lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 11 Sep 2013 10:29:41 +1000
From:	Ryan Mallon <rmallon@...il.com>
To:	Dmitry Torokhov <dmitry.torokhov@...il.com>
CC:	rydberg@...omail.se, carl@...labs.com, linux-input@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] uinput: Support injecting multiple events in one
 write() call

On 11/09/13 10:14, Dmitry Torokhov wrote:
> Hi Ryan,
>
> On Wed, Sep 11, 2013 at 09:32:52AM +1000, Ryan Mallon wrote:
>> Rework the code in uinput_inject_event so that it matches the code in
>> evdev_write and allows injecting more than one event, or zero events.
>>
>> Signed-off-by: Ryan Mallon <rmallon@...il.com>
>> ---
>>  drivers/input/misc/uinput.c |   14 +++++++++-----
>>  1 file changed, 9 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
>> index a0a4bba..6aea346 100644
>> --- a/drivers/input/misc/uinput.c
>> +++ b/drivers/input/misc/uinput.c
>> @@ -434,16 +434,20 @@ static ssize_t uinput_inject_event(struct uinput_device *udev,
>>  				   const char __user *buffer, size_t count)
>>  {
>>  	struct input_event ev;
>> +	size_t bytes = 0;
>>  
>> -	if (count < input_event_size())
>> +	if (count != 0 && count < input_event_size())
>>  		return -EINVAL;
>>  
>> -	if (input_event_from_user(buffer, &ev))
>> -		return -EFAULT;
>> +	while (bytes + input_event_size() <= count) {
>> +		if (input_event_from_user(buffer + bytes, &ev))
>> +			return -EFAULT;
> Unless the failure is in the very first packet we should tell the user
> how many bytes we have transferred successfully instead of returning
> -EFAULT.

Good point. evdev is also broken in this regard, I'll send a follow-up
patch for that once you are happy with this one. Updated patch is below:

~Ryan

---
diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index a0a4bba..92ca2c5 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -434,16 +434,20 @@ static ssize_t uinput_inject_event(struct uinput_device *u
                                   const char __user *buffer, size_t count)
 {
        struct input_event ev;
+       size_t bytes = 0;
 
-       if (count < input_event_size())
+       if (count != 0 && count < input_event_size())
                return -EINVAL;
 
-       if (input_event_from_user(buffer, &ev))
-               return -EFAULT;
+       while (bytes + input_event_size() <= count) {
+               if (input_event_from_user(buffer + bytes, &ev))
+                       return bytes ?: -EFAULT;
 
-       input_event(udev->dev, ev.type, ev.code, ev.value);
+               input_event(udev->dev, ev.type, ev.code, ev.value);
+               bytes += input_event_size();
+       }
 
-       return input_event_size();
+       return bytes;
 }
 
 static ssize_t uinput_write(struct file *file, const char __user *buffer,

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ