lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20191204182942.v4.1.Ib53f70556ffe94d9a1903632ee9b0dc929f94557@changeid>
Date:   Wed,  4 Dec 2019 18:30:54 -0800
From:   Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
To:     Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Pali Rohár <pali.rohar@...il.com>,
        linux-input@...r.kernel.org
Cc:     linux-bluetooth@...r.kernel.org,
        Luiz Augusto von Dentz <luiz.dentz@...il.com>,
        Abhishek Pandit-Subedi <abhishekpandit@...omium.org>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Andrey Smirnov <andrew.smirnov@...il.com>,
        Kirill Smelkov <kirr@...edi.com>
Subject: [PATCH v4] Input: uinput - Add UI_SET_PHYS_STR and UI_SET_UNIQ_STR

The ioctl definition for UI_SET_PHYS is ambiguous because it is defined
with size = sizeof(char*) but is expected to be given a variable length
string. Add a deprecation notice for UI_SET_PHYS and provide
UI_SET_PHYS_STR(len) which expects a size from the user.

Also support setting the uniq attribute of the input device. The uniq
attribute is used as a unique identifier for the connected device.

For example, uinput devices created by BlueZ will store the address of
the connected device as the uniq property.

Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@...omium.org>
---
Hi input maintainers,

Here is an updated patch that refactors the ioctl handlers (properly
allowing the size to be set from userspace). When calling the new
ioctls, the call signature will look like this:

```
ioctl(fd, UI_SET_PHYS_STR(18), "00:11:22:33:44:55");
```

I've tested this on a Chromebook running kernel v4.19 with a sample
program compiled for both 32-bit (i.e. gcc -m32 test.c) and 64-bit.

The final uinput device looks like this:

```
udevadm info -a -p /devices/virtual/input/input18

Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.

  looking at device '/devices/virtual/input/input18':
    KERNEL=="input18"
    SUBSYSTEM=="input"
    DRIVER==""
    ATTR{inhibited}=="0"
    ATTR{name}=="Test"
    ATTR{phys}=="00:00:00:33:44:55"
    ATTR{properties}=="0"
    ATTR{uniq}=="00:11:22:00:00:00"

```


Changes in v4:
- Added uinput_get_user_str

Changes in v3:
- Added UI_SET_PHYS_STR(len) and UI_SET_UNIQ_STR(len) and added
  deprecation notice for UI_SET_PHYS

Changes in v2:
- Added compat handling for UI_SET_UNIQ

 drivers/input/misc/uinput.c | 48 +++++++++++++++++++++++++------------
 include/uapi/linux/uinput.h |  5 ++++
 2 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c
index 84051f20b18a..2c3180370a02 100644
--- a/drivers/input/misc/uinput.c
+++ b/drivers/input/misc/uinput.c
@@ -20,6 +20,7 @@
  */
 #include <uapi/linux/uinput.h>
 #include <linux/poll.h>
+#include <linux/printk.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
 #include <linux/module.h>
@@ -280,7 +281,7 @@ static int uinput_dev_flush(struct input_dev *dev, struct file *file)
 
 static void uinput_destroy_device(struct uinput_device *udev)
 {
-	const char *name, *phys;
+	const char *name, *phys, *uniq;
 	struct input_dev *dev = udev->dev;
 	enum uinput_state old_state = udev->state;
 
@@ -289,6 +290,7 @@ static void uinput_destroy_device(struct uinput_device *udev)
 	if (dev) {
 		name = dev->name;
 		phys = dev->phys;
+		uniq = dev->uniq;
 		if (old_state == UIST_CREATED) {
 			uinput_flush_requests(udev);
 			input_unregister_device(dev);
@@ -297,6 +299,7 @@ static void uinput_destroy_device(struct uinput_device *udev)
 		}
 		kfree(name);
 		kfree(phys);
+		kfree(uniq);
 		udev->dev = NULL;
 	}
 }
@@ -831,6 +834,24 @@ static int uinput_str_to_user(void __user *dest, const char *str,
 	return ret ? -EFAULT : len;
 }
 
+static int uinput_get_user_str(struct uinput_device *udev, const char **kptr,
+			       const char *uptr, unsigned int size)
+{
+	char *tmp;
+
+	if (udev->state == UIST_CREATED)
+		return -EINVAL;
+
+	tmp = strndup_user(uptr, size);
+	if (IS_ERR(tmp))
+		return PTR_ERR(tmp);
+
+	kfree(*kptr);
+	*kptr = tmp;
+
+	return 0;
+}
+
 static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
 				 unsigned long arg, void __user *p)
 {
@@ -839,7 +860,6 @@ static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
 	struct uinput_ff_upload ff_up;
 	struct uinput_ff_erase  ff_erase;
 	struct uinput_request   *req;
-	char			*phys;
 	const char		*name;
 	unsigned int		size;
 
@@ -916,19 +936,8 @@ static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
 		goto out;
 
 	case UI_SET_PHYS:
-		if (udev->state == UIST_CREATED) {
-			retval = -EINVAL;
-			goto out;
-		}
-
-		phys = strndup_user(p, 1024);
-		if (IS_ERR(phys)) {
-			retval = PTR_ERR(phys);
-			goto out;
-		}
-
-		kfree(udev->dev->phys);
-		udev->dev->phys = phys;
+		pr_warn_once("uinput: UI_SET_PHYS is deprecated. Use UI_SET_PHYS_STR");
+		retval = uinput_get_user_str(udev, &udev->dev->phys, p, 1024);
 		goto out;
 
 	case UI_BEGIN_FF_UPLOAD:
@@ -1023,6 +1032,15 @@ static long uinput_ioctl_handler(struct file *file, unsigned int cmd,
 	case UI_ABS_SETUP & ~IOCSIZE_MASK:
 		retval = uinput_abs_setup(udev, p, size);
 		goto out;
+
+	case UI_SET_PHYS_STR(0):
+		retval = uinput_get_user_str(udev, &udev->dev->phys, p, size);
+		goto out;
+
+	case UI_SET_UNIQ_STR(0):
+		retval = uinput_get_user_str(udev, &udev->dev->uniq, p, size);
+		goto out;
+
 	}
 
 	retval = -EINVAL;
diff --git a/include/uapi/linux/uinput.h b/include/uapi/linux/uinput.h
index c9e677e3af1d..84d4fa142830 100644
--- a/include/uapi/linux/uinput.h
+++ b/include/uapi/linux/uinput.h
@@ -142,9 +142,14 @@ struct uinput_abs_setup {
 #define UI_SET_LEDBIT		_IOW(UINPUT_IOCTL_BASE, 105, int)
 #define UI_SET_SNDBIT		_IOW(UINPUT_IOCTL_BASE, 106, int)
 #define UI_SET_FFBIT		_IOW(UINPUT_IOCTL_BASE, 107, int)
+
+/* DEPRECATED: Data size is ambiguous. Use UI_SET_PHYS_STR instead. */
 #define UI_SET_PHYS		_IOW(UINPUT_IOCTL_BASE, 108, char*)
+
 #define UI_SET_SWBIT		_IOW(UINPUT_IOCTL_BASE, 109, int)
 #define UI_SET_PROPBIT		_IOW(UINPUT_IOCTL_BASE, 110, int)
+#define UI_SET_PHYS_STR(len)	_IOC(_IOC_WRITE, UINPUT_IOCTL_BASE, 111, len)
+#define UI_SET_UNIQ_STR(len)	_IOC(_IOC_WRITE, UINPUT_IOCTL_BASE, 112, len)
 
 #define UI_BEGIN_FF_UPLOAD	_IOWR(UINPUT_IOCTL_BASE, 200, struct uinput_ff_upload)
 #define UI_END_FF_UPLOAD	_IOW(UINPUT_IOCTL_BASE, 201, struct uinput_ff_upload)
-- 
2.24.0.393.g34dc348eaf-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ