All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect
@ 2011-02-15 14:41 ` Benjamin Tissoires
  0 siblings, 0 replies; 4+ messages in thread
From: Benjamin Tissoires @ 2011-02-15 14:41 UTC (permalink / raw)
  To: Dmitry Torokhov, Benjamin Tissoires, Jiri Kosina,
	Stephane Chatty, linux-input, linux-kernel

Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
input_unregister_driver to all members of hid->inputs.
However, hidinput already has been added to hid->inputs even
though input_register_device was not called.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr>
---
Hi,

while playing with hidinput_connect, I found this bug.

Cheers,
Benjamin

 drivers/hid/hid-input.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 7f552bf..f53911d 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -928,6 +928,7 @@ int hidinput_connect(struct hid_device *hid, unsigned int force)
 	return 0;
 
 out_cleanup:
+	list_del(&hidinput->list);
 	input_free_device(hidinput->input);
 	kfree(hidinput);
 out_unwind:
-- 
1.7.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect
@ 2011-02-15 14:41 ` Benjamin Tissoires
  0 siblings, 0 replies; 4+ messages in thread
From: Benjamin Tissoires @ 2011-02-15 14:41 UTC (permalink / raw)
  To: Dmitry Torokhov, Benjamin Tissoires, Jiri Kosina,
	Stephane Chatty, linux-input

Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
input_unregister_driver to all members of hid->inputs.
However, hidinput already has been added to hid->inputs even
though input_register_device was not called.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr>
---
Hi,

while playing with hidinput_connect, I found this bug.

Cheers,
Benjamin

 drivers/hid/hid-input.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 7f552bf..f53911d 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -928,6 +928,7 @@ int hidinput_connect(struct hid_device *hid, unsigned int force)
 	return 0;
 
 out_cleanup:
+	list_del(&hidinput->list);
 	input_free_device(hidinput->input);
 	kfree(hidinput);
 out_unwind:
-- 
1.7.4


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect
  2011-02-15 14:41 ` Benjamin Tissoires
  (?)
@ 2011-02-15 16:46 ` Dmitry Torokhov
  2011-02-15 22:48   ` Jiri Kosina
  -1 siblings, 1 reply; 4+ messages in thread
From: Dmitry Torokhov @ 2011-02-15 16:46 UTC (permalink / raw)
  To: Benjamin Tissoires
  Cc: Jiri Kosina, Stephane Chatty, linux-input, linux-kernel

On Tue, Feb 15, 2011 at 03:41:10PM +0100, Benjamin Tissoires wrote:
> Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
> input_unregister_driver to all members of hid->inputs.
> However, hidinput already has been added to hid->inputs even
> though input_register_device was not called.
> 
> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr>

Yep, well spotted.

Reviewed-by: Dmitry Torokhov <dtor@mail.ru>

> ---
> Hi,
> 
> while playing with hidinput_connect, I found this bug.
> 
> Cheers,
> Benjamin
> 
>  drivers/hid/hid-input.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
> index 7f552bf..f53911d 100644
> --- a/drivers/hid/hid-input.c
> +++ b/drivers/hid/hid-input.c
> @@ -928,6 +928,7 @@ int hidinput_connect(struct hid_device *hid, unsigned int force)
>  	return 0;
>  
>  out_cleanup:
> +	list_del(&hidinput->list);
>  	input_free_device(hidinput->input);
>  	kfree(hidinput);
>  out_unwind:
> -- 
> 1.7.4
> 

-- 
Dmitry

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect
  2011-02-15 16:46 ` Dmitry Torokhov
@ 2011-02-15 22:48   ` Jiri Kosina
  0 siblings, 0 replies; 4+ messages in thread
From: Jiri Kosina @ 2011-02-15 22:48 UTC (permalink / raw)
  To: Dmitry Torokhov
  Cc: Benjamin Tissoires, Stephane Chatty, linux-input, linux-kernel

On Tue, 15 Feb 2011, Dmitry Torokhov wrote:

> > Goto out_cleanup infers a kernel oops: hidinput_disconnect calls
> > input_unregister_driver to all members of hid->inputs.
> > However, hidinput already has been added to hid->inputs even
> > though input_register_device was not called.
> > 
> > Signed-off-by: Benjamin Tissoires <benjamin.tissoires@enac.fr>
> 
> Yep, well spotted.
> 
> Reviewed-by: Dmitry Torokhov <dtor@mail.ru>

Indeed, thanks a lot for spotting this Benjamin. Apparently this codepath 
is not excercised too heavily (which is good :) ).

Applied.

-- 
Jiri Kosina
SUSE Labs, Novell Inc.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-02-15 22:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-15 14:41 [PATCH] hidinput: kernel oops in out_cleanup in function hidinput_connect Benjamin Tissoires
2011-02-15 14:41 ` Benjamin Tissoires
2011-02-15 16:46 ` Dmitry Torokhov
2011-02-15 22:48   ` Jiri Kosina

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.