On Thu, 31 Jul 2008, Linus Torvalds wrote:
quoted text
> >     /* Check for ABS_X, ABS_Y, ABS_PRESSURE and BTN_TOOL_FINGER */
> > 
> >     SYSCALL(ret = ioctl(fd, EVIOCGBIT(0, KEY_MAX), evbits));
> > 
> > So we allocate 64 bytes on stack and then as kernel to fill it with
> > 511 bytes worth of data.
> 
> Ok, I can see how it's confused, asking for KEY_MAX _bits_. If this is the 
> main user, why not just change the definition to be in bits?

Or just say that "if the buffer is really much too big, maybe they meant 
bits"?

IOW, something like this?

(And no, I'm not seriously proposing _this_ patch, but you get the idea)

		Linus
---
 drivers/input/evdev.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index 2d65411..e45451d 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -734,7 +734,7 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 		if (_IOC_DIR(cmd) == _IOC_READ) {
 
 			if ((_IOC_NR(cmd) & ~EV_MAX) == _IOC_NR(EVIOCGBIT(0, 0))) {
-
+				unsigned int size = _IOC_SIZE(cmd);
 				unsigned long *bits;
 				int len;
 
@@ -751,7 +751,12 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 				case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
 				default: return -EINVAL;
 				}
-				return bits_to_user(bits, len, _IOC_SIZE(cmd), p, compat_mode);
+
+				/* Some people get confused about size in bits vs bytes */
+				if (size >= len/8)
+					size = size/8;
+
+				return bits_to_user(bits, len, size, p, compat_mode);
 			}
 
 			if (_IOC_NR(cmd) == _IOC_NR(EVIOCGKEY(0)))
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/