diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2015-09-29 15:54:58 -0700 | 
|---|---|---|
| committer | Dmitry Torokhov <dmitry.torokhov@gmail.com> | 2015-09-29 16:08:29 -0700 | 
| commit | 218c1f76b8b25d6dc9d01443f071cb618e206b0c (patch) | |
| tree | ecd48ba4dadb9da65b5ccb3cb86afc8f692b1fdd /scripts/gdb | |
| parent | 22ef28b43f2c70edf5618918a49cbda84795c0a5 (diff) | |
Input: psmouse - fix data race in __ps2_command
The data race happens on ps2dev->cmdcnt and ps2dev->cmdbuf contents.
__ps2_command reads that data concurrently with the interrupt handler. As
the result, for example, if a response arrives just after the timeout,
__ps2_command can copy out garbage from ps2dev->cmdbuf but then see that
ps2dev->cmdcnt is 0 and return success.
Stop the interrupt handler with serio_pause_rx() before reading the
results.
The data race was found with KernelThreadSanitizer (KTSAN).
Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Diffstat (limited to 'scripts/gdb')
0 files changed, 0 insertions, 0 deletions
