Message ID | 1436378929-65748-1-git-send-email-aksgarg1989@gmail.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Hi! The currently upstream version of this patch actually breaks uinput, and causes the kernel to panic when attempting to run it under qemu using spice. Here's a backtrace from kdb: Stack traceback for pid 656 0xffff8800babed480 656 1 1 2 R 0xffff8800babefa80 *spice-vdagentd ffff88013747bd58 0000000000000018 ffff88013747bd80 ffff8800b7977000 0000000000000003 0000000000000001 0000000000000001 ffff8800b7977240 ffff88013747bdc0 ffffffff8163f449 0000000000000286 0000000000000018 Call Trace: [<ffffffff8163f449>] ? input_event+0x59/0x80 [<ffffffffa0509234>] ? uinput_write+0x154/0x460 [uinput] [<ffffffffa00e704d>] ? port_fops_read+0xfd/0x1f0 [virtio_console] [<ffffffff81261627>] ? __vfs_write+0x37/0x100 [<ffffffff81261ff9>] ? vfs_write+0xa9/0x1a0 [<ffffffff81283386>] ? __fget_light+0x66/0x90 [<ffffffff81262cf8>] ? SyS_write+0x58/0xd0 [<ffffffff81833c72>] ? entry_SYSCALL_64_fastpath+0x12/0x76 And the relevant messages from dmesg: <1>[ 15.064330] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024 <1>[ 15.064336] IP: [<ffffffff8163f142>] input_handle_event+0x232/0x4e0 <4>[ 15.064343] PGD 0 <4>[ 15.064345] Oops: 0000 [#1] SMP The steps for reproducing this are pretty simple: setup a Fedora 22 VM, build the latest kernel and install it with make install, and try to boot the machine and use it over spice with qemu. After moving the cursor it'll run into a NULL dereference and panic. I've tested reverting this commit, and that fixes the NULL dereference completely. I'm willing to git send-email you the revert if wish. Cheers, Lyude -- To unsubscribe from this list: send the line "unsubscribe linux-input" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/input/ff-core.c b/drivers/input/ff-core.c index 8f4a30fc..c642082 100644 --- a/drivers/input/ff-core.c +++ b/drivers/input/ff-core.c @@ -343,9 +343,8 @@ int input_ff_create(struct input_dev *dev, unsigned int max_effects) __set_bit(EV_FF, dev->evbit); /* Copy "true" bits into ff device bitmap */ - for (i = 0; i <= FF_MAX; i++) - if (test_bit(i, dev->ffbit)) - __set_bit(i, ff->ffbit); + for_each_set_bit(i, dev->ffbit, FF_CNT) + __set_bit(i, ff->ffbit); /* we can emulate RUMBLE with periodic effects */ if (test_bit(FF_PERIODIC, ff->ffbit)) diff --git a/drivers/input/joydev.c b/drivers/input/joydev.c index f362883..4686260 100644 --- a/drivers/input/joydev.c +++ b/drivers/input/joydev.c @@ -798,12 +798,11 @@ static int joydev_connect(struct input_handler *handler, struct input_dev *dev, joydev->handle.handler = handler; joydev->handle.private = joydev; - for (i = 0; i < ABS_CNT; i++) - if (test_bit(i, dev->absbit)) { - joydev->absmap[i] = joydev->nabs; - joydev->abspam[joydev->nabs] = i; - joydev->nabs++; - } + for_each_set_bit(i, dev->absbit, ABS_CNT) { + joydev->absmap[i] = joydev->nabs; + joydev->abspam[joydev->nabs] = i; + joydev->nabs++; + } for (i = BTN_JOYSTICK - BTN_MISC; i < KEY_MAX - BTN_MISC + 1; i++) if (test_bit(i + BTN_MISC, dev->keybit)) {
Use for_each_set_bit to check for set bits in bitmap as it is more efficient than checking individual bits. Signed-off-by: Anshul Garg <aksgarg1989@gmail.com> --- drivers/input/ff-core.c | 5 ++--- drivers/input/joydev.c | 11 +++++------ 2 files changed, 7 insertions(+), 9 deletions(-)