Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.18.y 2025-08-21T19:00:59Z 2025-08-21T19:00:59Z Dmitry Torokhov dmitry.torokhov@gmail.com 2025-08-06T18:16:51Z urn:sha1:df595059d54383c42607b59f1f9ea74dade280fe A number of modules in the input subsystem use EXPORT_SYMBOL() and friends without explicitly including the corresponding header <linux/export.h>. While the build currently succeeds due to this header being pulled in transitively, this is not guaranteed to be the case in the future. Let's add the explicit include to make the dependencies clear and prevent future build breakage. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2024-07-03T13:16:54Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2024-07-01T12:07:37Z urn:sha1:d69d804845985c29ab5be5a4b3b1f4787893daf8 In the match() callback, the struct device_driver * should not be changed, so change the function callback to be a const *. This is one step of many towards making the driver core safe to have struct device_driver in read-only memory. Because the match() callback is in all busses, all busses are modified to handle this properly. This does entail switching some container_of() calls to container_of_const() to properly handle the constant *. For some busses, like PCI and USB and HV, the const * is cast away in the match callback as those busses do want to modify those structures at this point in time (they have a local lock in the driver structure.) That will have to be changed in the future if they wish to have their struct device * in read-only-memory. Cc: Rafael J. Wysocki <rafael@kernel.org> Reviewed-by: Alex Elder <elder@kernel.org> Acked-by: Sumit Garg <sumit.garg@linaro.org> Link: https://lore.kernel.org/r/2024070136-wrongdoer-busily-01e8@gregkh Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2024-03-15T22:04:04Z Dmitry Torokhov dmitry.torokhov@gmail.com 2024-03-15T22:04:04Z urn:sha1:57ed9567e63b59350c21ae026635ae051e247abb Prepare input updates for 6.9 merge window. 2024-03-07T23:29:52Z Mathias Krause minipli@grsecurity.net 2024-02-22T14:26:54Z urn:sha1:fbf8d71742557abaf558d8efb96742d442720cc2 Calling irq_domain_remove() will lead to freeing the IRQ domain prematurely. The domain is still referenced and will be attempted to get used via rmi_free_function_list() -> rmi_unregister_function() -> irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer. With PaX's MEMORY_SANITIZE this will lead to an access fault when attempting to dereference embedded pointers, as in Torsten's report that was faulting on the 'domain->ops->unmap' test. Fix this by releasing the IRQ domain only after all related IRQs have been deactivated. Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain") Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com> Signed-off-by: Mathias Krause <minipli@grsecurity.net> Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2024-01-18T23:21:34Z Kunwu Chan chentao@kylinos.cn 2024-01-18T19:37:59Z urn:sha1:bc4996184d56cfaf56d3811ac2680c8a0e2af56e While input core can work with input->phys set to NULL userspace might depend on it, so better fail probing if allocation fails. The system must be in a pretty bad shape for it to happen anyway. Signed-off-by: Kunwu Chan <chentao@kylinos.cn> Link: https://lore.kernel.org/r/20240117073124.143636-1-chentao@kylinos.cn Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2020-04-28T23:11:40Z Wei Yongjun weiyongjun1@huawei.com 2020-04-28T23:09:53Z urn:sha1:5caab2da63207d6d631007f592f5219459e3454d Fix to return a negative error code from the input_register_device() error handling case instead of 0, as done elsewhere in this function. Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com> Link: https://lore.kernel.org/r/20200428134948.78343-1-weiyongjun1@huawei.com Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2020-04-28T01:13:37Z Evan Green evgreen@chromium.org 2020-04-28T01:08:58Z urn:sha1:d5a5e5b5fa7b86c05bf073acc0ba98fa280174ec Fix a use-after-free noticed by running with KASAN enabled. If rmi_irq_fn() is run twice in a row, then rmi_f11_attention() (among others) will end up reading from drvdata->attn_data.data, which was freed and left dangling in rmi_irq_fn(). Commit 55edde9fff1a ("Input: synaptics-rmi4 - prevent UAF reported by KASAN") correctly identified and analyzed this bug. However the attempted fix only NULLed out a local variable, missing the fact that drvdata->attn_data is a struct, not a pointer. NULL out the correct pointer in the driver data to prevent the attention functions from copying from it. Fixes: 55edde9fff1a ("Input: synaptics-rmi4 - prevent UAF reported by KASAN") Fixes: b908d3cd812a ("Input: synaptics-rmi4 - allow to add attention data") Signed-off-by: Evan Green <evgreen@chromium.org> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200427145537.1.Ic8f898e0147beeee2c005ee7b20f1aebdef1e7eb@changeid Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2019-10-12T00:24:45Z Evan Green evgreen@chromium.org 2019-10-12T00:22:09Z urn:sha1:363c53875aef8fce69d4a2d0873919ccc7d9e2ad rmi_process_interrupt_requests() calls handle_nested_irq() for each interrupt status bit it finds. If the irq domain mapping for this bit had not yet been set up, then it ends up calling handle_nested_irq(0), which causes a NULL pointer dereference. There's already code that masks the irq_status bits coming out of the hardware with current_irq_mask, presumably to avoid this situation. However current_irq_mask seems to more reflect the actual mask set in the hardware rather than the IRQs software has set up and registered for. For example, in rmi_driver_reset_handler(), the current_irq_mask is initialized based on what is read from the hardware. If the reset value of this mask enables IRQs that Linux has not set up yet, then we end up in this situation. There appears to be a third unused bitmask that used to serve this purpose, fn_irq_bits. Use that bitmask instead of current_irq_mask to avoid calling handle_nested_irq() on IRQs that have not yet been set up. Signed-off-by: Evan Green <evgreen@chromium.org> Reviewed-by: Andrew Duggan <aduggan@synaptics.com> Link: https://lore.kernel.org/r/20191008223657.163366-1-evgreen@chromium.org Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2019-06-19T15:09:55Z Thomas Gleixner tglx@linutronix.de 2019-06-04T08:11:33Z urn:sha1:d2912cb15bdda8ba4a5dd73396ad62641af2f520 Based on 2 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation this program is free software you can redistribute it and or modify it under the terms of the gnu general public license version 2 as published by the free software foundation # extracted by the scancode license scanner the SPDX license identifier GPL-2.0-only has been chosen to replace the boilerplate/reference in 4122 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Enrico Weigelt <info@metux.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Allison Randal <allison@lohutok.net> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190604081206.933168790@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-04-24T16:33:37Z Pan Bian bianpan2016@163.com 2019-04-19T07:39:00Z urn:sha1:bce1a78423961fce676ac65540a31b6ffd179e6d The RMI4 function structure has been released in rmi_register_function if error occurs. However, it will be released again in the function rmi_create_function, which may result in a double-free bug. Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>