Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-20 23:13:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
fbf8d71742
linux/drivers/input
History
Mathias Krause fbf8d71742 Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal 
Calling irq_domain_remove() will lead to freeing the IRQ domain
prematurely. The domain is still referenced and will be attempted to get
used via rmi_free_function_list() -> rmi_unregister_function() ->
irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer.

With PaX's MEMORY_SANITIZE this will lead to an access fault when
attempting to dereference embedded pointers, as in Torsten's report that
was faulting on the 'domain->ops->unmap' test.

Fix this by releasing the IRQ domain only after all related IRQs have
been deactivated.

Fixes: 24d28e4f12 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain")
Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2024-03-07 15:29:52 -08:00
..
gameport Input: gameport - add ISA and HAS_IOPORT dependencies 2023-07-05 17:32:34 -07:00
joystick Input: xpad - add additional HyperX Controller Identifiers 2024-03-03 14:46:20 -08:00
keyboard Input: gpio_keys_polled - suppress deferred probe error for gpio 2024-03-05 09:16:37 -08:00
misc Merge branch 'next' into for-linus 2024-01-13 21:54:39 -08:00
mouse Revert "Input: bcm5974 - check endpoint type before starting traffic" 2024-03-05 09:16:08 -08:00
rmi4 Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal 2024-03-07 15:29:52 -08:00
serio Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table 2024-02-02 10:50:50 -08:00
tablet Input: pegasus-notetaker - check pipe type when probing 2023-04-09 19:19:14 -07:00
tests Input: tests - add test to cover all input_grab_device() function 2023-05-23 14:50:28 -07:00
touchscreen Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 2024-01-19 00:44:54 -08:00
apm-power.c
evbug.c
evdev.c Input: evdev - annotate struct evdev_client with __counted_by 2023-09-30 09:24:16 -07:00
ff-core.c input: drop empty comment blocks 2022-09-29 16:25:42 -07:00
ff-memless.c input: drop empty comment blocks 2022-09-29 16:25:42 -07:00
input-compat.c
input-compat.h
input-core-private.h Input: deactivate MT slots when inhibiting or suspending devices 2022-07-20 11:35:13 -07:00
input-leds.c Input: leds - annotate struct input_leds with __counted_by 2023-09-30 09:24:16 -07:00
input-mt.c Input: deactivate MT slots when inhibiting or suspending devices 2022-07-20 11:35:13 -07:00
input-poller.c
input-poller.h
input.c Input: use sysfs_emit() instead of scnprintf() 2023-12-13 21:26:11 -08:00
joydev.c Input: joydev - fix comment typo 2022-09-25 00:57:25 -07:00
Kconfig Input: tests - modular KUnit tests should not depend on KUNIT=y 2023-05-02 10:39:00 -07:00
Makefile Input: Add KUnit tests for some of the input core helper functions 2023-04-01 22:47:04 -07:00
matrix-keymap.c
mousedev.c
sparse-keymap.c
touchscreen.c
vivaldi-fmap.c Input: vivaldi - convert to use sysfs_emit_at() API 2023-12-13 21:26:12 -08:00