From: emard@softhome.net
To: linux-kernel@vger.kernel.org
Subject: uinput crash and fix
Date: Sat, 15 Oct 2005 23:29:12 +0200 [thread overview]
Message-ID: <20051015212911.GA25752@tink> (raw)
HI
During some begginer's fiddling with uinput it
wasn't too difficult to obtain a hard kernel freeze:
CPU: 1
EIP: 0060:[<f90310ff>] Tainted: P VLI
EFLAGS: 00210246 (2.6.13.4)
EIP is at uinput_request_done+0x14/0x3e [uinput]
eax: e2d72000 ebx: e2d73ea4 ecx: ea9e7020 edx: c17efa80
esi: dcbf8400 edi: 400c55cb ebp: dcbf8400 esp: c47bdee0
ds: 007b es: 007b ss: 0068
Process ifeel (pid: 10855, threadinfo=c47bc000 task=dcb2e520)
Stack: c4b45980 b7f3c3b4 f9031db7 dcbf8400 e2d73ea4 0000000c 00000001 00000000
00000000 00000003 00200002 da41e00c 00200202 00000021 00200002 c02ed08d
00000000 d9bcabec 00200202 c02edf2f da41e00c 00000002 00000000 00000000
Call Trace:
[<f9031db7>] uinput_ioctl+0x2fa/0x49b [uinput]
[<c02ed08d>] tty_ldisc_deref+0x48/0x71
[<c02edf2f>] tty_write+0x1cc/0x21e
[<c0170688>] do_ioctl+0x78/0x81
[<c0170813>] vfs_ioctl+0x5a/0x1f1
[<c01709e6>] sys_ioctl+0x3c/0x5a
[<c0102e39>] syscall_call+0x7/0xb
Code: 8b 54 24 08 31 c0 83 fa 0f 77 0b 8b 44 24 04 8b 84 90 1c 01 00 00 c3 56 53 8b 74 24 0c 8b 5c 24 10 8d 43 0c e8 26 a7 0e c7 8b 03 <c7> 84 86 1c 01 00 00 00 00 00 00 8d 86 5c 01 00 00 c7 44 24 0c
and I think this patch fixes this:
--- linux-2.6.13.4/drivers/input/misc/uinput.c.orig 2005-10-15 10:09:38.000000000 +0200
+++ linux-2.6.13.4/drivers/input/misc/uinput.c 2005-10-15 10:19:54.000000000 +0200
@@ -517,7 +517,11 @@ static int uinput_ioctl(struct inode *in
break;
}
req = uinput_request_find(udev, ff_up.request_id);
- if (!(req && req->code == UI_FF_UPLOAD && req->u.effect)) {
+ if (!req) {
+ retval = -EINVAL;
+ break;
+ }
+ if (!(req->code == UI_FF_UPLOAD && req->u.effect)) {
retval = -EINVAL;
break;
}
@@ -535,7 +539,11 @@ static int uinput_ioctl(struct inode *in
break;
}
req = uinput_request_find(udev, ff_erase.request_id);
- if (!(req && req->code == UI_FF_ERASE)) {
+ if (!req) {
+ retval = -EINVAL;
+ break;
+ }
+ if (!(req->code == UI_FF_ERASE)) {
retval = -EINVAL;
break;
}
@@ -553,7 +561,11 @@ static int uinput_ioctl(struct inode *in
break;
}
req = uinput_request_find(udev, ff_up.request_id);
- if (!(req && req->code == UI_FF_UPLOAD && req->u.effect)) {
+ if (!req) {
+ retval = -EINVAL;
+ break;
+ }
+ if (!(req->code == UI_FF_UPLOAD && req->u.effect)) {
retval = -EINVAL;
break;
}
@@ -568,7 +580,11 @@ static int uinput_ioctl(struct inode *in
break;
}
req = uinput_request_find(udev, ff_erase.request_id);
- if (!(req && req->code == UI_FF_ERASE)) {
+ if (!req) {
+ retval = -EINVAL;
+ break;
+ }
+ if (!(req->code == UI_FF_ERASE)) {
retval = -EINVAL;
break;
}
next reply other threads:[~2005-10-15 21:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-15 21:29 emard [this message]
2005-10-15 22:01 ` uinput crash and fix Mattia Dongili
2005-10-15 22:48 ` Mattia Dongili
2005-10-15 22:51 ` emard
2005-10-16 11:51 ` uinput crash and NO FIX YET emard
2005-10-16 21:12 ` emard
2005-10-16 22:06 ` [PATCH] uinput crash maybe this is the FIX emard
2005-10-17 5:55 ` Dmitry Torokhov
2005-10-17 7:16 ` emard
2005-10-17 21:28 ` Let this uinput patch go to 2.6.14 emard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051015212911.GA25752@tink \
--to=emard@softhome.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.