input_to_handler: unable to handle kernel NULL pointer dereference

Commit Message

Jiri Slaby Sept. 13, 2012, 3:05 p.m. UTC

Hi,

-next commit "Input: Send events one packet at a time" seems like broke
the input layer:
BUG: unable to handle kernel NULL pointer dereference at      (null)
IP: [<          (null)>]           (null)
PGD 0
Oops: 0010 [#1] SMP
Modules linked in:
CPU 0
Pid: 0, comm: swapper/0 Not tainted 3.6.0-rc5-next-20120912_64+ #44
Bochs Bochs
RIP: 0010:[<0000000000000000>]  [<          (null)>]           (null)
RSP: 0018:ffff880049603c70  EFLAGS: 00010086
RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000045
RDX: 0000000000000004 RSI: 0000000000000004 RDI: ffff880047bff918
RBP: ffff880049603cb8 R08: 00000000000000c5 R09: ffff880047400000
R10: 000000000000001d R11: 00000000000000c5 R12: ffffffff81a36c00
R13: ffff8800465c6d50 R14: ffff8800465c6d50 R15: ffff8800465c6d48
FS:  0000000000000000(0000) GS:ffff880049600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000000 CR3: 0000000001a0b000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper/0 (pid: 0, threadinfo ffffffff81a00000, task
ffffffff81a13420)
Stack:
 ffffffff81473df2 ffffffff8109c4de ffff880047bff918 ffff880049611200
 ffff8800465c6d40 ffff880047bff918 ffff880046a2ae68 0000000000000002
 ffff880046a2b328 ffff880049603d08 ffffffff81475ea9 ffffffff810965c5
Call Trace:
 <IRQ>
 [<ffffffff81473df2>] ? input_to_handler+0xc2/0xe0
 [<ffffffff8109c4de>] ? enqueue_task_fair+0xfe/0x180
 [<ffffffff81475ea9>] input_pass_values.part.14+0x159/0x160
 [<ffffffff810965c5>] ? check_preempt_curr+0x75/0xa0
 [<ffffffff81476f03>] input_handle_event+0x113/0x520
 [<ffffffff81477402>] input_event+0x52/0x70
 [<ffffffff810989ed>] ? default_wake_function+0xd/0x10
 [<ffffffff8147d657>] atkbd_interrupt+0x297/0x6b0
 [<ffffffff81094bb5>] ? __wake_up_common+0x55/0x90
 [<ffffffff81470e6d>] serio_interrupt+0x4d/0xa0
 [<ffffffff814721ba>] i8042_interrupt+0x1ba/0x3a0
 [<ffffffff810d4902>] ? rcu_process_callbacks+0x3c2/0x4e0
 [<ffffffff8109df97>] ? run_rebalance_domains+0x47/0x160
 [<ffffffff810ce243>] handle_irq_event_percpu+0x43/0x160
 [<ffffffff8109a647>] ? sched_clock_tick+0x57/0xa0
 [<ffffffff810ce39c>] handle_irq_event+0x3c/0x60
 [<ffffffff810d0aaf>] handle_edge_irq+0x6f/0x110
 [<ffffffff8103a52d>] handle_irq+0x1d/0x30




If I do this, everything works:


PS sysrq is the driver causing this.

regards,

Comments

Dmitry Torokhov Sept. 13, 2012, 3:57 p.m. UTC | #1

On Thu, Sep 13, 2012 at 05:05:44PM +0200, Jiri Slaby wrote:
> Hi,
> 
> -next commit "Input: Send events one packet at a time" seems like broke
> the input layer:

Right, Henrik has a patch for this.

Thanks.

Henrik Rydberg Sept. 13, 2012, 5:41 p.m. UTC | #2

On Thu, Sep 13, 2012 at 08:57:38AM -0700, Dmitry Torokhov wrote:
> On Thu, Sep 13, 2012 at 05:05:44PM +0200, Jiri Slaby wrote:
> > Hi,
> > 
> > -next commit "Input: Send events one packet at a time" seems like broke
> > the input layer:
> 
> Right, Henrik has a patch for this.

Yep, it just missed the cut for today, but will appear in tomorrow's
-next.

Thanks,
Henrik
--
To unsubscribe from this list: send the line "unsubscribe linux-input" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -112,9 +112,12 @@  static unsigned int input_to_handler(struct
input_handle *handle,
        if (!count)
                return 0;

+       WARN_ONCE(!handler->events && !handler->event, "%s: %s",
+                       handle->name, handler->name);
+
        if (handler->events)
                handler->events(handle, vals, count);
-       else
+       else if (handler->event)
                for (v = vals; v != end; v++)
                        handler->event(handle, v->type, v->code, v->value);