diff mbox

un-register kbd driver in case of USB kbd unplug.

Message ID 1276002738-821-2-git-send-email-Jes.Sorensen@redhat.com
State New
Headers show

Commit Message

Jes Sorensen June 8, 2010, 1:12 p.m. UTC 
From: Jes Sorensen <Jes.Sorensen@redhat.com>

If a USB keyboard is unplugged, the keyboard eventhandler is never
removed, and events will continue to be passed through to the device,
causing crashes or memory corruption.

Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
---
 console.h    |    1 +
 hw/usb-hid.c |    8 ++++++--
 input.c      |    6 ++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

Comments

Markus Armbruster June 9, 2010, 7:52 a.m. UTC | #1 
Jes.Sorensen@redhat.com writes:

> From: Jes Sorensen <Jes.Sorensen@redhat.com>
>
> If a USB keyboard is unplugged, the keyboard eventhandler is never
> removed, and events will continue to be passed through to the device,
> causing crashes or memory corruption.

Looks good.

I wonder how many more unplug surprises to expect.
Anthony Liguori June 14, 2010, 8:57 p.m. UTC | #2 
On 06/08/2010 08:12 AM, Jes.Sorensen@redhat.com wrote:
> From: Jes Sorensen<Jes.Sorensen@redhat.com>
>
> If a USB keyboard is unplugged, the keyboard eventhandler is never
> removed, and events will continue to be passed through to the device,
> causing crashes or memory corruption.
>
> Signed-off-by: Jes Sorensen<Jes.Sorensen@redhat.com>
>    

Applied.  Thanks.

Regards,

Anthony Liguori
> ---
>   console.h    |    1 +
>   hw/usb-hid.c |    8 ++++++--
>   input.c      |    6 ++++++
>   3 files changed, 13 insertions(+), 2 deletions(-)
>
> diff --git a/console.h b/console.h
> index cac959f..aafb031 100644
> --- a/console.h
> +++ b/console.h
> @@ -42,6 +42,7 @@ typedef struct QEMUPutLEDEntry {
>   } QEMUPutLEDEntry;
>
>   void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque);
> +void qemu_remove_kbd_event_handler(void);
>   QEMUPutMouseEntry *qemu_add_mouse_event_handler(QEMUPutMouseEvent *func,
>                                                   void *opaque, int absolute,
>                                                   const char *name);
> diff --git a/hw/usb-hid.c b/hw/usb-hid.c
> index 8e6c6e0..ca04511 100644
> --- a/hw/usb-hid.c
> +++ b/hw/usb-hid.c
> @@ -854,9 +854,13 @@ static void usb_hid_handle_destroy(USBDevice *dev)
>   {
>       USBHIDState *s = (USBHIDState *)dev;
>
> -    if (s->kind != USB_KEYBOARD)
> +    switch(s->kind) {
> +    case USB_KEYBOARD:
> +        qemu_remove_kbd_event_handler();
> +        break;
> +    default:
>           qemu_remove_mouse_event_handler(s->ptr.eh_entry);
> -    /* TODO: else */
> +    }
>   }
>
>   static int usb_hid_initfn(USBDevice *dev, int kind)
> diff --git a/input.c b/input.c
> index 651442d..ec05548 100644
> --- a/input.c
> +++ b/input.c
> @@ -42,6 +42,12 @@ void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque)
>       qemu_put_kbd_event = func;
>   }
>
> +void qemu_remove_kbd_event_handler(void)
> +{
> +    qemu_put_kbd_event_opaque = NULL;
> +    qemu_put_kbd_event = NULL;
> +}
> +
>   static void check_mode_change(void)
>   {
>       static int current_is_absolute, current_has_absolute;
>
diff mbox

Patch

diff --git a/console.h b/console.h
index cac959f..aafb031 100644
--- a/console.h
+++ b/console.h
@@ -42,6 +42,7 @@  typedef struct QEMUPutLEDEntry {
 } QEMUPutLEDEntry;
 
 void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque);
+void qemu_remove_kbd_event_handler(void);
 QEMUPutMouseEntry *qemu_add_mouse_event_handler(QEMUPutMouseEvent *func,
                                                 void *opaque, int absolute,
                                                 const char *name);
diff --git a/hw/usb-hid.c b/hw/usb-hid.c
index 8e6c6e0..ca04511 100644
--- a/hw/usb-hid.c
+++ b/hw/usb-hid.c
@@ -854,9 +854,13 @@  static void usb_hid_handle_destroy(USBDevice *dev)
 {
     USBHIDState *s = (USBHIDState *)dev;
 
-    if (s->kind != USB_KEYBOARD)
+    switch(s->kind) {
+    case USB_KEYBOARD:
+        qemu_remove_kbd_event_handler();
+        break;
+    default:
         qemu_remove_mouse_event_handler(s->ptr.eh_entry);
-    /* TODO: else */
+    }
 }
 
 static int usb_hid_initfn(USBDevice *dev, int kind)
diff --git a/input.c b/input.c
index 651442d..ec05548 100644
--- a/input.c
+++ b/input.c
@@ -42,6 +42,12 @@  void qemu_add_kbd_event_handler(QEMUPutKBDEvent *func, void *opaque)
     qemu_put_kbd_event = func;
 }
 
+void qemu_remove_kbd_event_handler(void)
+{
+    qemu_put_kbd_event_opaque = NULL;
+    qemu_put_kbd_event = NULL;
+}
+
 static void check_mode_change(void)
 {
     static int current_is_absolute, current_has_absolute;