evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers/input/misc
History
Jonathan Bakker 6d6d6255b7 Input: bma150 - register input device after setting private data 
commit 90cc55f067f6ca0e64e5e52883ece47d8af7b67b upstream.

Otherwise we introduce a race condition where userspace can request input
before we're ready leading to null pointer dereference such as

input: bma150 as /devices/platform/i2c-gpio-2/i2c-5/5-0038/input/input3
Unable to handle kernel NULL pointer dereference at virtual address 00000018
pgd = (ptrval)
[00000018] *pgd=55dac831, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#1] PREEMPT ARM
Modules linked in: bma150 input_polldev [last unloaded: bma150]
CPU: 0 PID: 2870 Comm: accelerometer Not tainted 5.0.0-rc3-dirty #46
Hardware name: Samsung S5PC110/S5PV210-based board
PC is at input_event+0x8/0x60
LR is at bma150_report_xyz+0x9c/0xe0 [bma150]
pc : [<80450f70>]    lr : [<7f0a614c>]    psr: 800d0013
sp : a4c1fd78  ip : 00000081  fp : 00020000
r10: 00000000  r9 : a5e2944c  r8 : a7455000
r7 : 00000016  r6 : 00000101  r5 : a7617940  r4 : 80909048
r3 : fffffff2  r2 : 00000000  r1 : 00000003  r0 : 00000000
Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 10c5387d  Table: 54e34019  DAC: 00000051
Process accelerometer (pid: 2870, stack limit = 0x(ptrval))
Stackck: (0xa4c1fd78 to 0xa4c20000)
fd60:                                                       fffffff3 fc813f6c
fd80: 40410581 d7530ce3 a5e2817c a7617f00 a5e29404 a5e2817c 00000000 7f008324
fda0: a5e28000 8044f59c a5fdd9d0 a5e2945c a46a4a00 a5e29668 a7455000 80454f10
fdc0: 80909048 a5e29668 a5fdd9d0 a46a4a00 806316d0 00000000 a46a4a00 801df5f0
fde0: 00000000 d7530ce3 a4c1fec0 a46a4a00 00000000 a5fdd9d0 a46a4a08 801df53c
fe00: 00000000 801d74bc a4c1fec0 00000000 a4c1ff70 00000000 a7038da8 00000000
fe20: a46a4a00 801e91fc a411bbe0 801f2e88 00000004 00000000 80909048 00000041
fe40: 00000000 00020000 00000000 dead4ead a6a88da0 00000000 ffffe000 806fcae8
fe60: a4c1fec8 00000000 80909048 00000002 a5fdd9d0 a7660110 a411bab0 00000001
fe80: dead4ead ffffffff ffffffff a4c1fe8c a4c1fe8c d7530ce3 20000013 80909048
fea0: 80909048 a4c1ff70 00000001 fffff000 a4c1e000 00000005 00026038 801eabd8
fec0: a7660110 a411bab0 b9394901 00000006 a696201b 76fb3000 00000000 a7039720
fee0: a5fdd9d0 00000101 00000002 00000096 00000000 00000000 00000000 a4c1ff00
ff00: a6b310f4 805cb174 a6b310f4 00000010 00000fe0 00000010 a4c1e000 d7530ce3
ff20: 00000003 a5f41400 a5f41424 00000000 a6962000 00000000 00000003 00000002
ff40: ffffff9c 000a0000 80909048 d7530ce3 a6962000 00000003 80909048 ffffff9c
ff60: a6962000 801d890c 00000000 00000000 00020000 a7590000 00000004 00000100
ff80: 00000001 d7530ce3 000288b8 00026320 000288b8 00000005 80101204 a4c1e000
ffa0: 00000005 80101000 000288b8 00026320 000288b8 000a0000 00000000 00000000
ffc0: 000288b8 00026320 000288b8 00000005 7eef3bac 000264e8 00028ad8 00026038
ffe0: 00000005 7eef3300 76f76e91 76f78546 800d0030 000288b8 00000000 00000000
[<80450f70>] (input_event) from [<a5e2817c>] (0xa5e2817c)
Code: e1a08148 eaffffa8 e351001f 812fff1e (e590c018)
---[ end trace 1c691ee85f2ff243 ]---

Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-02-20 10:13:22 +01:00
..
88pm80x_onkey.c
88pm860x_onkey.c
ab8500-ponkey.c
ad714x-i2c.c Input: ad714x - convert to using managed resources 2015-09-19 11:42:39 -07:00
ad714x-spi.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-11-06 11:57:41 -08:00
ad714x.c Input: ad714x - convert to using managed resources 2015-09-19 11:42:39 -07:00
ad714x.h Input: ad714x - convert to using managed resources 2015-09-19 11:42:39 -07:00
adxl34x-i2c.c
adxl34x-spi.c spi: Drop owner assignment from spi_drivers 2015-10-28 10:30:17 +09:00
adxl34x.c
adxl34x.h
apanel.c
arizona-haptics.c Input: arizona-haptic - fix disabling of haptics device 2015-12-02 16:22:11 -08:00
ati_remote2.c Input: ati_remote2 - fix crashes on detecting device with invalid descriptor 2016-04-12 09:09:04 -07:00
atlas_btns.c
axp20x-pek.c
bfin_rotary.c
bma150.c Input: bma150 - register input device after setting private data 2019-02-20 10:13:22 +01:00
cm109.c Input: cm109 - validate number of endpoints before using them 2017-03-30 09:35:15 +02:00
cma3000_d0x.c
cma3000_d0x.h
cma3000_d0x_i2c.c
cobalt_btns.c
da9052_onkey.c
da9055_onkey.c
da9063_onkey.c Input: add DA9062 OnKey capability to DA9063 OnKey driver 2015-09-29 16:50:07 -07:00
dm355evm_keys.c
drv260x.c Input: drv260x - fix initializing overdrive voltage 2018-04-29 07:50:01 +02:00
drv2665.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-09-04 12:02:11 -07:00
drv2667.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-09-04 12:02:11 -07:00
e3x0-button.c
gp2ap002a00f.c
gpio-beeper.c
gpio_tilt_polled.c
hp_sdc_rtc.c Input: hp_sdc_rtc - fix y2038 problem in proc_show 2015-10-22 23:31:28 -07:00
ideapad_slidebar.c
ims-pcu.c Input: ims-psu - check if CDC union descriptor is sane 2017-11-18 11:11:05 +01:00
ixp4xx-beeper.c
Kconfig Input: e3x0-button - update Kconfig description 2015-10-26 01:39:07 -07:00
keyspan_remote.c
kxtj9.c Input: kxtj9 - remove unneeded retval variable 2015-10-02 11:44:17 -07:00
m68kspkr.c
Makefile
max8925_onkey.c
max8997_haptic.c Input: max8997-haptic - fix NULL pointer dereference 2016-05-18 17:06:54 -07:00
max77693-haptic.c
mc13783-pwrbutton.c
mma8450.c
mpu3050.c
palmas-pwrbutton.c
pcap_keys.c
pcf8574_keypad.c
pcf50633-input.c
pcspkr.c
pm8xxx-vibrator.c
pm8941-pwrkey.c Input: pm8941-pwrkey - remove unneded semicolon 2015-09-19 11:39:03 -07:00
pmic8xxx-pwrkey.c Input: pmic8xxx-pwrkey - fix algorithm for converting trigger delay 2016-05-04 14:48:45 -07:00
powermate.c Input: powermate - fix oops with malicious USB descriptors 2016-04-12 09:08:43 -07:00
pwm-beeper.c Input: pwm-beeper - fix - scheduling while atomic 2016-06-01 12:15:49 -07:00
rb532_button.c
regulator-haptic.c
retu-pwrbutton.c
rotary_encoder.c Input: rotary-encoder - add support for quarter-period mode 2015-10-16 15:32:18 -07:00
sgi_btns.c
sirfsoc-onkey.c
soc_button_array.c
sparcspkr.c
tps65218-pwrbutton.c
twl4030-pwrbutton.c Input: twl4030-pwrbutton - use correct device for irq request 2018-03-24 10:58:45 +01:00
twl4030-vibra.c Input: twl4030-vibra - fix sibling-node lookup 2018-01-23 19:50:16 +01:00
twl6040-vibra.c Input: twl6040-vibra - fix child-node lookup 2018-01-23 19:50:16 +01:00
uinput.c Input: uinput - handle compat ioctl for UI_SET_PHYS 2016-06-07 18:14:32 -07:00
wistron_btns.c
wm831x-on.c
xen-kbdfront.c Input: xen - check return value of xenbus_printf 2015-10-22 23:32:01 -07:00
yealink.c Input: yealink - validate number of endpoints before using them 2017-03-30 09:35:15 +02:00
yealink.h