Input: paper over a bug in Synaptics X driver

dtor · dtor · commit f2afa7711f85 · 2008-08-08T14:54:59.000-04:00
Signed-off-by: Dmitry Torokhov &lt;dtor@mail.ru&gt;
diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
@@ -647,8 +647,10 @@ static int str_to_user(const char *str, unsigned int maxlen, void __user *p)
 	return copy_to_user(p, str, len) ? -EFAULT : len;
 }
 
+#define OLD_KEY_MAX	0x1ff
 static int handle_eviocgbit(struct input_dev *dev, unsigned int cmd, void __user *p, int compat_mode)
 {
+	static unsigned long keymax_warn_time;
 	unsigned long *bits;
 	int len;
 
@@ -665,9 +667,26 @@ static int handle_eviocgbit(struct input_dev *dev, unsigned int cmd, void __user
 	case EV_SW:  bits = dev->swbit;  len = SW_MAX;  break;
 	default: return -EINVAL;
 	}
+
+	/*
+	 * Work around bugs in userspace programs that like to do
+	 * EVIOCGBIT(EV_KEY, KEY_MAX) and not realize that 'len'
+	 * should be in bytes, not in bits.
+	 */
+	if ((_IOC_NR(cmd) & EV_MAX) == EV_KEY && _IOC_SIZE(cmd) == OLD_KEY_MAX) {
+		len = OLD_KEY_MAX;
+		if (printk_timed_ratelimit(&keymax_warn_time, 10 * 1000))
+			printk(KERN_WARNING
+				"evdev.c(EVIOCGBIT): Suspicious buffer size %d, "
+				"limiting output to %d bytes. See "
+				"http://userweb.kernel.org/~dtor/eviocgbit-bug.html\n",
+				OLD_KEY_MAX,
+				BITS_TO_LONGS(OLD_KEY_MAX) * sizeof(long));
+	}
+
 	return bits_to_user(bits, len, _IOC_SIZE(cmd), p, compat_mode);
 }
-
+#undef OLD_KEY_MAX
 
 static long evdev_do_ioctl(struct file *file, unsigned int cmd,
 			   void __user *p, int compat_mode)
