lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z3t_Z_ri48z99pmy@google.com>
Date: Sun, 5 Jan 2025 22:59:51 -0800
From: Dmitry Torokhov <dmitry.torokhov@...il.com>
To: Takashi Iwai <tiwai@...e.de>
Cc: linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND] Input: psmouse: add NULL check to
 psmouse_from_serio()

Hi Takashi,


On Mon, Dec 30, 2024 at 12:15:52PM +0100, Takashi Iwai wrote:
> The serio drvdata can be still NULL while the PS/2 interrupt is
> processed.  This leaded to crash with a NULL dereference Oops, as
> psmouse_from_serio() blindly assumes the non-NULL ps2dev object.
> 
> Add a NULL check and return NULL from psmouse_from_serio().  The
> returned NULL is handled properly in the caller side, skipping the
> rest gracefully.
> 
> The log in the bugzilla entry showed that the probe of synaptics
> driver succeeded after that point.  So this is a stop-gap solution.
> 
> Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
> Signed-off-by: Takashi Iwai <tiwai@...e.de>
> ---
> 
> It was submitted in a few months ago
>   https://lore.kernel.org/20240405084448.15754-1-tiwai@suse.de
> but seems forgotten.  Simply resubmitted.
> 
> 
>  drivers/input/mouse/psmouse-base.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
> index a2c9f7144864..d428e9ac86f6 100644
> --- a/drivers/input/mouse/psmouse-base.c
> +++ b/drivers/input/mouse/psmouse-base.c
> @@ -120,6 +120,8 @@ struct psmouse *psmouse_from_serio(struct serio *serio)
>  {
>  	struct ps2dev *ps2dev = serio_get_drvdata(serio);
>  
> +	if (!ps2dev)
> +		return NULL;

Thank you for resending and reminding me of this issue, however
psmouse_from_serio() should not return NULL as most callers do not
expect it. Synaptics driver needs to make sure the port is bound to
an instance of psmouse and do it in interrupt-safe way. I will make a
patch.


>  	return container_of(ps2dev, struct psmouse, ps2dev);
>  }
>  
> -- 
> 2.43.0
> 

Thanks.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ