Hi,
On Mon, Jan 17, 2022 at 10:17:25PM +0800, Minh Yuan wrote:
> Hi,
>
> Our analysis tool detected a potential concurrency UAF in
> psmouse_smbus_init in drivers/input/mouse/psmouse-smbus.c.
>
> One possible thread interleaving is as follows:
>
> Thread 1 Thread 2
> int psmouse_smbus_init(struct psmouse *psmouse, ...)
> {
> mutex_lock(&psmouse_smbus_mutex);
> list_add_tail(&smbdev->node, &psmouse_smbus_list);
> mutex_unlock(&psmouse_smbus_mutex);
> void psmouse_smbus_cleanup(struct psmouse *psmouse)
init and cleanup will not be running concurrently for the same device,
and smbus companion is not shared between psmouse istances.
Thanks.
--
Dmitry
