* Re: A concurrency uaf in psmouse_smbus_init
[not found] <CAH5WSp41FN6wjmKW0CsgODiyWDm0WAs-gucTcskdifqY3FQuRQ@mail.gmail.com>
@ 2022-01-19 2:47 ` Dmitry Torokhov
0 siblings, 0 replies; only message in thread
From: Dmitry Torokhov @ 2022-01-19 2:47 UTC (permalink / raw)
To: Minh Yuan; +Cc: linux-input
Hi,
On Mon, Jan 17, 2022 at 10:17:25PM +0800, Minh Yuan wrote:
> Hi,
>
> Our analysis tool detected a potential concurrency UAF in
> psmouse_smbus_init in drivers/input/mouse/psmouse-smbus.c.
>
> One possible thread interleaving is as follows:
>
> Thread 1 Thread 2
> int psmouse_smbus_init(struct psmouse *psmouse, ...)
> {
> mutex_lock(&psmouse_smbus_mutex);
> list_add_tail(&smbdev->node, &psmouse_smbus_list);
> mutex_unlock(&psmouse_smbus_mutex);
> void psmouse_smbus_cleanup(struct psmouse *psmouse)
init and cleanup will not be running concurrently for the same device,
and smbus companion is not shared between psmouse istances.
Thanks.
--
Dmitry
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-19 2:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAH5WSp41FN6wjmKW0CsgODiyWDm0WAs-gucTcskdifqY3FQuRQ@mail.gmail.com>
2022-01-19 2:47 ` A concurrency uaf in psmouse_smbus_init Dmitry Torokhov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.