From: Dan Carpenter <error27@gmail.com>
To: Dongliang Mu <dzm91@hust.edu.cn>, Vicki Pfau <vi@endrift.com>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Pavel Rojtberg <rojtberg@gmail.com>, Nate Yocom <nate@yocom.org>,
Mattijs Korpershoek <mkorpershoek@baylibre.com>,
John Butler <radon86dev@gmail.com>,
Matthias Benkmann <matthias.benkmann@gmail.com>,
Christopher Crockett <chaorace@gmail.com>,
Santosh De Massari <s.demassari@gmail.com>,
hust-os-kernel-patches@googlegroups.com,
syzbot+a3f758b8d8cb7e49afec@syzkaller.appspotmail.com,
"Pierre-Loup A. Griffais" <pgriffais@valvesoftware.com>,
linux-input@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Input: xpad - fix GPF in xpad_probe
Date: Mon, 17 Apr 2023 12:25:21 +0300 [thread overview]
Message-ID: <c3e0823b-2b03-4dab-b7cb-a8bc5151f0b1@kili.mountain> (raw)
In-Reply-To: <20230414125603.686123-1-dzm91@hust.edu.cn>
On Fri, Apr 14, 2023 at 08:55:47PM +0800, Dongliang Mu wrote:
> In xpad_probe(), it does not allocate xpad->dev with input_dev type.
> Then, when it invokes dev_warn with 1st argument - &xpad->dev->dev, it
> would trigger GPF.
What is a call tree for this? Actually I found it from the bug report.
drivers/input/joystick/xpad.c
2034 if (error)
2035 dev_warn(&xpad->dev->dev,
2036 "unable to receive magic message: %d\n",
2037 error);
2038 }
>
> Fix this by allocating xpad->dev, its error handling and cleanup
> operations in the remove function.
>
> Note that this crash does not have any reproducer, so the patch
> only passes compilation testing.
The xpad->dev = input_dev; already happens in xpad_init_input(). We
shouldn't allocate it twice. I think the fix is to just use a different
device pointer for the dev_warn(). Why not use &xpad->intf->dev?
>
> Reported-by: syzbot+a3f758b8d8cb7e49afec@syzkaller.appspotmail.com
Could you use a Link tag to link to the bug report?
Link: https://groups.google.com/g/syzkaller-bugs/c/iMhTgpGuIbM
This needs a Fixes tag.
Fixes: db7220c48d8d ("Input: xpad - fix support for some third-party controllers")
regards,
dan carpenter
next prev parent reply other threads:[~2023-04-17 9:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-14 12:55 [PATCH] Input: xpad - fix GPF in xpad_probe Dongliang Mu
2023-04-17 9:25 ` Dan Carpenter [this message]
[not found] ` <99794af0-7367-acff-357d-1cd4fa7f832e@hust.edu.cn>
2023-04-17 10:24 ` Vicki Pfau
[not found] ` <57577302-8d18-231f-062b-b1d262720943@hust.edu.cn>
2023-04-17 11:07 ` Vicki Pfau
2023-04-17 11:15 ` Dongliang Mu
2023-04-17 10:42 ` Dan Carpenter
2023-04-20 11:07 ` Dan Carpenter
2023-04-22 19:48 ` Dan Carpenter
2023-04-22 19:56 ` Dan Carpenter
2023-04-23 2:33 ` Dongliang Mu
2023-05-02 10:34 ` Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2023-08-14 21:12 Claudia De-Massari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c3e0823b-2b03-4dab-b7cb-a8bc5151f0b1@kili.mountain \
--to=error27@gmail.com \
--cc=chaorace@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dzm91@hust.edu.cn \
--cc=hust-os-kernel-patches@googlegroups.com \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthias.benkmann@gmail.com \
--cc=mkorpershoek@baylibre.com \
--cc=nate@yocom.org \
--cc=pgriffais@valvesoftware.com \
--cc=radon86dev@gmail.com \
--cc=rojtberg@gmail.com \
--cc=s.demassari@gmail.com \
--cc=syzbot+a3f758b8d8cb7e49afec@syzkaller.appspotmail.com \
--cc=vi@endrift.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox