From 855ea747806b2e31b844d6fdacd97e0a836be207 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Thu, 1 Mar 2018 16:35:31 -0800 Subject: [PATCH] ANDROID: keychord: Check for write data size keychord driver causes a kernel warning when writing more than (1 << (MAX_ORDER - 1)) * PAGE_SIZE bytes to /dev/keychord. In reality writes to this file should be much smaller, so limiting data size to PAGE_SIZE seems to be appropriate. This change checks write data size and if it's more than PAGE_SIZE causes write to fail. Bug: 73962978 Change-Id: I8a064a396d4259ffca924fa35d80e9700c4f8d79 Signed-off-by: Suren Baghdasaryan --- drivers/input/misc/keychord.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/input/misc/keychord.c b/drivers/input/misc/keychord.c index fdcc14653b64..82fefdff366a 100644 --- a/drivers/input/misc/keychord.c +++ b/drivers/input/misc/keychord.c @@ -276,7 +276,7 @@ static ssize_t keychord_write(struct file *file, const char __user *buffer, size_t resid = count; size_t key_bytes; - if (count < sizeof(struct input_keychord)) + if (count < sizeof(struct input_keychord) || count > PAGE_SIZE) return -EINVAL; keychords = kzalloc(count, GFP_KERNEL); if (!keychords)