lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1287409524-3032-1-git-send-email-zonque@gmail.com>
Date:	Mon, 18 Oct 2010 15:45:23 +0200
From:	Daniel Mack <zonque@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	s.neumann@...mfeld.com, linux-input@...r.kernel.org,
	Daniel Mack <zonque@...il.com>, Dmitry Torokhov <dtor@...l.ru>
Subject: [PATCH 1/2] input: fix Ooops with EVIOCGABS/EVIOCSABS on devices without absinfo

This fixes a regression introduced by the dynamic allocation of absinfo
for input devices. We need to bail out early for input devices which
don't have absolute axis.

Oct 18 14:44:52 jup kernel: [  929.664303] Pid: 2989, comm: input Not tainted 2.6.36-rc8+ #14 MS-7260/MS-7260
Oct 18 14:44:52 jup kernel: [  929.664318] EIP: 0060:[<c12bdc01>] EFLAGS: 00010246 CPU: 0
Oct 18 14:44:52 jup kernel: [  929.664331] EIP is at evdev_ioctl+0x4f8/0x59f
Oct 18 14:44:52 jup kernel: [  929.664341] EAX: 00000040 EBX: 00000000 ECX: 00000006 EDX: f45a1efc
Oct 18 14:44:52 jup kernel: [  929.664355] ESI: 00000000 EDI: f45a1efc EBP: f45a1f24 ESP: f45a1eb8
Oct 18 14:44:52 jup kernel: [  929.664369]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Oct 18 14:44:52 jup kernel: [  929.664402]  f470da74 f6a30e78 f462c240 00000018 bfe4a260 00000000 f45b06fc 00000000
Oct 18 14:44:52 jup kernel: [  929.664429] <0> 000000c4 b769d000 c3544620 f470da74 f45b06fc f45b06fc f45a1f38 c107dd1f
Oct 18 14:44:52 jup kernel: [  929.664458] <0> f4710b74 000000c4 00000000 00000000 00000000 0000029d 00000a74 f4710b74
Oct 18 14:44:52 jup kernel: [  929.664500]  [<c107dd1f>] ? handle_mm_fault+0x2be/0x59a
Oct 18 14:44:52 jup kernel: [  929.664513]  [<c12bd709>] ? evdev_ioctl+0x0/0x59f
Oct 18 14:44:52 jup kernel: [  929.664524]  [<c1099d30>] ? do_vfs_ioctl+0x494/0x4d9
Oct 18 14:44:52 jup kernel: [  929.664538]  [<c10432a1>] ? up_read+0x16/0x29
Oct 18 14:44:52 jup kernel: [  929.664550]  [<c101c818>] ? do_page_fault+0x2ff/0x32d
Oct 18 14:44:52 jup kernel: [  929.664564]  [<c108d048>] ? do_sys_open+0xc5/0xcf
Oct 18 14:44:52 jup kernel: [  929.664575]  [<c1099db6>] ? sys_ioctl+0x41/0x61
Oct 18 14:44:52 jup kernel: [  929.664587]  [<c1002710>] ? sysenter_do_call+0x12/0x36
Oct 18 14:44:52 jup kernel: [  929.684570] ---[ end trace 11b83e923bd8f2bb ]---

Signed-off-by: Daniel Mack <zonque@...il.com>
Cc: Dmitry Torokhov <dtor@...l.ru>
Cc: Sven Neumann <s.neumann@...mfeld.com>
---
 drivers/input/evdev.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index c908c5f..afb64cf 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -669,6 +669,9 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 
 		if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
 
+			if (!dev->absinfo)
+				return -EINVAL;
+
 			t = _IOC_NR(cmd) & ABS_MAX;
 			abs = dev->absinfo[t];
 
@@ -684,6 +687,9 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 
 		if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
 
+			if (!dev->absinfo)
+				return -EINVAL;
+
 			t = _IOC_NR(cmd) & ABS_MAX;
 
 			if (copy_from_user(&abs, p, min_t(size_t,
-- 
1.7.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ