Hi Alexander,
On Mon, Nov 29, 2021 at 03:38:45PM +0100, Alexander Potapenko wrote:
> Execution of a PSMOUSE_CMD_GET* command may fail, leaving the output
> buffer uninitialized. Make sure to check the return value of
> ps2_command() and bail out before checking the buffer contents.
>
> The use of uninitialized data in genius_detect() was detected by KMSAN,
> other places were fixed for the sake of uniformity.
>
> Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
> ---
> drivers/input/mouse/psmouse-base.c | 21 ++++++++++++++++-----
> 1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/input/mouse/psmouse-base.c b/drivers/input/mouse/psmouse-base.c
> index 0b4a3039f312f..a3305653ce891 100644
> --- a/drivers/input/mouse/psmouse-base.c
> +++ b/drivers/input/mouse/psmouse-base.c
> @@ -546,13 +546,16 @@ static int genius_detect(struct psmouse *psmouse, bool set_properties)
> {
> struct ps2dev *ps2dev = &psmouse->ps2dev;
> u8 param[4];
> + int error;
>
> param[0] = 3;
> ps2_command(ps2dev, param, PSMOUSE_CMD_SETRES);
> ps2_command(ps2dev, NULL, PSMOUSE_CMD_SETSCALE11);
> ps2_command(ps2dev, NULL, PSMOUSE_CMD_SETSCALE11);
> ps2_command(ps2dev, NULL, PSMOUSE_CMD_SETSCALE11);
> - ps2_command(ps2dev, param, PSMOUSE_CMD_GETINFO);
> + error = ps2_command(ps2dev, param, PSMOUSE_CMD_GETINFO);
> + if (error)
> + return error;
If we care about this I think we should care about errors from the rest
of ps2_command()s. Otherwise we might have buffer initialized, but we
are still checking potential garbage in it.
Thanks.
--
Dmitry
