Potential bugs found in psmouse

Potential bugs found in psmouse

[Jia-Ju Bai]

Recently I test linux device drivers 3.17.2, and find some potential bugs.

The target file is drivers/input/mouse/psmouse-base.c, which is used to
build psmouse.ko. I hope you can help me check my findings:
[1] psmouse_switch_protocol is called by psmouse_connect when initializing
the driver. However, psmouse_switch_protocol may be failed and return -1,
but its return value is not checked in psmouse_connect. In my experiment of
running the driver, when psmouse_switch_protocol in psmouse_connect is
failed, the system crash will occur.

Could you help me check these findings? Thank you very much, and I'm looking
forward to your reply.

--
Jia-Ju Bai

Re: Potential bugs found in psmouse

[Dmitry Torokhov]

[ Reposting what I replied in bugzilla... ] 

Hi Jia-Ju,

On Monday, December 15, 2014 10:55:21 AM Jia-Ju Bai wrote:
> Recently I test linux device drivers 3.17.2, and find some potential bugs.
> 
> The target file is drivers/input/mouse/psmouse-base.c, which is used to
> build psmouse.ko. I hope you can help me check my findings:
> [1] psmouse_switch_protocol is called by psmouse_connect when initializing
> the driver. However, psmouse_switch_protocol may be failed and return -1,
> but its return value is not checked in psmouse_connect. In my experiment of
> running the driver, when psmouse_switch_protocol in psmouse_connect is
> failed, the system crash will occur.

psmouse_connect() calls psmouse_switch_protocol with NULL as protocol 
argument. When psmouse_switch_protocol() gets NULL as protocol it will not 
fail. Do you actually have a crash trace?

Thanks.

-- 
Dmitry