lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <5404D7D5-47EF-4399-B0D9-B3C68A3D5895@codeweavers.com>
Date:   Tue, 21 Apr 2020 11:53:19 -0700
From:   Brendan Shanks <bshanks@...eweavers.com>
To:     linux-input@...r.kernel.org
Cc:     dmitry.torokhov@...il.com, rydberg@...math.org,
        linux-kernel@...r.kernel.org,
        Mathieu Maret <mathieu.maret@...il.com>,
        mmaret@...ium-vision.com
Subject: Re: BUG: ff_effects lost after a fork


> On Nov 27, 2019, at 2:10 AM, Mathieu Maret <mathieu.maret@...il.com> wrote:
> 
> Hi,
> 
> I'm using evdev for vibrator interface.
> I can register ff_effect and play them.
> But, if I do any kind of fork, all the effects are flush and cannot be
> used.
> 
> You can find, below, an example of such a program.
> From some trace have put in the kernel, it's seems that at the end of
> the system() call, evdev_flush get called.
> 
> evdev_flush() will call flush_effects() that will remove all the
> registered effects.
> 
> I've only one device with vibrator and it's a imx6 4.1.15 kernel. But
> code looks the same that in linus master that why I'm posting it here. I
> hope that it will not waste people time
> 

Hi everyone,

I’m also hitting this bug with games that use force-feedback steering wheels under Wine/Proton. It typically shows up as EVIOCSFF ioctls failing with EINVAL, since all the effects were unexpectedly flushed.

The problem is that input_ff_flush() is called whenever a file descriptor is closed, but there can be multiple descriptors open to the same file description (through fork(), dup(), etc). input_ff_flush() removes all effects added by that file description, which the users of the other descriptors certainly don't expect.

As for the fix, maybe fd_ops->flush() shouldn’t be implemented at all?
In the current design, effects “belong” to a file description (a struct file *), not a descriptor. This seems sensible to me: a process could open a device, upload an effect, then fork(), and it makes sense that the child would have full control of the effects created by the parent. It seems to me like nothing should be done when a descriptor is closed, and input_ff_flush() should be called only when the whole struct file is released.

I’ve attached a modified copy of Mathieu’s code, which reproduces the problem for me with a Logitech G25 steering wheel.

Brendan Shanks
CodeWeavers




#include <errno.h>
#include <fcntl.h>
#include <linux/input.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>

#define DEV_PATH "/dev/input/event10"

int main(int argc, char *argv[])
{
    int fd = open(DEV_PATH, O_RDWR);
    if (fd < 0) {
        printf("Cannot open " DEV_PATH);
    }
    // Register an effect
    struct ff_effect effects;
    memset(&effects, 0, sizeof(effects));
    effects.type                      = FF_CONSTANT;
    effects.id                        = -1;
    effects.replay.length             = 1000;
    effects.replay.delay              = 0;
    if (ioctl(fd, EVIOCSFF, &effects) < 0) {
        printf("Cannot upload effect %s\n", strerror(errno));
        return -1;
    }

    int fd2 = dup(fd);
    close(fd2);

    // ioctl fails with EINVAL
    if (ioctl(fd, EVIOCSFF, &effects) < 0) {
        printf("Cannot upload effect %s\n", strerror(errno));
        return -1;
    }

    close(fd);
    return 0;
}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ