On Thu, 25 Apr 2024 21:42:26 -0700
> syzbot found the following issue on:
>
> HEAD commit: 7b4f2bc91c15 Add linux-next specific files for 20240418
> git tree: linux-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14b59430980000
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 7b4f2bc91c15
--- x/drivers/input/misc/uinput.c
+++ y/drivers/input/misc/uinput.c
@@ -157,8 +157,6 @@ static int uinput_request_send(struct ui
goto out;
}
- init_completion(&request->done);
-
/*
* Tell our userspace application about this new request
* by queueing an input event.
@@ -175,6 +173,8 @@ static int uinput_request_submit(struct
{
int retval;
+ init_completion(&request->done);
+
retval = uinput_request_reserve_slot(udev, request);
if (retval)
return retval;
@@ -311,8 +311,11 @@ static int uinput_create_device(struct u
struct input_dev *dev = udev->dev;
int error, nslot;
+ lockdep_assert_held(&udev->mutex);
+
if (udev->state != UIST_SETUP_COMPLETE) {
printk(KERN_DEBUG "%s: write device info first\n", UINPUT_NAME);
+ mutex_unlock(&udev->mutex);
return -EINVAL;
}
@@ -362,9 +365,12 @@ static int uinput_create_device(struct u
input_set_drvdata(udev->dev, udev);
+ mutex_unlock(&udev->mutex);
error = input_register_device(udev->dev);
- if (error)
+ if (error) {
+ mutex_lock(&udev->mutex);
goto fail2;
+ }
udev->state = UIST_CREATED;
@@ -372,6 +378,7 @@ static int uinput_create_device(struct u
fail2: input_ff_destroy(dev);
fail1: uinput_destroy_device(udev);
+ mutex_unlock(&udev->mutex);
return error;
}
@@ -901,8 +908,7 @@ static long uinput_ioctl_handler(struct
goto out;
case UI_DEV_CREATE:
- retval = uinput_create_device(udev);
- goto out;
+ return uinput_create_device(udev);
case UI_DEV_DESTROY:
uinput_destroy_device(udev);
--
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: [email protected]
Tested on:
commit: 7b4f2bc9 Add linux-next specific files for 20240418
git tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
console output: https://syzkaller.appspot.com/x/log.txt?x=17674890980000
kernel config: https://syzkaller.appspot.com/x/.config?x=ae644165a243bf62
dashboard link: https://syzkaller.appspot.com/bug?extid=159077b1355b8cd72757
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=10d6cb80980000
Note: testing is done by a robot and is best-effort only.