Re: uevent buffer overflow in input layer
From: Greg KH
Date: Tue Jan 24 2006 - 01:06:15 EST
On Tue, Jan 24, 2006 at 01:01:19AM -0500, Dmitry Torokhov wrote:
> On Tuesday 24 January 2006 00:03, Greg KH wrote:
> > On Mon, Jan 23, 2006 at 10:43:41AM +1100, Benjamin Herrenschmidt wrote:
> > > Current -git as of today does this on an x86 box with a logitech USB
> > > keyboard:
> > >
> > > (the $$$ is debug stuff I added to print_modalias(), size is the size
> > > passed in and "Total len" is the value of "len" before returning). We
> > > end up overflowing, thus we pass a negative size to snprintf which
> > > causes the WARN_ON. Bumping the uevent buffer size in lib/kobject_uevent.c
> > > from 1024 to 2048 seems to fix the oops and /dev/input/mice is now properly
> > > created and works (it doesn't without the fix, X fails and we end up back
> > > in console with a dead keyboard).
> > >
> > > I'm not sure it's the correct solution as I'm not too familiar with the
> > > uevent code though, so I'll let you guys decide on the proper approach.
> >
> > Yes, input has some big strings, I'd recommend bumping it up like you
> > suggest.
> >
> > Care to make up a patch as you found the problem and should get the
> > credit? :)
> >
>
> Actually, is it too late to convert modalias data to the same format
> (bitmap) we are using in /proc/bus/input/devices (keeping cutting key
> info at KEY_MIN_INTERESTING)? It looks like it will be more compact
> and let us keep 1024 bytes buffer...
I don't think so, but Kay knows best about this. Kay?
thanks,
greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/