* [PATCH 1/3] Input: goodix - Fix double free on managed resource
@ 2022-04-22 16:17 José Expósito
2022-04-22 16:17 ` [PATCH 2/3] HID: logitech-hidpp: " José Expósito
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: José Expósito @ 2022-04-22 16:17 UTC (permalink / raw)
To: hadess
Cc: hdegoede, dmitry.torokhov, rydberg, lains, jikos,
benjamin.tissoires, linux-input, linux-kernel,
José Expósito
As described in the documentation for devm_input_allocate_device():
Managed input devices do not need to be explicitly unregistered or
freed as it will be done automatically when owner device unbinds from
its driver (or binding fails).
However this driver was explicitly freeing the input device.
Remove the calls to input_free_device() to avoid a possible double free
error.
Fixes: 5ede7f0cfb93f ("Input: goodix - add pen support")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/input/touchscreen/goodix.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c
index 752e8ba4fecb..61eb69f3a259 100644
--- a/drivers/input/touchscreen/goodix.c
+++ b/drivers/input/touchscreen/goodix.c
@@ -308,10 +308,8 @@ static struct input_dev *goodix_create_pen_input(struct goodix_ts_data *ts)
return NULL;
input_alloc_absinfo(input);
- if (!input->absinfo) {
- input_free_device(input);
+ if (!input->absinfo)
return NULL;
- }
input->absinfo[ABS_X] = ts->input_dev->absinfo[ABS_MT_POSITION_X];
input->absinfo[ABS_Y] = ts->input_dev->absinfo[ABS_MT_POSITION_Y];
@@ -340,10 +338,8 @@ static struct input_dev *goodix_create_pen_input(struct goodix_ts_data *ts)
input->id.product = 0x1001;
input->id.version = ts->version;
- if (input_register_device(input) != 0) {
- input_free_device(input);
+ if (input_register_device(input) != 0)
return NULL;
- }
return input;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/3] HID: logitech-hidpp: Fix double free on managed resource
2022-04-22 16:17 [PATCH 1/3] Input: goodix - Fix double free on managed resource José Expósito
@ 2022-04-22 16:17 ` José Expósito
2022-04-23 11:41 ` Hans de Goede
2022-04-22 16:17 ` [PATCH 3/3] HID: wacom: " José Expósito
2022-04-23 11:34 ` [PATCH 1/3] Input: goodix - " Hans de Goede
2 siblings, 1 reply; 7+ messages in thread
From: José Expósito @ 2022-04-22 16:17 UTC (permalink / raw)
To: hadess
Cc: hdegoede, dmitry.torokhov, rydberg, lains, jikos,
benjamin.tissoires, linux-input, linux-kernel,
José Expósito
As described in the documentation for devm_input_allocate_device():
Managed input devices do not need to be explicitly unregistered or
freed as it will be done automatically when owner device unbinds from
its driver (or binding fails).
However this driver was explicitly freeing the input device, allocated
using devm_input_allocate_device() through hidpp_allocate_input().
Remove the call to input_free_device() to avoid a possible double free
error.
Fixes: c39e3d5fc9dd3 ("HID: logitech-hidpp: late bind the input device on wireless connection")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/hid-logitech-hidpp.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
index 81de88ab2ecc..9c00a781ab57 100644
--- a/drivers/hid/hid-logitech-hidpp.c
+++ b/drivers/hid/hid-logitech-hidpp.c
@@ -3957,11 +3957,7 @@ static void hidpp_connect_event(struct hidpp_device *hidpp)
}
hidpp_populate_input(hidpp, input);
-
- ret = input_register_device(input);
- if (ret)
- input_free_device(input);
-
+ input_register_device(input);
hidpp->delayed_input = input;
}
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 3/3] HID: wacom: Fix double free on managed resource
2022-04-22 16:17 [PATCH 1/3] Input: goodix - Fix double free on managed resource José Expósito
2022-04-22 16:17 ` [PATCH 2/3] HID: logitech-hidpp: " José Expósito
@ 2022-04-22 16:17 ` José Expósito
2022-04-23 11:42 ` Hans de Goede
2022-04-23 11:34 ` [PATCH 1/3] Input: goodix - " Hans de Goede
2 siblings, 1 reply; 7+ messages in thread
From: José Expósito @ 2022-04-22 16:17 UTC (permalink / raw)
To: hadess
Cc: hdegoede, dmitry.torokhov, rydberg, lains, jikos,
benjamin.tissoires, linux-input, linux-kernel,
José Expósito
As described in the documentation for devm_input_allocate_device():
Managed input devices do not need to be explicitly unregistered or
freed as it will be done automatically when owner device unbinds from
its driver (or binding fails).
However this driver was explicitly freeing the input device, allocated
using devm_input_allocate_device() through wacom_allocate_input().
Remove the calls to input_free_device() to avoid a possible double free
error.
Fixes: d2d13f18aaa51 ("Input: wacom - create a separate input device for pads")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
---
drivers/hid/wacom_sys.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
index 066c567dbaa2..164c0f7cb796 100644
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2098,7 +2098,6 @@ static int wacom_register_inputs(struct wacom *wacom)
error = wacom_setup_pen_input_capabilities(pen_input_dev, wacom_wac);
if (error) {
/* no pen in use on this interface */
- input_free_device(pen_input_dev);
wacom_wac->pen_input = NULL;
pen_input_dev = NULL;
} else {
@@ -2110,7 +2109,6 @@ static int wacom_register_inputs(struct wacom *wacom)
error = wacom_setup_touch_input_capabilities(touch_input_dev, wacom_wac);
if (error) {
/* no touch in use on this interface */
- input_free_device(touch_input_dev);
wacom_wac->touch_input = NULL;
touch_input_dev = NULL;
} else {
@@ -2122,7 +2120,6 @@ static int wacom_register_inputs(struct wacom *wacom)
error = wacom_setup_pad_input_capabilities(pad_input_dev, wacom_wac);
if (error) {
/* no pad in use on this interface */
- input_free_device(pad_input_dev);
wacom_wac->pad_input = NULL;
pad_input_dev = NULL;
} else {
--
2.25.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/3] Input: goodix - Fix double free on managed resource
2022-04-22 16:17 [PATCH 1/3] Input: goodix - Fix double free on managed resource José Expósito
2022-04-22 16:17 ` [PATCH 2/3] HID: logitech-hidpp: " José Expósito
2022-04-22 16:17 ` [PATCH 3/3] HID: wacom: " José Expósito
@ 2022-04-23 11:34 ` Hans de Goede
2 siblings, 0 replies; 7+ messages in thread
From: Hans de Goede @ 2022-04-23 11:34 UTC (permalink / raw)
To: José Expósito, hadess
Cc: dmitry.torokhov, rydberg, lains, jikos, benjamin.tissoires,
linux-input, linux-kernel
Hi José,
On 4/22/22 18:17, José Expósito wrote:
> As described in the documentation for devm_input_allocate_device():
>
> Managed input devices do not need to be explicitly unregistered or
> freed as it will be done automatically when owner device unbinds from
> its driver (or binding fails).
>
> However this driver was explicitly freeing the input device.
>
> Remove the calls to input_free_device() to avoid a possible double free
> error.
>
> Fixes: 5ede7f0cfb93f ("Input: goodix - add pen support")
> Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> ---
> drivers/input/touchscreen/goodix.c | 8 ++------
> 1 file changed, 2 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/input/touchscreen/goodix.c b/drivers/input/touchscreen/goodix.c
> index 752e8ba4fecb..61eb69f3a259 100644
> --- a/drivers/input/touchscreen/goodix.c
> +++ b/drivers/input/touchscreen/goodix.c
> @@ -308,10 +308,8 @@ static struct input_dev *goodix_create_pen_input(struct goodix_ts_data *ts)
> return NULL;
>
> input_alloc_absinfo(input);
> - if (!input->absinfo) {
> - input_free_device(input);
> + if (!input->absinfo)
> return NULL;
> - }
>
> input->absinfo[ABS_X] = ts->input_dev->absinfo[ABS_MT_POSITION_X];
> input->absinfo[ABS_Y] = ts->input_dev->absinfo[ABS_MT_POSITION_Y];
I don't know what tree you've based this on, but the above code has been replaced
with the new input_copy_abs helper in Linus' current master branch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/input/touchscreen/goodix.c#n310
> @@ -340,10 +338,8 @@ static struct input_dev *goodix_create_pen_input(struct goodix_ts_data *ts)
> input->id.product = 0x1001;
> input->id.version = ts->version;
>
> - if (input_register_device(input) != 0) {
> - input_free_device(input);
> + if (input_register_device(input) != 0)
> return NULL;
> - }
>
> return input;
> }
And this code has also already been fixed, so this patch can be dropped.
Regards,
Hans
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] HID: logitech-hidpp: Fix double free on managed resource
2022-04-22 16:17 ` [PATCH 2/3] HID: logitech-hidpp: " José Expósito
@ 2022-04-23 11:41 ` Hans de Goede
2022-04-23 15:02 ` José Expósito
0 siblings, 1 reply; 7+ messages in thread
From: Hans de Goede @ 2022-04-23 11:41 UTC (permalink / raw)
To: José Expósito, hadess
Cc: dmitry.torokhov, rydberg, lains, jikos, benjamin.tissoires,
linux-input, linux-kernel
Hi,
On 4/22/22 18:17, José Expósito wrote:
> As described in the documentation for devm_input_allocate_device():
>
> Managed input devices do not need to be explicitly unregistered or
> freed as it will be done automatically when owner device unbinds from
> its driver (or binding fails).
>
> However this driver was explicitly freeing the input device, allocated
> using devm_input_allocate_device() through hidpp_allocate_input().
>
> Remove the call to input_free_device() to avoid a possible double free
> error.
Actually calling input_free_device() on a devm allocated input device
is fine. The input subsystem has chosen to not have a
separate devm_input_free_device(), instead input_free_device() knows
if a device is allocated through devm and then also frees the devres
tied to it:
void input_free_device(struct input_dev *dev)
{
if (dev) {
if (dev->devres_managed)
WARN_ON(devres_destroy(dev->dev.parent,
devm_input_device_release,
devm_input_device_match,
dev));
input_put_device(dev);
}
}
>
> Fixes: c39e3d5fc9dd3 ("HID: logitech-hidpp: late bind the input device on wireless connection")
> Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> ---
> drivers/hid/hid-logitech-hidpp.c | 6 +-----
> 1 file changed, 1 insertion(+), 5 deletions(-)
>
> diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
> index 81de88ab2ecc..9c00a781ab57 100644
> --- a/drivers/hid/hid-logitech-hidpp.c
> +++ b/drivers/hid/hid-logitech-hidpp.c
> @@ -3957,11 +3957,7 @@ static void hidpp_connect_event(struct hidpp_device *hidpp)
> }
>
> hidpp_populate_input(hidpp, input);
> -
> - ret = input_register_device(input);
> - if (ret)
> - input_free_device(input);
> -
The original code does look wrong there though, since the input device
is free-ed it should not be stored in hidpp->delayed_input, so this should be comes:
ret = input_register_device(input);
if (ret) {
input_free_device(input);
return;
}
Regards,
Hans
> hidpp->delayed_input = input;
> }
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 3/3] HID: wacom: Fix double free on managed resource
2022-04-22 16:17 ` [PATCH 3/3] HID: wacom: " José Expósito
@ 2022-04-23 11:42 ` Hans de Goede
0 siblings, 0 replies; 7+ messages in thread
From: Hans de Goede @ 2022-04-23 11:42 UTC (permalink / raw)
To: José Expósito, hadess
Cc: dmitry.torokhov, rydberg, lains, jikos, benjamin.tissoires,
linux-input, linux-kernel
Hi,
On 4/22/22 18:17, José Expósito wrote:
> As described in the documentation for devm_input_allocate_device():
>
> Managed input devices do not need to be explicitly unregistered or
> freed as it will be done automatically when owner device unbinds from
> its driver (or binding fails).
>
> However this driver was explicitly freeing the input device, allocated
> using devm_input_allocate_device() through wacom_allocate_input().
>
> Remove the calls to input_free_device() to avoid a possible double free
> error.
Actually calling input_free_device() on a devm allocated input device
is fine. The input subsystem has chosen to not have a
separate devm_input_free_device(), instead input_free_device() knows
if a device is allocated through devm and then also frees the devres
tied to it:
void input_free_device(struct input_dev *dev)
{
if (dev) {
if (dev->devres_managed)
WARN_ON(devres_destroy(dev->dev.parent,
devm_input_device_release,
devm_input_device_match,
dev));
input_put_device(dev);
}
}
So there is no need for this patch.
Regards,
Hans
>
> Fixes: d2d13f18aaa51 ("Input: wacom - create a separate input device for pads")
> Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> ---
> drivers/hid/wacom_sys.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/drivers/hid/wacom_sys.c b/drivers/hid/wacom_sys.c
> index 066c567dbaa2..164c0f7cb796 100644
> --- a/drivers/hid/wacom_sys.c
> +++ b/drivers/hid/wacom_sys.c
> @@ -2098,7 +2098,6 @@ static int wacom_register_inputs(struct wacom *wacom)
> error = wacom_setup_pen_input_capabilities(pen_input_dev, wacom_wac);
> if (error) {
> /* no pen in use on this interface */
> - input_free_device(pen_input_dev);
> wacom_wac->pen_input = NULL;
> pen_input_dev = NULL;
> } else {
> @@ -2110,7 +2109,6 @@ static int wacom_register_inputs(struct wacom *wacom)
> error = wacom_setup_touch_input_capabilities(touch_input_dev, wacom_wac);
> if (error) {
> /* no touch in use on this interface */
> - input_free_device(touch_input_dev);
> wacom_wac->touch_input = NULL;
> touch_input_dev = NULL;
> } else {
> @@ -2122,7 +2120,6 @@ static int wacom_register_inputs(struct wacom *wacom)
> error = wacom_setup_pad_input_capabilities(pad_input_dev, wacom_wac);
> if (error) {
> /* no pad in use on this interface */
> - input_free_device(pad_input_dev);
> wacom_wac->pad_input = NULL;
> pad_input_dev = NULL;
> } else {
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/3] HID: logitech-hidpp: Fix double free on managed resource
2022-04-23 11:41 ` Hans de Goede
@ 2022-04-23 15:02 ` José Expósito
0 siblings, 0 replies; 7+ messages in thread
From: José Expósito @ 2022-04-23 15:02 UTC (permalink / raw)
To: Hans de Goede
Cc: hadess, dmitry.torokhov, rydberg, lains, jikos,
benjamin.tissoires, linux-input, linux-kernel
On Sat, Apr 23, 2022 at 01:41:30PM +0200, Hans de Goede wrote:
> Hi,
>
> On 4/22/22 18:17, José Expósito wrote:
> > As described in the documentation for devm_input_allocate_device():
> >
> > Managed input devices do not need to be explicitly unregistered or
> > freed as it will be done automatically when owner device unbinds from
> > its driver (or binding fails).
> >
> > However this driver was explicitly freeing the input device, allocated
> > using devm_input_allocate_device() through hidpp_allocate_input().
> >
> > Remove the call to input_free_device() to avoid a possible double free
> > error.
>
> Actually calling input_free_device() on a devm allocated input device
> is fine. The input subsystem has chosen to not have a
> separate devm_input_free_device(), instead input_free_device() knows
> if a device is allocated through devm and then also frees the devres
> tied to it:
>
> void input_free_device(struct input_dev *dev)
> {
> if (dev) {
> if (dev->devres_managed)
> WARN_ON(devres_destroy(dev->dev.parent,
> devm_input_device_release,
> devm_input_device_match,
> dev));
> input_put_device(dev);
> }
> }
Hi Hans,
Thanks for the code review.
Obviously, I completely misunderstood these functions, my bad.
Thanks for the explanation.
Please ignore the patchset.
Jose
> >
> > Fixes: c39e3d5fc9dd3 ("HID: logitech-hidpp: late bind the input device on wireless connection")
> > Signed-off-by: José Expósito <jose.exposito89@gmail.com>
> > ---
> > drivers/hid/hid-logitech-hidpp.c | 6 +-----
> > 1 file changed, 1 insertion(+), 5 deletions(-)
> >
> > diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
> > index 81de88ab2ecc..9c00a781ab57 100644
> > --- a/drivers/hid/hid-logitech-hidpp.c
> > +++ b/drivers/hid/hid-logitech-hidpp.c
> > @@ -3957,11 +3957,7 @@ static void hidpp_connect_event(struct hidpp_device *hidpp)
> > }
> >
> > hidpp_populate_input(hidpp, input);
> > -
> > - ret = input_register_device(input);
> > - if (ret)
> > - input_free_device(input);
> > -
>
> The original code does look wrong there though, since the input device
> is free-ed it should not be stored in hidpp->delayed_input, so this should be comes:
>
> ret = input_register_device(input);
> if (ret) {
> input_free_device(input);
> return;
> }
>
>
> Regards,
>
> Hans
>
>
> > hidpp->delayed_input = input;
> > }
> >
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-04-23 15:02 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-22 16:17 [PATCH 1/3] Input: goodix - Fix double free on managed resource José Expósito
2022-04-22 16:17 ` [PATCH 2/3] HID: logitech-hidpp: " José Expósito
2022-04-23 11:41 ` Hans de Goede
2022-04-23 15:02 ` José Expósito
2022-04-22 16:17 ` [PATCH 3/3] HID: wacom: " José Expósito
2022-04-23 11:42 ` Hans de Goede
2022-04-23 11:34 ` [PATCH 1/3] Input: goodix - " Hans de Goede
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).