• Dmitry Vyukov's avatar
    Input: psmouse - fix data race in __ps2_command · 218c1f76
    Dmitry Vyukov authored
    The data race happens on ps2dev->cmdcnt and ps2dev->cmdbuf contents.
    __ps2_command reads that data concurrently with the interrupt handler. As
    the result, for example, if a response arrives just after the timeout,
    __ps2_command can copy out garbage from ps2dev->cmdbuf but then see that
    ps2dev->cmdcnt is 0 and return success.
    
    Stop the interrupt handler with serio_pause_rx() before reading the
    results.
    
    The data race was found with KernelThreadSanitizer (KTSAN).
    Signed-off-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
    218c1f76
libps2.c 8.54 KB