lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87o700aby8.wl-tiwai@suse.de>
Date: Tue, 21 Jan 2025 08:00:15 +0100
From: Takashi Iwai <tiwai@...e.de>
To: Dmitry Torokhov <dmitry.torokhov@...il.com>
Cc: Takashi Iwai <tiwai@...e.de>,
	linux-input@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Input: synaptics - fix crash when enabling pass-through port

On Tue, 21 Jan 2025 06:25:18 +0100,
Dmitry Torokhov wrote:
> 
> On Sat, Jan 18, 2025 at 10:33:44AM +0100, Takashi Iwai wrote:
> > On Sat, 18 Jan 2025 09:46:29 +0100,
> > Takashi Iwai wrote:
> > > 
> > > On Fri, 17 Jan 2025 18:23:40 +0100,
> > > Dmitry Torokhov wrote:
> > > > 
> > > > When enabling a pass-through port an interrupt might come before psmouse
> > > > driver binds to the pass-through port. However synaptics sub-driver
> > > > tries to access psmouse instance presumably associated with the
> > > > pass-through port to figure out if only 1 byte of response or entire
> > > > protocol packet needs to be forwarded to the pass-through port and may
> > > > crash if psmouse instance has not been attached to the port yet.
> > > > 
> > > > Fix the crash by introducing open() and close() methods for the port and
> > > > check if the port is open before trying to access psmouse instance.
> > > > Because psmouse calls serio_open() only after attaching psmouse instance
> > > > to serio port instance this prevents the potential crash.
> > > > 
> > > > Reported-by: Takashi Iwai <tiwai@...e.de>
> > > > Fixes: 100e16959c3c ("Input: libps2 - attach ps2dev instances as serio port's drvdata")
> > > > Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
> > > > Cc: stable@...r.kernel.org
> > > > Signed-off-by: Dmitry Torokhov <dmitry.torokhov@...il.com>
> > > 
> > > Reviewed-by: Takashi Iwai <tiwai@...e.de>
> 
> Thank you for the review.
> 
> > 
> > BTW, backporting this patch to stable kernels wouldn't be trivial; it
> > needs the recent changes for guard(), too.
> 
> It is as simple as changing it to pairs of
> serio_pause_rx()/serio_continue_rx() so pretty trivial.

Yes, but for applying it to stable kernels, you'd need either modify
the patch itself or pick up the preliminary patches.  It won't be
obvious for stable maintainers unless you explicitly order so.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ