Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932574AbbLSBvK (ORCPT ); Fri, 18 Dec 2015 20:51:10 -0500 Received: from mail-pf0-f177.google.com ([209.85.192.177]:33054 "EHLO mail-pf0-f177.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932457AbbLSBul (ORCPT ); Fri, 18 Dec 2015 20:50:41 -0500 Date: Fri, 18 Dec 2015 17:50:38 -0800 From: Dmitry Torokhov To: Elias Vanderstuyft Cc: linux-input@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, David Herrmann , Benjamin Tissoires Subject: Re: [PATCH v2 2/2] Input: uinput: Sanity check on ff_effects_max and EV_FF Message-ID: <20151219015038.GD26333@dtor-ws> References: <1442510988-3164-3-git-send-email-elias.vds@gmail.com> <1447004254-12431-1-git-send-email-elias.vds@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1447004254-12431-1-git-send-email-elias.vds@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2085 Lines: 59 On Sun, Nov 08, 2015 at 06:37:34PM +0100, Elias Vanderstuyft wrote: > Currently the user can set ff_effects_max to zero with the EV_FF bit > (and the FF_GAIN and/or FF_AUTOCENTER bits) set, > in this case the uninitialized methods > ff->set_gain and/or ff->set_autocenter can be dereferenced, > resulting in a kernel oops. > > Check in uinput_create_device() and > print a helpful message and return -EINVAL in case the check fails. > > Signed-off-by: Elias Vanderstuyft Applied, thank you. > --- > Changes in v2: > - Rebase on pending patches from David Herrmann and Benjamin Tissoires: > - v3 Input: uinput - add new UINPUT_DEV_SETUP and UI_ABS_SETUP ioctl > - Input: uinput - rework ABS validation > - Don't require EV_FF bit to be set when ff_effects_max is non-zero > - Move check from uinput_setup_device() to uinput_create_device() > - Update commit description > > At the same time, the new UINPUT_DEV_SETUP and UI_ABS_SETUP ioctls were > tested as well (in both orders). > The legacy write() (instead of UINPUT_DEV_SETUP) was also tested. > > drivers/input/misc/uinput.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c > index 1d93037..b9d0713 100644 > --- a/drivers/input/misc/uinput.c > +++ b/drivers/input/misc/uinput.c > @@ -272,6 +272,13 @@ static int uinput_create_device(struct uinput_device *udev) > input_set_events_per_packet(dev, 60); > } > > + if (test_bit(EV_FF, dev->evbit) && !udev->ff_effects_max) { > + printk(KERN_DEBUG "%s: ff_effects_max should be non-zero when FF_BIT is set\n", > + UINPUT_NAME); > + error = -EINVAL; > + goto fail1; > + } > + > if (udev->ff_effects_max) { > error = input_ff_create(dev, udev->ff_effects_max); > if (error) > -- > 1.9.3 > -- Dmitry -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/