Input: paper over a bug in Synaptics X driver
authorDmitry Torokhov <dmitry.torokhov@gmail.com>
Fri, 8 Aug 2008 15:46:53 +0000 (11:46 -0400)
committerDmitry Torokhov <dmitry.torokhov@gmail.com>
Fri, 8 Aug 2008 18:54:59 +0000 (14:54 -0400)
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
drivers/input/evdev.c

index ef8c2ed792c3391ee1065038b1e456969d94826e..a92d81567559ba9fb59508628fdba56a0b7405bb 100644 (file)
@@ -647,8 +647,10 @@ static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
        return copy_to_user(p, str, len) ? -EFAULT : len;
 }
 
+#define OLD_KEY_MAX    0x1ff
 static int handle_eviocgbit(struct input_dev *dev, unsigned int cmd, void __user *p, int compat_mode)
 {
+       static unsigned long keymax_warn_time;
        unsigned long *bits;
        int len;
 
@@ -665,9 +667,26 @@ static int handle_eviocgbit(struct input_dev *dev, unsigned int cmd, void __user
        case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
        default: return -EINVAL;
        }
+
+       /*
+        * Work around bugs in userspace programs that like to do
+        * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len'
+        * should be in bytes, not in bits.
+        */
+       if ((_IOC_NR(cmd) & EV_MAX) == EV_KEY && _IOC_SIZE(cmd) == OLD_KEY_MAX) {
+               len = OLD_KEY_MAX;
+               if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000))
+                       printk(KERN_WARNING
+                               "evdev.c(EVIOCGBIT): Suspicious buffer size %d, "
+                               "limiting output to %d bytes. See "
+                               "http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n",
+                               OLD_KEY_MAX,
+                               BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long));
+       }
+
        return bits_to_user(bits, len, _IOC_SIZE(cmd), p, compat_mode);
 }
-
+#undef OLD_KEY_MAX
 
 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
                           void __user *p, int compat_mode)