2011 14:20:42 -0600 Received: by kernel.beaverton.ibm.com (Postfix, from userid 1056) id 90EF61E7511; Mon, 25 Apr 2011 13:20:41 -0700 (PDT) From: John Stultz To: LKML Cc: John Stultz , Anton Vorontsov , Akihiro MAEDA , Masashi YOKOTA Subject: [PATCH 3/3][RFC] power: Fixup stack usage in vritual battery driver Date: Mon, 25 Apr 2011 13:20:29 -0700 Message-Id: <1303762829-18000-4-git-send-email-john.stultz@linaro.org> X-Mailer: git-send-email 1.7.3.2.146.gca209 In-Reply-To: <1303762829-18000-1-git-send-email-john.stultz@linaro.org> References: <1303762829-18000-1-git-send-email-john.stultz@linaro.org> For some reason the virtual battery driver code allocates 4k on the stack. This is clearly broken, so keep the length smaller (256) and cleanup the string management code to use the bounds checking versions. Also cleans up some 80+ char line formatting issues. CC: Anton Vorontsov CC: Akihiro MAEDA CC: Masashi YOKOTA Signed-off-by: John Stultz --- drivers/power/virtual_battery.c | 62 +++++++++++++++++++++++++------------- 1 files changed, 41 insertions(+), 21 deletions(-) diff --git a/drivers/power/virtual_battery.c b/drivers/power/virtual_battery.c index ed686ef..e865230 100644 --- a/drivers/power/virtual_battery.c +++ b/drivers/power/virtual_battery.c @@ -115,6 +115,7 @@ static struct power_supply power_supply_bat = { }; +#define MAX_KEYLENGTH 256 struct battery_property_map { int value; char const * key; @@ -160,18 +161,21 @@ static struct battery_property_map map_technology[] = { }; -static int map_get_value(struct battery_property_map * map, const char * key, int def_val) +static int map_get_value(struct battery_property_map * map, const char * key, + int def_val) { - char buf[4096]; + char buf[MAX_KEYLENGTH]; int cr; - strcpy(buf, key); - cr = strlen(buf) - 1; + strncpy(buf, key, MAX_KEYLENGTH); + buf[MAX_KEYLENGTH-1] = '\0'; + + cr = strnlen(buf, MAX_KEYLENGTH) - 1; if (buf[cr] == '\n') buf[cr] = '\0'; while (map->key) { - if (strcasecmp(map->key, buf) == 0) + if (strncasecmp(map->key, buf, MAX_KEYLENGTH) == 0) return map->value; map++; } @@ -180,7 +184,8 @@ static int map_get_value(struct battery_property_map * map, const char * key, in } -static const char * map_get_key(struct battery_property_map * map, int value, const char * def_key) +static const char * map_get_key(struct battery_property_map * map, int value, + const char * def_key) { while (map->key) { if (map->value == value) @@ -193,7 +198,8 @@ static const char * map_get_key(struct battery_property_map * map, int value, co static int param_set_ac_status(const char *key, const struct kernel_param *kp) { - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", __func__, kp->name, key); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", + __func__, kp->name, key); ac_status = map_get_value( map_ac_online, key, ac_status); power_supply_changed(&power_supply_ac); return 0; @@ -206,9 +212,11 @@ static int param_get_ac_status(char *buffer, const struct kernel_param *kp) return strlen(buffer); } -static int param_set_battery_status(const char *key, const struct kernel_param *kp) +static int param_set_battery_status(const char *key, + const struct kernel_param *kp) { - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s.\n", __func__, kp->name, key); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s.\n", + __func__, kp->name, key); battery_status = map_get_value( map_status, key, battery_status); power_supply_changed(&power_supply_bat); return 0; @@ -221,9 +229,11 @@ static int param_get_battery_status(char *buffer, const struct kernel_param *kp) return strlen(buffer); } -static int param_set_battery_health(const char *key, const struct kernel_param *kp) +static int param_set_battery_health(const char *key, + const struct kernel_param *kp) { - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", __func__, kp->name, key); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", + __func__, kp->name, key); battery_health = map_get_value( map_health, key, battery_health); power_supply_changed(&power_supply_bat); return 0; @@ -236,41 +246,51 @@ static int param_get_battery_health(char *buffer, const struct kernel_param *kp) return strlen(buffer); } -static int param_set_battery_present(const char *key, const struct kernel_param *kp) +static int param_set_battery_present(const char *key, + const struct kernel_param *kp) { - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", __func__, kp->name, key); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", + __func__, kp->name, key); battery_present = map_get_value( map_present, key, battery_present); power_supply_changed(&power_supply_ac); return 0; } -static int param_get_battery_present(char *buffer, const struct kernel_param *kp) +static int param_get_battery_present(char *buffer, + const struct kernel_param *kp) { dev_dbg(&bat_pdev->dev, "%s: name=%s\n", __func__, kp->name); strcpy(buffer, map_get_key( map_present, battery_present, "unknown")); return strlen(buffer); } -static int param_set_battery_technology(const char *key, const struct kernel_param *kp) +static int param_set_battery_technology(const char *key, + const struct kernel_param *kp) { - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", __func__, kp->name, key); - battery_technology = map_get_value( map_technology, key, battery_technology); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", + __func__, kp->name, key); + battery_technology = map_get_value(map_technology, key, + battery_technology); power_supply_changed(&power_supply_bat); return 0; } -static int param_get_battery_technology(char *buffer, const struct kernel_param *kp) +static int param_get_battery_technology(char *buffer, + const struct kernel_param *kp) { dev_dbg(&bat_pdev->dev, "%s: name=%s\n", __func__, kp->name); - strcpy(buffer, map_get_key( map_technology, battery_technology, "unknown")); + strcpy(buffer, + map_get_key( map_technology, battery_technology, "unknown")); return strlen(buffer); } -static int param_set_battery_capacity(const char *key, const struct kernel_param *kp) +static int param_set_battery_capacity(const char *key, + const struct kernel_param *kp) { int tmp; - dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", __func__, kp->name, key); + dev_dbg(&bat_pdev->dev, "%s: name=%s, key=%s\n", + __func__, kp->name, key); if (1 != sscanf(key, "%d", &tmp)) return -EINVAL;