Re: [PATCH RESEND] Input: psmouse: add NULL check to psmouse_from_serio()

From: Takashi Iwai
Date: Thu Jan 09 2025 - 10:36:30 EST


On Mon, 06 Jan 2025 07:59:51 +0100,
Dmitry Torokhov wrote:
>
> Hi Takashi,
>
>
> On Mon, Dec 30, 2024 at 12:15:52PM +0100, Takashi Iwai wrote:
> > The serio drvdata can be still NULL while the PS/2 interrupt is
> > processed. This leaded to crash with a NULL dereference Oops, as
> > psmouse_from_serio() blindly assumes the non-NULL ps2dev object.
> >
> > Add a NULL check and return NULL from psmouse_from_serio(). The
> > returned NULL is handled properly in the caller side, skipping the
> > rest gracefully.
> >
> > The log in the bugzilla entry showed that the probe of synaptics
> > driver succeeded after that point. So this is a stop-gap solution.
> >
> > Link: https://bugzilla.suse.com/show_bug.cgi?id=1219522
> > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
> > ---
> >
> > It was submitted in a few months ago
> > https://lore.kernel.org/20240405084448.15754-1-tiwai@xxxxxxx
> > but seems forgotten. Simply resubmitted.
> >
> >
> > drivers/input/mouse/psmouse-base.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
> > index a2c9f7144864..d428e9ac86f6 100644
> > --- a/drivers/input/mouse/psmouse-base.c
> > +++ b/drivers/input/mouse/psmouse-base.c
> > @@ -120,6 +120,8 @@ struct psmouse *psmouse_from_serio(struct serio *serio)
> > {
> > struct ps2dev *ps2dev = serio_get_drvdata(serio);
> >
> > + if (!ps2dev)
> > + return NULL;
>
> Thank you for resending and reminding me of this issue, however
> psmouse_from_serio() should not return NULL as most callers do not
> expect it. Synaptics driver needs to make sure the port is bound to
> an instance of psmouse and do it in interrupt-safe way. I will make a
> patch.

Fair enough. My patch was intended to be a band-aid fix, so it's fine
to skip it.

Let me know if the proper fix patch is available.


thanks,

Takashi