diff options
| author | Vladis Dronov <[email protected]> | 2019-01-29 11:58:35 +0100 |
|---|---|---|
| committer | Benjamin Tissoires <[email protected]> | 2019-01-29 12:09:11 +0100 |
| commit | 13054abbaa4f1fd4e6f3b4b63439ec033b4c8035 (patch) | |
| tree | e1385b1d1ad52472b30ec37fb46358d4069f16a6 /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | 1950f462916edc9581168ca8d5882a8101e8bbcf (diff) | |
HID: debug: fix the ring buffer implementation
Ring buffer implementation in hid_debug_event() and hid_debug_events_read()
is strange allowing lost or corrupted data. After commit 717adfdaf147
("HID: debug: check length before copy_to_user()") it is possible to enter
an infinite loop in hid_debug_events_read() by providing 0 as count, this
locks up a system. Fix this by rewriting the ring buffer implementation
with kfifo and simplify the code.
This fixes CVE-2019-3819.
v2: fix an execution logic and add a comment
v3: use __set_current_state() instead of set_current_state()
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1669187
Cc: [email protected] # v4.18+
Fixes: cd667ce24796 ("HID: use debugfs for events/reports dumping")
Fixes: 717adfdaf147 ("HID: debug: check length before copy_to_user()")
Signed-off-by: Vladis Dronov <[email protected]>
Reviewed-by: Oleg Nesterov <[email protected]>
Signed-off-by: Benjamin Tissoires <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions