218c1f76b8
The data race happens on ps2dev->cmdcnt and ps2dev->cmdbuf contents. __ps2_command reads that data concurrently with the interrupt handler. As the result, for example, if a response arrives just after the timeout, __ps2_command can copy out garbage from ps2dev->cmdbuf but then see that ps2dev->cmdcnt is 0 and return success. Stop the interrupt handler with serio_pause_rx() before reading the results. The data race was found with KernelThreadSanitizer (KTSAN). Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> |
||
|---|---|---|
| .. | ||
| altera_ps2.c | ||
| ambakmi.c | ||
| ams_delta_serio.c | ||
| apbps2.c | ||
| arc_ps2.c | ||
| at32psif.c | ||
| ct82c710.c | ||
| gscps2.c | ||
| hil_mlc.c | ||
| hp_sdc.c | ||
| hp_sdc_mlc.c | ||
| hyperv-keyboard.c | ||
| i8042-io.h | ||
| i8042-ip22io.h | ||
| i8042-jazzio.h | ||
| i8042-ppcio.h | ||
| i8042-snirm.h | ||
| i8042-sparcio.h | ||
| i8042-unicore32io.h | ||
| i8042-x86ia64io.h | ||
| i8042.c | ||
| i8042.h | ||
| Kconfig | ||
| libps2.c | ||
| maceps2.c | ||
| Makefile | ||
| olpc_apsp.c | ||
| parkbd.c | ||
| pcips2.c | ||
| ps2mult.c | ||
| q40kbd.c | ||
| rpckbd.c | ||
| sa1111ps2.c | ||
| serio.c | ||
| serio_raw.c | ||
| serport.c | ||
| sun4i-ps2.c | ||
| xilinx_ps2.c | ||