Am 26.05.24 um 22:14 schrieb Sasha Levin:
This is a note to let you know that I've just added the patch titled platform/x86: xiaomi-wmi: Fix race condition when reporting key events to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: platform-x86-xiaomi-wmi-fix-race-condition-when-repo.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it.
Hi, the underlying race condition can only be triggered since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs"), which afaik was introduced with kernel 6.8. Because of this, i do not think that we have to backport this commit to kernels before 6.8. Thanks, Armin Wolf
commit 6f4e7901c3ed3c0bd3da7af5854dbb765fad2e00 Author: Armin Wolf <W_Armin@xxxxxx> Date: Tue Apr 2 16:30:57 2024 +0200 platform/x86: xiaomi-wmi: Fix race condition when reporting key events [ Upstream commit 290680c2da8061e410bcaec4b21584ed951479af ] Multiple WMI events can be received concurrently, so multiple instances of xiaomi_wmi_notify() can be active at the same time. Since the input device is shared between those handlers, the key input sequence can be disturbed. Fix this by protecting the key input sequence with a mutex. Compile-tested only. Fixes: edb73f4f0247 ("platform/x86: wmi: add Xiaomi WMI key driver") Signed-off-by: Armin Wolf <W_Armin@xxxxxx> Link: https://lore.kernel.org/r/20240402143059.8456-2-W_Armin@xxxxxx Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx> Reviewed-by: Hans de Goede <hdegoede@xxxxxxxxxx> Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/drivers/platform/x86/xiaomi-wmi.c b/drivers/platform/x86/xiaomi-wmi.c index 54a2546bb93bf..be80f0bda9484 100644 --- a/drivers/platform/x86/xiaomi-wmi.c +++ b/drivers/platform/x86/xiaomi-wmi.c @@ -2,8 +2,10 @@ /* WMI driver for Xiaomi Laptops */ #include <linux/acpi.h> +#include <linux/device.h> #include <linux/input.h> #include <linux/module.h> +#include <linux/mutex.h> #include <linux/wmi.h> #include <uapi/linux/input-event-codes.h> @@ -20,12 +22,21 @@ struct xiaomi_wmi { struct input_dev *input_dev; + struct mutex key_lock; /* Protects the key event sequence */ unsigned int key_code; }; +static void xiaomi_mutex_destroy(void *data) +{ + struct mutex *lock = data; + + mutex_destroy(lock); +} + static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) { struct xiaomi_wmi *data; + int ret; if (wdev == NULL || context == NULL) return -EINVAL; @@ -35,6 +46,11 @@ static int xiaomi_wmi_probe(struct wmi_device *wdev, const void *context) return -ENOMEM; dev_set_drvdata(&wdev->dev, data); + mutex_init(&data->key_lock); + ret = devm_add_action_or_reset(&wdev->dev, xiaomi_mutex_destroy, &data->key_lock); + if (ret < 0) + return ret; + data->input_dev = devm_input_allocate_device(&wdev->dev); if (data->input_dev == NULL) return -ENOMEM; @@ -59,10 +75,12 @@ static void xiaomi_wmi_notify(struct wmi_device *wdev, union acpi_object *dummy) if (data == NULL) return; + mutex_lock(&data->key_lock); input_report_key(data->input_dev, data->key_code, 1); input_sync(data->input_dev); input_report_key(data->input_dev, data->key_code, 0); input_sync(data->input_dev); + mutex_unlock(&data->key_lock); } static const struct wmi_device_id xiaomi_wmi_id_table[] = {