Re: uevent buffer overflow in input layer
From: Dmitry Torokhov
Date: Tue Jan 24 2006 - 01:00:03 EST
On Tuesday 24 January 2006 00:03, Greg KH wrote:
> On Mon, Jan 23, 2006 at 10:43:41AM +1100, Benjamin Herrenschmidt wrote:
> > Current -git as of today does this on an x86 box with a logitech USB
> > keyboard:
> >
> > (the $$$ is debug stuff I added to print_modalias(), size is the size
> > passed in and "Total len" is the value of "len" before returning). We
> > end up overflowing, thus we pass a negative size to snprintf which
> > causes the WARN_ON. Bumping the uevent buffer size in lib/kobject_uevent.c
> > from 1024 to 2048 seems to fix the oops and /dev/input/mice is now properly
> > created and works (it doesn't without the fix, X fails and we end up back
> > in console with a dead keyboard).
> >
> > I'm not sure it's the correct solution as I'm not too familiar with the
> > uevent code though, so I'll let you guys decide on the proper approach.
>
> Yes, input has some big strings, I'd recommend bumping it up like you
> suggest.
>
> Care to make up a patch as you found the problem and should get the
> credit? :)
>
Actually, is it too late to convert modalias data to the same format
(bitmap) we are using in /proc/bus/input/devices (keeping cutting key
info at KEY_MIN_INTERESTING)? It looks like it will be more compact
and let us keep 1024 bytes buffer...
--
Dmitry
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/