summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Mack <zonque@gmail.com>2010-10-18 08:43:30 -0700
committerDmitry Torokhov <dmitry.torokhov@gmail.com>2010-10-18 08:45:02 -0700
commit0a74a1df3c13655b66b1908d76f2159654216326 (patch)
treefaaafb23d29b7675d04e6108fb117b01e74acbc7
parentca047fedd89bbb4b79b61e0656a7b799e4e45e6d (diff)
downloadlinux-0a74a1df3c13655b66b1908d76f2159654216326.tar.bz2
Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS
This fixes a regression introduced by the dynamic allocation of absinfo for input devices. We need to bail out early for input devices which don't have absolute axis. [ 929.664303] Pid: 2989, comm: input Not tainted 2.6.36-rc8+ #14 MS-7260/MS-7260 [ 929.664318] EIP: 0060:[<c12bdc01>] EFLAGS: 00010246 CPU: 0 [ 929.664331] EIP is at evdev_ioctl+0x4f8/0x59f [ 929.664341] EAX: 00000040 EBX: 00000000 ECX: 00000006 EDX: f45a1efc [ 929.664355] ESI: 00000000 EDI: f45a1efc EBP: f45a1f24 ESP: f45a1eb8 [ 929.664369] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 [ 929.664402] f470da74 f6a30e78 f462c240 00000018 bfe4a260 00000000 f45b06fc 00000000 [ 929.664429] <0> 000000c4 b769d000 c3544620 f470da74 f45b06fc f45b06fc f45a1f38 c107dd1f [ 929.664458] <0> f4710b74 000000c4 00000000 00000000 00000000 0000029d 00000a74 f4710b74 [ 929.664500] [<c107dd1f>] ? handle_mm_fault+0x2be/0x59a [ 929.664513] [<c12bd709>] ? evdev_ioctl+0x0/0x59f [ 929.664524] [<c1099d30>] ? do_vfs_ioctl+0x494/0x4d9 [ 929.664538] [<c10432a1>] ? up_read+0x16/0x29 [ 929.664550] [<c101c818>] ? do_page_fault+0x2ff/0x32d [ 929.664564] [<c108d048>] ? do_sys_open+0xc5/0xcf [ 929.664575] [<c1099db6>] ? sys_ioctl+0x41/0x61 [ 929.664587] [<c1002710>] ? sysenter_do_call+0x12/0x36 [ 929.684570] ---[ end trace 11b83e923bd8f2bb ]--- Signed-off-by: Daniel Mack <zonque@gmail.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
-rw-r--r--drivers/input/evdev.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
index c908c5f83645..afb64cf3748d 100644
--- a/drivers/input/evdev.c
+++ b/drivers/input/evdev.c
@@ -669,6 +669,9 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCGABS(0))) {
+ if (!dev->absinfo)
+ return -EINVAL;
+
t = _IOC_NR(cmd) & ABS_MAX;
abs = dev->absinfo[t];
@@ -684,6 +687,9 @@ static long evdev_do_ioctl(struct file *file, unsigned int cmd,
if ((_IOC_NR(cmd) & ~ABS_MAX) == _IOC_NR(EVIOCSABS(0))) {
+ if (!dev->absinfo)
+ return -EINVAL;
+
t = _IOC_NR(cmd) & ABS_MAX;
if (copy_from_user(&abs, p, min_t(size_t,