From patchwork Sun Mar 20 03:25:37 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Jeff LaBundy <jeff@labundy.com>
X-Patchwork-Id: 12786407
Return-Path: <linux-input-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CBA10C433EF
	for <linux-input@archiver.kernel.org>; Sun, 20 Mar 2022 03:26:26 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234035AbiCTD1p (ORCPT <rfc822;linux-input@archiver.kernel.org>);
        Sat, 19 Mar 2022 23:27:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35682 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231244AbiCTD1o (ORCPT
        <rfc822;linux-input@vger.kernel.org>);
        Sat, 19 Mar 2022 23:27:44 -0400
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
 (mail-bn8nam12on2073.outbound.protection.outlook.com [40.107.237.73])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A90CEDEC8
        for <linux-input@vger.kernel.org>;
 Sat, 19 Mar 2022 20:26:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=f0htjbRp/g8+92v7zuS0Z2YOmKT7xkAwn1uNedD+PX2lJY1v8i8XzZC8bpYAKSTYwZd+6MHSNjNw61CfeBKCwp6E0tpNBhV6iOyifhL16uuF8Z2gAwI952zAEM866oBdS+/AxfcMzYkOWHgX9tLLFk5AtymaB9hHIqZ0hCIEBnUfwewhOWvcgqdn16uR0eB3bUOlj5bqnqejU4uKL55ak3fNJXKdPuU5lvOS2u972YOI+48k17HVIRAFx+ZIKUNNqVjJLMYS63MUQPOyZ2lc0SjXcojoAQ8ke3QrWZfYcDkpCDpDHmf7OyiFx+8PQaKR0xinFn9uiGQ84WD5dWDRCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OctkXTKE2q097gSw2BNdaaec+gStWS8nCHpL5qvi2Qo=;
 b=CYS8T4vmUtiSpOl/XxdN7Qml0yU+LluRs3bTreBXnuZE/zOim56VykCfw05Ja/gwAjTYmBHH6dbY0hhlLGnKaaWTff7nFsRDwx+S7zPAXSC7h1VL0dSdrRpcs6DX6Z+GQk5eFqV11eOlDxV7o2+po20DcK/MIDcWZqT50Spy3sV+SBB/aqVOtWtEDjVhZXODZLwUI3JHh4d9KxgGCTZjpsDM4f+jkXJwNeH4a3zZ7q4jP9cZew9hqyY1RRC+YkqsrOhQcdVyaL8juJqRKrMVpIUhiatOD0IKn5FPpmU3HM218Lgs32ZHbl26l1HwPlp/uQZhBvSYSYcnArevThR8eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=labundy.com; dmarc=pass action=none header.from=labundy.com;
 dkim=pass header.d=labundy.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=NETORG5796793.onmicrosoft.com; s=selector1-NETORG5796793-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OctkXTKE2q097gSw2BNdaaec+gStWS8nCHpL5qvi2Qo=;
 b=Zqw0k5E7MHsQ+5F6aTC7hFJkj3oKmkOEfFtBNfngaEBdJ9DldGbp7jCm/o8cOtI0RGI6a7WK3r3ha7+A9N8bx8C0U1dlrf+j/ELUEUI+b37tlmV84JpOlEBh24t28BQjH81sqQvVoTJguuPs36NwE+VffIwnRGnpxGQeJBZdwGE=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=labundy.com;
Received: from SJ0PR08MB6544.namprd08.prod.outlook.com (2603:10b6:a03:2d3::16)
 by SA1PR08MB7101.namprd08.prod.outlook.com (2603:10b6:806:18b::15) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14; Sun, 20 Mar
 2022 03:26:17 +0000
Received: from SJ0PR08MB6544.namprd08.prod.outlook.com
 ([fe80::3d7d:ce41:a265:4481]) by SJ0PR08MB6544.namprd08.prod.outlook.com
 ([fe80::3d7d:ce41:a265:4481%6]) with mapi id 15.20.5081.022; Sun, 20 Mar 2022
 03:26:16 +0000
From: Jeff LaBundy <jeff@labundy.com>
To: dmitry.torokhov@gmail.com
Cc: linux-input@vger.kernel.org, Jeff LaBundy <jeff@labundy.com>,
	=?utf-8?q?Tomasz_Mo=C5=84?= <tomasz.mon@camlingroup.com>
Subject: [PATCH] Input: add bounds checking to input_set_capability()
Date: Sat, 19 Mar 2022 22:25:37 -0500
Message-Id: <20220320032537.545250-1-jeff@labundy.com>
X-Mailer: git-send-email 2.25.1
X-ClientProxiedBy: SN7P222CA0030.NAMP222.PROD.OUTLOOK.COM
 (2603:10b6:806:124::25) To SJ0PR08MB6544.namprd08.prod.outlook.com
 (2603:10b6:a03:2d3::16)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: a83e371a-a2d9-417e-e0d9-08da0a21647f
X-MS-TrafficTypeDiagnostic: SA1PR08MB7101:EE_
X-Microsoft-Antispam-PRVS: 
 <SA1PR08MB7101295C080F8D2F87EC510CD3159@SA1PR08MB7101.namprd08.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 264F9l63oaUaPLRDB+TCIFnZavYUkWR2f8ijeRRj8A+I6F0HwBD7BvRS9fVUMQN33sIZ7Z4ZNNcBrZ7FmHt1mzBlQsn+1ptaej3AOjxSgfNpD71ljEzYteOvctnjcgMSlqASpuk81FuZmSKdOvLqIKbwA9Y3RLPjHkzmibwZZP7wUBiYU6K69v/lS55yVbRDiM1hXrvjhhv9ncL8x8LuAy4knqVwfpBQ9X9XiHyWsLyYwoYffMgGOqq4blthYaMQiUQFPzaDZE2fqYUdPeePJ9RgfsrxRu6usjGm3Vly3O+DQ0dYlQhNVv/5DQueq1rfy4purm+3wFSZ1L1tcD1yISKEn4YnFbmKB0nacOVjYpxrUUy/ZZ01CQpdaL1YjXpWDbNbbgRAUcKbSmTWk5MAp2k35HU8wdQYX4IZ0ONCR04CR0qhEV8YnaAOPY6BWLY1w5KdqmDmDa5YuYYf/Fq7Mf6CXpP+FQwMe1/U6HLl2eTtJv5VMZl0zavbjH5Mw7uBuNLeUbTf9DHQ0m5i3w2MQdiScSF0ebfHWWIU1RX8dLNBSM7hyR8rhVC97dpaIbIF4xqy4KB8SAcmL3szkl9tGEqTU7eJEVpp/wh/cvtZsulJVgxSHYXC1dnu5i0R7GhZlv5Yj9J+tc9xaRk+8xQznieV0rb8GfnX/Mg83JcRdb3ote2FRCKgj3yrmYtMYAGzInvVPPGBxwFj/vGfAIGjKQ==
X-Forefront-Antispam-Report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR08MB6544.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(376002)(346002)(396003)(136003)(39830400003)(366004)(66556008)(4326008)(66946007)(66476007)(6486002)(52116002)(6506007)(6666004)(2906002)(6512007)(186003)(8936002)(1076003)(26005)(38350700002)(38100700002)(508600001)(2616005)(5660300002)(86362001)(8676002)(36756003)(6916009)(54906003)(316002)(83380400001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?KSreMsVlP+LWNRP4jOjyl/mEF5ET?=
	=?utf-8?q?0Fi2BfHzdJ0BZZaDpdo9HCqhOMwGGj6w0d7eKFcmzjHKRHNZHLg46zDVjfGPszNgT?=
	=?utf-8?q?/ASPhonYALzlHE/5jC0Z99S/uCpQtlN35B8wobnmoP2rS7qX9PkM6u3Ps0IsX+d6A?=
	=?utf-8?q?tl/beNSu3Jg62CwslC2RvUIUuIO2BWxGWNd9Ik8ljto/C5g049tFexq2/gClbvkwC?=
	=?utf-8?q?x2CnD9D2bGfXWEXjw7wmqMOPmoJ61ukO3tO9vSxiVYWR2A16bvMDa+a67ovUqYFAa?=
	=?utf-8?q?EznCJghCC0glEsxkKlQsXg9Bt56IUCMy7dEambRZI1GxyHjzvWc8wwQciLkQOG77z?=
	=?utf-8?q?GuTuZQinAzlQ8tk2yO9Mf5kzoZEhSK1pV+gBaZ/0t9TWdsd6QZgsjqsZ0I07uBDyI?=
	=?utf-8?q?IQxNtoXlOmvNl33SwoZJvtn4hmoTjM5T4fn1EjQaSBm6rTnLael+49ykUi807eWek?=
	=?utf-8?q?TBZmCHhM5oTPemmFKxEI9o17WDqncYC/0W/6DG/q3NJ7MoKXncJN213uoH7Ft3xkk?=
	=?utf-8?q?f6t6tvTVox+7MJnGl+XTgfyvRNNj7eOvm4hlpzUmdiGiTP3DzuU5FYhP+0/8LOu4T?=
	=?utf-8?q?LRJr17drKSBro9WzR8R/zYmC9RQnTDKdnr32SjbdH+H27eczaJinXw79DVr+/IXLB?=
	=?utf-8?q?9Br8MA3otwcvMTyzsYtuaE6PnReLnEgsLhkjn8Kx74jzpNkaqIDNeE/jGvl5cVkSN?=
	=?utf-8?q?/2sZ5A9bviRBXgaVX9GnIHzVpJCzg5SHOSBmIs+XXyf9Htak79SBG8ZMawNhrAnpa?=
	=?utf-8?q?R+7GrIgucOvpCV3Kfu9JNAG7Agdgfvb2JfMrfCOsSQ6v2lGv5Gy84rpJUsRzeDSWN?=
	=?utf-8?q?z4NJJgfHGZaIBjLl7BjGFzvyJF+SeDhVeztbY335PeoLhYPBWtlB+F92bCY/1OFWb?=
	=?utf-8?q?7zXgAJvWQDn0jyi4XOuSA21usBEH+oW7y7eiLq1/ZJvEuG+aL0AnBgytXaA9C1DAi?=
	=?utf-8?q?yMqsUUHjW7zalLElXDgVk7jtw9Ws15zvAjHwLLNHOxht5o8hj12yY6O6Ncdyogp02?=
	=?utf-8?q?qKPK3T6fgiTzyL3cmORPvyuB5Q2mfXmKQykZoq2J5YIFAiyL4xmxfEAohgGXK9BL7?=
	=?utf-8?q?4klw/2pmUbGfoGhFSMcfNLaZpSELuUxXxweMIr2dqDnePRG7tUjHl9puggLB3sVsd?=
	=?utf-8?q?sRO9F/oX+nJXgyR3/4GJ6swxNEU89DFhiY+J7BDx8ApJHLMnrZ2H6AL+0NE0ZErbw?=
	=?utf-8?q?V5wHd8T5KRSxtmSyqv/nppUwHoqggePmLLhbOdosTvfONRVdEMEnklYH1rL0pqNxH?=
	=?utf-8?q?P/mpTYDRn6B/85bUBCrDsm/9X08Fh/SSPLfBoE+e+L0d6vzL39odk5s21+NI0FxrE?=
	=?utf-8?q?LCkndsFPcelnhlAgHKzPv0kagrZAuMotBKVIIuidWGiIZGVJLVYI4Qhl00Ux9egfe?=
	=?utf-8?q?NcjIiJ58g64p1M?=
X-OriginatorOrg: labundy.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a83e371a-a2d9-417e-e0d9-08da0a21647f
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR08MB6544.namprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Mar 2022 03:26:16.4209
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 00b69d09-acab-4585-aca7-8fb7c6323e6f
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 dPkP4ymQZUSG6GzCqcAki1IFxIxSO9FAyXH4MhUq9+MYnO+8cQ4fIGFJvj4eSiNmPu0TA3cB6Y1Do1aMUgk2Ug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR08MB7101
Precedence: bulk
List-ID: <linux-input.vger.kernel.org>
X-Mailing-List: linux-input@vger.kernel.org

Update input_set_capability() to prevent kernel panic in case the
event code exceeds the bitmap for the given event type.

Suggested-by: Tomasz Moń <tomasz.mon@camlingroup.com>
Signed-off-by: Jeff LaBundy <jeff@labundy.com>
Reviewed-by: Tomasz Moń <tomasz.mon@camlingroup.com>
---
 drivers/input/input.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/drivers/input/input.c b/drivers/input/input.c
index 7c7e4042ec10..6428cdacf534 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -47,6 +47,17 @@ static DEFINE_MUTEX(input_mutex);
 
 static const struct input_value input_value_sync = { EV_SYN, SYN_REPORT, 1 };
 
+static const unsigned int input_max_code[EV_CNT] = {
+	[EV_KEY] = KEY_MAX,
+	[EV_REL] = REL_MAX,
+	[EV_ABS] = ABS_MAX,
+	[EV_MSC] = MSC_MAX,
+	[EV_SW] = SW_MAX,
+	[EV_LED] = LED_MAX,
+	[EV_SND] = SND_MAX,
+	[EV_FF] = FF_MAX,
+};
+
 static inline int is_event_supported(unsigned int code,
 				     unsigned long *bm, unsigned int max)
 {
@@ -2110,6 +2121,14 @@ EXPORT_SYMBOL(input_get_timestamp);
  */
 void input_set_capability(struct input_dev *dev, unsigned int type, unsigned int code)
 {
+	if (type < EV_CNT && input_max_code[type] &&
+	    code > input_max_code[type]) {
+		pr_err("%s: invalid code %u for type %u\n", __func__, code,
+		       type);
+		dump_stack();
+		return;
+	}
+
 	switch (type) {
 	case EV_KEY:
 		__set_bit(code, dev->keybit);