Date: Sun, 18 Feb 2018 22:12:20 +0000 (UTC) From: Vladimir Kondratyev <wulf@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r329533 - stable/10/sys/dev/atkbdc Message-ID: <201802182212.w1IMCKxh020548@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wulf Date: Sun Feb 18 22:12:20 2018 New Revision: 329533 URL: https://svnweb.freebsd.org/changeset/base/329533 Log: MFC r328864 (Synaptics part only): psm(4): Fix panic occuring soon after PS/2 packet has been rejected by synaptics sanity checker. After packet has been rejected contents of packet buffer is not cleared with setting of inputbytes counter to 0. So when this packet buffer is filled again being an element of circular queue, new data appends to old data rather than overwrites it. This leads to packet buffer overflow after 10 rounds. Fix it with setting of packet's inputbytes counter to 0 after rejection. While here add extra logging of rejected packets. PR: 222667 (for reference) Reported by: Neel Chauhan <neel@neelc.org> Tested by: Neel Chauhan <neel@neelc.org> Modified: stable/10/sys/dev/atkbdc/psm.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/atkbdc/psm.c ============================================================================== --- stable/10/sys/dev/atkbdc/psm.c Sun Feb 18 22:04:42 2018 (r329532) +++ stable/10/sys/dev/atkbdc/psm.c Sun Feb 18 22:12:20 2018 (r329533) @@ -3576,8 +3576,11 @@ psmsoftintr(void *arg) break; case MOUSE_MODEL_SYNAPTICS: - if (proc_synaptics(sc, pb, &ms, &x, &y, &z) != 0) + if (proc_synaptics(sc, pb, &ms, &x, &y, &z) != 0) { + VLOG(3, (LOG_DEBUG, "synaptics: " + "packet rejected\n")); goto next; + } break; case MOUSE_MODEL_TRACKPOINT: @@ -3634,9 +3637,9 @@ next_native: sizeof(sc->queue.buf); sc->queue.count += pb->inputbytes; } - pb->inputbytes = 0; next: + pb->inputbytes = 0; if (++sc->pqueue_start >= PSM_PACKETQUEUE) sc->pqueue_start = 0; } while (sc->pqueue_start != sc->pqueue_end);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802182212.w1IMCKxh020548>