mirror of
https://github.com/torvalds/linux.git
synced 2024-12-18 00:53:40 +00:00
HID: hidraw: add proper error handling to raw event reporting
If kmemdup() in hidraw_report_event() fails, we are not propagating this fact properly. Let hidraw_report_event() and hid_report_raw_event() return an error value to the caller. Reported-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This commit is contained in:
Jiri Kosina
parent
d4f0e4daf0
commit
b6787242f3
@ -1032,7 +1032,7 @@ static struct hid_report *hid_get_report(struct hid_report_enum *report_enum,
|
|||||||
return report;
|
return report;
|
||||||
}
|
}
|
||||||
|
|
||||||
void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
||||||
int interrupt)
|
int interrupt)
|
||||||
{
|
{
|
||||||
struct hid_report_enum *report_enum = hid->report_enum + type;
|
struct hid_report_enum *report_enum = hid->report_enum + type;
|
||||||
@ -1040,10 +1040,11 @@ void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
|||||||
unsigned int a;
|
unsigned int a;
|
||||||
int rsize, csize = size;
|
int rsize, csize = size;
|
||||||
u8 *cdata = data;
|
u8 *cdata = data;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
report = hid_get_report(report_enum, data);
|
report = hid_get_report(report_enum, data);
|
||||||
if (!report)
|
if (!report)
|
||||||
return;
|
goto out;
|
||||||
|
|
||||||
if (report_enum->numbered) {
|
if (report_enum->numbered) {
|
||||||
cdata++;
|
cdata++;
|
||||||
@ -1063,14 +1064,19 @@ void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
|||||||
|
|
||||||
if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
|
if ((hid->claimed & HID_CLAIMED_HIDDEV) && hid->hiddev_report_event)
|
||||||
hid->hiddev_report_event(hid, report);
|
hid->hiddev_report_event(hid, report);
|
||||||
if (hid->claimed & HID_CLAIMED_HIDRAW)
|
if (hid->claimed & HID_CLAIMED_HIDRAW) {
|
||||||
hidraw_report_event(hid, data, size);
|
ret = hidraw_report_event(hid, data, size);
|
||||||
|
if (ret)
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
for (a = 0; a < report->maxfield; a++)
|
for (a = 0; a < report->maxfield; a++)
|
||||||
hid_input_field(hid, report->field[a], cdata, interrupt);
|
hid_input_field(hid, report->field[a], cdata, interrupt);
|
||||||
|
|
||||||
if (hid->claimed & HID_CLAIMED_INPUT)
|
if (hid->claimed & HID_CLAIMED_INPUT)
|
||||||
hidinput_report_event(hid, report);
|
hidinput_report_event(hid, report);
|
||||||
|
out:
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(hid_report_raw_event);
|
EXPORT_SYMBOL_GPL(hid_report_raw_event);
|
||||||
|
|
||||||
@ -1147,7 +1153,7 @@ nomem:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
hid_report_raw_event(hid, type, data, size, interrupt);
|
ret = hid_report_raw_event(hid, type, data, size, interrupt);
|
||||||
|
|
||||||
unlock:
|
unlock:
|
||||||
up(&hid->driver_lock);
|
up(&hid->driver_lock);
|
||||||
|
|||||||
@ -87,11 +87,13 @@ static ssize_t hidraw_read(struct file *file, char __user *buffer, size_t count,
|
|||||||
len = list->buffer[list->tail].len > count ?
|
len = list->buffer[list->tail].len > count ?
|
||||||
count : list->buffer[list->tail].len;
|
count : list->buffer[list->tail].len;
|
||||||
|
|
||||||
if (copy_to_user(buffer, list->buffer[list->tail].value, len)) {
|
if (list->buffer[list->tail].value) {
|
||||||
ret = -EFAULT;
|
if (copy_to_user(buffer, list->buffer[list->tail].value, len)) {
|
||||||
goto out;
|
ret = -EFAULT;
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
ret = len;
|
||||||
}
|
}
|
||||||
ret = len;
|
|
||||||
|
|
||||||
kfree(list->buffer[list->tail].value);
|
kfree(list->buffer[list->tail].value);
|
||||||
list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1);
|
list->tail = (list->tail + 1) & (HIDRAW_BUFFER_SIZE - 1);
|
||||||
@ -437,19 +439,24 @@ static const struct file_operations hidraw_ops = {
|
|||||||
.llseek = noop_llseek,
|
.llseek = noop_llseek,
|
||||||
};
|
};
|
||||||
|
|
||||||
void hidraw_report_event(struct hid_device *hid, u8 *data, int len)
|
int hidraw_report_event(struct hid_device *hid, u8 *data, int len)
|
||||||
{
|
{
|
||||||
struct hidraw *dev = hid->hidraw;
|
struct hidraw *dev = hid->hidraw;
|
||||||
struct hidraw_list *list;
|
struct hidraw_list *list;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
list_for_each_entry(list, &dev->list, node) {
|
list_for_each_entry(list, &dev->list, node) {
|
||||||
list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC);
|
if (!(list->buffer[list->head].value = kmemdup(data, len, GFP_ATOMIC))) {
|
||||||
|
ret = -ENOMEM;
|
||||||
|
break;
|
||||||
|
}
|
||||||
list->buffer[list->head].len = len;
|
list->buffer[list->head].len = len;
|
||||||
list->head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
|
list->head = (list->head + 1) & (HIDRAW_BUFFER_SIZE - 1);
|
||||||
kill_fasync(&list->fasync, SIGIO, POLL_IN);
|
kill_fasync(&list->fasync, SIGIO, POLL_IN);
|
||||||
}
|
}
|
||||||
|
|
||||||
wake_up_interruptible(&dev->wait);
|
wake_up_interruptible(&dev->wait);
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(hidraw_report_event);
|
EXPORT_SYMBOL_GPL(hidraw_report_event);
|
||||||
|
|
||||||
|
|||||||
@ -896,7 +896,7 @@ static inline int hid_hw_power(struct hid_device *hdev, int level)
|
|||||||
return hdev->ll_driver->power ? hdev->ll_driver->power(hdev, level) : 0;
|
return hdev->ll_driver->power ? hdev->ll_driver->power(hdev, level) : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, int size,
|
||||||
int interrupt);
|
int interrupt);
|
||||||
|
|
||||||
extern int hid_generic_init(void);
|
extern int hid_generic_init(void);
|
||||||
|
|||||||
@ -76,13 +76,13 @@ struct hidraw_list {
|
|||||||
#ifdef CONFIG_HIDRAW
|
#ifdef CONFIG_HIDRAW
|
||||||
int hidraw_init(void);
|
int hidraw_init(void);
|
||||||
void hidraw_exit(void);
|
void hidraw_exit(void);
|
||||||
void hidraw_report_event(struct hid_device *, u8 *, int);
|
int hidraw_report_event(struct hid_device *, u8 *, int);
|
||||||
int hidraw_connect(struct hid_device *);
|
int hidraw_connect(struct hid_device *);
|
||||||
void hidraw_disconnect(struct hid_device *);
|
void hidraw_disconnect(struct hid_device *);
|
||||||
#else
|
#else
|
||||||
static inline int hidraw_init(void) { return 0; }
|
static inline int hidraw_init(void) { return 0; }
|
||||||
static inline void hidraw_exit(void) { }
|
static inline void hidraw_exit(void) { }
|
||||||
static inline void hidraw_report_event(struct hid_device *hid, u8 *data, int len) { }
|
static inline int hidraw_report_event(struct hid_device *hid, u8 *data, int len) { }
|
||||||
static inline int hidraw_connect(struct hid_device *hid) { return -1; }
|
static inline int hidraw_connect(struct hid_device *hid) { return -1; }
|
||||||
static inline void hidraw_disconnect(struct hid_device *hid) { }
|
static inline void hidraw_disconnect(struct hid_device *hid) { }
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user