summaryrefslogtreecommitdiffstats
path: root/drivers/input/input.c
diff options
context:
space:
mode:
authorJeff LaBundy <jeff@labundy.com>2022-03-21 05:55:27 +0100
committerDmitry Torokhov <dmitry.torokhov@gmail.com>2022-03-21 05:59:42 +0100
commit409353cbe9fe48f6bc196114c442b1cff05a39bc (patch)
tree943674074c63d4dc8c72512007b10e22abde3017 /drivers/input/input.c
parentInput: iqs5xx - use local input_dev pointer (diff)
downloadlinux-409353cbe9fe48f6bc196114c442b1cff05a39bc.tar.xz
linux-409353cbe9fe48f6bc196114c442b1cff05a39bc.zip
Input: add bounds checking to input_set_capability()
Update input_set_capability() to prevent kernel panic in case the event code exceeds the bitmap for the given event type. Suggested-by: Tomasz Moń <tomasz.mon@camlingroup.com> Signed-off-by: Jeff LaBundy <jeff@labundy.com> Reviewed-by: Tomasz Moń <tomasz.mon@camlingroup.com> Link: https://lore.kernel.org/r/20220320032537.545250-1-jeff@labundy.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Diffstat (limited to 'drivers/input/input.c')
-rw-r--r--drivers/input/input.c19
1 files changed, 19 insertions, 0 deletions
diff --git a/drivers/input/input.c b/drivers/input/input.c
index 7c7e4042ec10..6428cdacf534 100644
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -47,6 +47,17 @@ static DEFINE_MUTEX(input_mutex);
static const struct input_value input_value_sync = { EV_SYN, SYN_REPORT, 1 };
+static const unsigned int input_max_code[EV_CNT] = {
+ [EV_KEY] = KEY_MAX,
+ [EV_REL] = REL_MAX,
+ [EV_ABS] = ABS_MAX,
+ [EV_MSC] = MSC_MAX,
+ [EV_SW] = SW_MAX,
+ [EV_LED] = LED_MAX,
+ [EV_SND] = SND_MAX,
+ [EV_FF] = FF_MAX,
+};
+
static inline int is_event_supported(unsigned int code,
unsigned long *bm, unsigned int max)
{
@@ -2110,6 +2121,14 @@ EXPORT_SYMBOL(input_get_timestamp);
*/
void input_set_capability(struct input_dev *dev, unsigned int type, unsigned int code)
{
+ if (type < EV_CNT && input_max_code[type] &&
+ code > input_max_code[type]) {
+ pr_err("%s: invalid code %u for type %u\n", __func__, code,
+ type);
+ dump_stack();
+ return;
+ }
+
switch (type) {
case EV_KEY:
__set_bit(code, dev->keybit);