| Message ID | 20241230111554.1440-1-tiwai@suse.de (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [RESEND] Input: psmouse: add NULL check to psmouse_from_serio() | expand |
Hi Takashi, On Mon, Dec 30, 2024 at 12:15:52PM +0100, Takashi Iwai wrote: > The serio drvdata can be still NULL while the PS/2 interrupt is > processed. This leaded to crash with a NULL dereference Oops, as > psmouse_from_serio() blindly assumes the non-NULL ps2dev object. > > Add a NULL check and return NULL from psmouse_from_serio(). The > returned NULL is handled properly in the caller side, skipping the > rest gracefully. > > The log in the bugzilla entry showed that the probe of synaptics > driver succeeded after that point. So this is a stop-gap solution. > > Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522 > Signed-off-by: Takashi Iwai <tiwai@suse.de> > --- > > It was submitted in a few months ago > https://lore.kernel.org/20240405084448.15754-1-tiwai@suse.de > but seems forgotten. Simply resubmitted. > > > drivers/input/mouse/psmouse-base.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c > index a2c9f7144864..d428e9ac86f6 100644 > --- a/drivers/input/mouse/psmouse-base.c > +++ b/drivers/input/mouse/psmouse-base.c > @@ -120,6 +120,8 @@ struct psmouse *psmouse_from_serio(struct serio *serio) > { > struct ps2dev *ps2dev = serio_get_drvdata(serio); > > + if (!ps2dev) > + return NULL; Thank you for resending and reminding me of this issue, however psmouse_from_serio() should not return NULL as most callers do not expect it. Synaptics driver needs to make sure the port is bound to an instance of psmouse and do it in interrupt-safe way. I will make a patch. > return container_of(ps2dev, struct psmouse, ps2dev); > } > > -- > 2.43.0 > Thanks.
diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c index a2c9f7144864..d428e9ac86f6 100644 --- a/drivers/input/mouse/psmouse-base.c +++ b/drivers/input/mouse/psmouse-base.c @@ -120,6 +120,8 @@ struct psmouse *psmouse_from_serio(struct serio *serio) { struct ps2dev *ps2dev = serio_get_drvdata(serio); + if (!ps2dev) + return NULL; return container_of(ps2dev, struct psmouse, ps2dev); }
The serio drvdata can be still NULL while the PS/2 interrupt is processed. This leaded to crash with a NULL dereference Oops, as psmouse_from_serio() blindly assumes the non-NULL ps2dev object. Add a NULL check and return NULL from psmouse_from_serio(). The returned NULL is handled properly in the caller side, skipping the rest gracefully. The log in the bugzilla entry showed that the probe of synaptics driver succeeded after that point. So this is a stop-gap solution. Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522 Signed-off-by: Takashi Iwai <tiwai@suse.de> --- It was submitted in a few months ago https://lore.kernel.org/20240405084448.15754-1-tiwai@suse.de but seems forgotten. Simply resubmitted. drivers/input/mouse/psmouse-base.c | 2 ++ 1 file changed, 2 insertions(+)