Re: [PATCH v2] Input: penmount: bound packet buffer indices in IRQ path

Next message: Jan Kara: "Re: [PATCH v5 1/2] jbd2: gracefully abort instead of panicking on unlocked buffer"
Previous message: Geert Uytterhoeven: "Re: [PATCH v2 08/13] firmware: arm_scmi: Harden clock protocol initialization"
In reply to: Pengpeng Hou: "[PATCH v2] Input: penmount: bound packet buffer indices in IRQ path"
Next in thread: Dmitry Torokhov: "Re: [PATCH v2] Input: penmount: bound packet buffer indices in IRQ path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andy Shevchenko

Date: Tue Mar 24 2026 - 09:52:52 EST

On Tue, Mar 24, 2026 at 09:14:42PM +0800, Pengpeng Hou wrote:
> pm_interrupt() stores each incoming byte into pm->data[] before the
> packet parser gets a chance to reset pm->idx. If the incoming serial
> stream never matches one of the expected packet headers, pm->idx can
> advance past the fixed receive buffer and the next IRQ will write beyond
> PM_MAX_LENGTH.
>
> Reset stale indices before storing the next byte. Once pm->idx has
> already moved past the valid packet buffer state, the current partial
> packet can no longer be trusted, so the smallest local recovery is to
> drop that stale state and resynchronize from the current byte instead of
> carrying the invalid index into the next interrupt.
>
> Found by static code analysis.

Missed blank line here. No need to resend until maintainers ask explicitly for
that.

...

The explanation sounds sane, but I'm not familiar enough with how this device
works. In case others consider this good, feel free to add

Reviewed-by: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>

--
With Best Regards,
Andy Shevchenko