From: "Henrik Rydberg" <rydberg@euromail.se>
To: Peter Korsgaard <jacmet@sunsite.dk>
Cc: dmitry.torokhov@gmail.com, linux-input@vger.kernel.org,
baruch@tkos.co.il
Subject: Re: [PATCHv2] evdev: fix evdev_write return value on partial writes
Date: Thu, 27 Jan 2011 12:02:55 +0100 [thread overview]
Message-ID: <20110127110255.GA15159@polaris.bitmath.org> (raw)
In-Reply-To: <1296122607-9526-1-git-send-email-jacmet@sunsite.dk>
Hi Peter,
> As was recently brought up on the busybox list
> (http://lists.busybox.net/pipermail/busybox/2011-January/074565.html),
> evdev_write doesn't properly check the count argument, which will
> lead to a return value > count on partial writes if the remaining bytes
> are accessible - Causing userspace confusion.
>
> Fix it by only handling each full input_event structure and return -EINVAL
> if less than 1 struct was written, similar to how it is done in evdev_read.
>
> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Why not add the Reported-by here yourself?
> @@ -321,6 +321,9 @@ static ssize_t evdev_write(struct file *file, const char __user *buffer,
> struct input_event event;
> int retval;
>
> + if (count < input_event_size())
> + return -EINVAL;
> +
This assumes that write will only ever be called with sufficient
data. It is not an error to write (and report) less data than
specified, so perhaps the above will yield unpleasant surprises.
> retval = mutex_lock_interruptible(&evdev->mutex);
> if (retval)
> return retval;
> @@ -330,7 +333,7 @@ static ssize_t evdev_write(struct file *file, const char __user *buffer,
> goto out;
> }
>
> - while (retval < count) {
> + while ((retval + input_event_size()) <= count) {
Too many parenthesis.
>
> if (input_event_from_user(buffer + retval, &event)) {
> retval = -EFAULT;
Thanks,
Henrik
next prev parent reply other threads:[~2011-01-27 11:02 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-27 10:03 [PATCHv2] evdev: fix evdev_write return value on partial writes Peter Korsgaard
2011-01-27 11:02 ` Henrik Rydberg [this message]
2011-01-27 11:21 ` Peter Korsgaard
2011-01-27 11:26 ` Baruch Siach
2011-01-27 11:29 ` Peter Korsgaard
2011-01-27 11:47 ` Henrik Rydberg
2011-01-27 12:04 ` Peter Korsgaard
2011-01-27 12:26 ` Henrik Rydberg
2011-01-27 12:43 ` Peter Korsgaard
2011-02-04 8:46 ` Dmitry Torokhov
2011-02-04 10:24 ` Henrik Rydberg
2011-02-04 11:00 ` Peter Korsgaard
2011-02-04 11:23 ` Henrik Rydberg
2011-02-04 17:15 ` Dmitry Torokhov
2011-02-04 17:22 ` Henrik Rydberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110127110255.GA15159@polaris.bitmath.org \
--to=rydberg@euromail.se \
--cc=baruch@tkos.co.il \
--cc=dmitry.torokhov@gmail.com \
--cc=jacmet@sunsite.dk \
--cc=linux-input@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).