lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <5051F648.8030003@suse.cz>
Date:	Thu, 13 Sep 2012 17:05:44 +0200
From:	Jiri Slaby <jslaby@...e.cz>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>,
	linux-input@...r.kernel.org, Henrik Rydberg <rydberg@...omail.se>,
	LKML <linux-kernel@...r.kernel.org>,
	Jiri Slaby <jirislaby@...il.com>
Subject: input_to_handler: unable to handle kernel NULL pointer dereference

Hi,

-next commit "Input: Send events one packet at a time" seems like broke
the input layer:
BUG: unable to handle kernel NULL pointer dereference at      (null)
IP: [<          (null)>]           (null)
PGD 0
Oops: 0010 [#1] SMP
Modules linked in:
CPU 0
Pid: 0, comm: swapper/0 Not tainted 3.6.0-rc5-next-20120912_64+ #44
Bochs Bochs
RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
RSP: 0018:ffff880049603c70  EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000045
RDX: 0000000000000004 RSI: 0000000000000004 RDI: ffff880047bff918
RBP: ffff880049603cb8 R08: 00000000000000c5 R09: ffff880047400000
R10: 000000000000001d R11: 00000000000000c5 R12: ffffffff81a36c00
R13: ffff8800465c6d50 R14: ffff8800465c6d50 R15: ffff8800465c6d48
FS:  0000000000000000(0000) GS:ffff880049600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000001a0b000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper/0 (pid: 0, threadinfo ffffffff81a00000, task
ffffffff81a13420)
Stack:
 ffffffff81473df2 ffffffff8109c4de ffff880047bff918 ffff880049611200
 ffff8800465c6d40 ffff880047bff918 ffff880046a2ae68 0000000000000002
 ffff880046a2b328 ffff880049603d08 ffffffff81475ea9 ffffffff810965c5
Call Trace:
 <IRQ>
 [<ffffffff81473df2>] ? input_to_handler+0xc2/0xe0
 [<ffffffff8109c4de>] ? enqueue_task_fair+0xfe/0x180
 [<ffffffff81475ea9>] input_pass_values.part.14+0x159/0x160
 [<ffffffff810965c5>] ? check_preempt_curr+0x75/0xa0
 [<ffffffff81476f03>] input_handle_event+0x113/0x520
 [<ffffffff81477402>] input_event+0x52/0x70
 [<ffffffff810989ed>] ? default_wake_function+0xd/0x10
 [<ffffffff8147d657>] atkbd_interrupt+0x297/0x6b0
 [<ffffffff81094bb5>] ? __wake_up_common+0x55/0x90
 [<ffffffff81470e6d>] serio_interrupt+0x4d/0xa0
 [<ffffffff814721ba>] i8042_interrupt+0x1ba/0x3a0
 [<ffffffff810d4902>] ? rcu_process_callbacks+0x3c2/0x4e0
 [<ffffffff8109df97>] ? run_rebalance_domains+0x47/0x160
 [<ffffffff810ce243>] handle_irq_event_percpu+0x43/0x160
 [<ffffffff8109a647>] ? sched_clock_tick+0x57/0xa0
 [<ffffffff810ce39c>] handle_irq_event+0x3c/0x60
 [<ffffffff810d0aaf>] handle_edge_irq+0x6f/0x110
 [<ffffffff8103a52d>] handle_irq+0x1d/0x30




If I do this, everything works:
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -112,9 +112,12 @@ static unsigned int input_to_handler(struct
input_handle *handle,
        if (!count)
                return 0;

+       WARN_ONCE(!handler->events && !handler->event, "%s: %s",
+                       handle->name, handler->name);
+
        if (handler->events)
                handler->events(handle, vals, count);
-       else
+       else if (handler->event)
                for (v = vals; v != end; v++)
                        handler->event(handle, v->type, v->code, v->value);


PS sysrq is the driver causing this.

regards,
-- 
js
suse labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ