We only instantiate the led classes if there is a definition in input_led_info[]. However, the max for EV_LED is bigger than the values filled in this array, and there are some holes in it.
In .connect(), we check for these holes, but in leds_init_work() we do not, leading to some nice kernel oopses.
Found by running https://github.com/whot/fuzzydevice
Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires benjamin.tissoires@redhat.com --- drivers/input/input-leds.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/input/input-leds.c b/drivers/input/input-leds.c index 83d930f7396a..c86eb3d648bf 100644 --- a/drivers/input/input-leds.c +++ b/drivers/input/input-leds.c @@ -94,6 +94,9 @@ static void leds_init_work(struct work_struct *work) int led_no = 0;
for_each_set_bit(led_code, leds->handle.dev->ledbit, LED_CNT) { + if (!input_led_info[led_code].name) + continue; + led = &leds->leds[led_no];
down_read(&led->cdev.trigger_lock);
linux-stable-mirror@lists.linaro.org