lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87jzb4579s.wl-tiwai@suse.de>
Date: Thu, 09 Jan 2025 16:36:15 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc: Takashi Iwai <tiwai@...e.de>,
	linux-input@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH RESEND] Input: psmouse: add NULL check to psmouse_from_serio()

On Mon, 06 Jan 2025 07:59:51 +0100,
Dmitry Torokhov wrote:
> 
> Hi Takashi,
> 
> 
> On Mon, Dec 30, 2024 at 12:15:52PM +0100, Takashi Iwai wrote:
> > The serio drvdata can be still NULL while the PS/2 interrupt is
> > processed.  This leaded to crash with a NULL dereference Oops, as
> > psmouse_from_serio() blindly assumes the non-NULL ps2dev object.
> > 
> > Add a NULL check and return NULL from psmouse_from_serio().  The
> > returned NULL is handled properly in the caller side, skipping the
> > rest gracefully.
> > 
> > The log in the bugzilla entry showed that the probe of synaptics
> > driver succeeded after that point.  So this is a stop-gap solution.
> > 
> > Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
> > Signed-off-by: Takashi Iwai <tiwai@...e.de>
> > ---
> > 
> > It was submitted in a few months ago
> >   https://lore.kernel.org/20240405084448.15754-1-tiwai@suse.de
> > but seems forgotten.  Simply resubmitted.
> > 
> > 
> >  drivers/input/mouse/psmouse-base.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
> > index a2c9f7144864..d428e9ac86f6 100644
> > --- a/drivers/input/mouse/psmouse-base.c
> > +++ b/drivers/input/mouse/psmouse-base.c
> > @@ -120,6 +120,8 @@ struct psmouse *psmouse_from_serio(struct serio *serio)
> >  {
> >  	struct ps2dev *ps2dev = serio_get_drvdata(serio);
> >  
> > +	if (!ps2dev)
> > +		return NULL;
> 
> Thank you for resending and reminding me of this issue, however
> psmouse_from_serio() should not return NULL as most callers do not
> expect it. Synaptics driver needs to make sure the port is bound to
> an instance of psmouse and do it in interrupt-safe way. I will make a
> patch.

Fair enough.  My patch was intended to be a band-aid fix, so it's fine
to skip it.

Let me know if the proper fix patch is available.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ