Commit 371f5715 authored by Randy Dunlap's avatar Randy Dunlap Committed by Greg Kroah-Hartman

[PATCH] uinput.c: reduce stack usage

drivers/input/misc/uinput.c::uinput_alloc_device(): reduce stack size
from 0x480 to 0x24;
parent 3a38ea66
...@@ -167,7 +167,7 @@ static int uinput_validate_absbits(struct input_dev *dev) ...@@ -167,7 +167,7 @@ static int uinput_validate_absbits(struct input_dev *dev)
static int uinput_alloc_device(struct file *file, const char *buffer, size_t count) static int uinput_alloc_device(struct file *file, const char *buffer, size_t count)
{ {
struct uinput_user_dev user_dev; struct uinput_user_dev *user_dev;
struct input_dev *dev; struct input_dev *dev;
struct uinput_device *udev; struct uinput_device *udev;
int size, int size,
...@@ -178,34 +178,40 @@ static int uinput_alloc_device(struct file *file, const char *buffer, size_t cou ...@@ -178,34 +178,40 @@ static int uinput_alloc_device(struct file *file, const char *buffer, size_t cou
udev = (struct uinput_device *)file->private_data; udev = (struct uinput_device *)file->private_data;
dev = udev->dev; dev = udev->dev;
if (copy_from_user(&user_dev, buffer, sizeof(struct uinput_user_dev))) { user_dev = kmalloc(sizeof(*user_dev), GFP_KERNEL);
if (!user_dev) {
retval = -ENOMEM;
goto exit;
}
if (copy_from_user(user_dev, buffer, sizeof(struct uinput_user_dev))) {
retval = -EFAULT; retval = -EFAULT;
goto exit; goto exit;
} }
if (NULL != dev->name) if (NULL != dev->name)
kfree(dev->name); kfree(dev->name);
size = strnlen(user_dev.name, UINPUT_MAX_NAME_SIZE); size = strnlen(user_dev->name, UINPUT_MAX_NAME_SIZE);
dev->name = kmalloc(size + 1, GFP_KERNEL); dev->name = kmalloc(size + 1, GFP_KERNEL);
if (!dev->name) { if (!dev->name) {
retval = -ENOMEM; retval = -ENOMEM;
goto exit; goto exit;
} }
strncpy(dev->name, user_dev.name, size); strncpy(dev->name, user_dev->name, size);
dev->name[size] = '\0'; dev->name[size] = '\0';
dev->id.bustype = user_dev.id.bustype; dev->id.bustype = user_dev->id.bustype;
dev->id.vendor = user_dev.id.vendor; dev->id.vendor = user_dev->id.vendor;
dev->id.product = user_dev.id.product; dev->id.product = user_dev->id.product;
dev->id.version = user_dev.id.version; dev->id.version = user_dev->id.version;
dev->ff_effects_max = user_dev.ff_effects_max; dev->ff_effects_max = user_dev->ff_effects_max;
size = sizeof(int) * (ABS_MAX + 1); size = sizeof(int) * (ABS_MAX + 1);
memcpy(dev->absmax, user_dev.absmax, size); memcpy(dev->absmax, user_dev->absmax, size);
memcpy(dev->absmin, user_dev.absmin, size); memcpy(dev->absmin, user_dev->absmin, size);
memcpy(dev->absfuzz, user_dev.absfuzz, size); memcpy(dev->absfuzz, user_dev->absfuzz, size);
memcpy(dev->absflat, user_dev.absflat, size); memcpy(dev->absflat, user_dev->absflat, size);
/* check if absmin/absmax/absfuzz/absflat are filled as /* check if absmin/absmax/absfuzz/absflat are filled as
* told in Documentation/input/input-programming.txt */ * told in Documentation/input/input-programming.txt */
...@@ -216,6 +222,7 @@ static int uinput_alloc_device(struct file *file, const char *buffer, size_t cou ...@@ -216,6 +222,7 @@ static int uinput_alloc_device(struct file *file, const char *buffer, size_t cou
} }
exit: exit:
kfree(user_dev);
return retval; return retval;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment