From: Dmitry Torokhov Date: Sat, 19 Sep 2015 18:22:57 +0000 (-0700) Subject: Input: uinput - fix crash when using ABS events X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=72d4736253af74147b1fa68145b2f4c61d1f37e1;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git Input: uinput - fix crash when using ABS events Commit b6d30968d86c45a7bb599eaca13ff048d3fa576c (Input: uinput - switch to using for_each_set_bit()) switched driver to use for_each_set_bit(). However during initial write of the uinput structure that contains min/max data for all possible axes none of them are reflected in dev->absbit yet and so we were skipping over all of them and were not allocating absinfo memory which caused crash later when driver tried to sens EV_ABS events: <1>[ 15.064330] BUG: unable to handle kernel NULL pointer dereference at 0000000000000024 <1>[ 15.064336] IP: [] input_handle_event+0x232/0x4e0 <4>[ 15.064343] PGD 0 <4>[ 15.064345] Oops: 0000 [#1] SMP Fixes: b6d30968d86c45a7bb599eaca13ff048d3fa576c Cc: stable@vger.kernel.org Reported-by: Stephen Chandler Paul Tested-by: Stephen Chandler Paul Signed-off-by: Dmitry Torokhov --- diff --git a/drivers/input/misc/uinput.c b/drivers/input/misc/uinput.c index 345df9b03aed..5adbcedcb81c 100644 --- a/drivers/input/misc/uinput.c +++ b/drivers/input/misc/uinput.c @@ -414,7 +414,7 @@ static int uinput_setup_device(struct uinput_device *udev, dev->id.product = user_dev->id.product; dev->id.version = user_dev->id.version; - for_each_set_bit(i, dev->absbit, ABS_CNT) { + for (i = 0; i < ABS_CNT; i++) { input_abs_set_max(dev, i, user_dev->absmax[i]); input_abs_set_min(dev, i, user_dev->absmin[i]); input_abs_set_fuzz(dev, i, user_dev->absfuzz[i]);