proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2026-01-27 21:56:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
55cac10739
mirror_ubuntu-kernels/drivers/accessibility/speakup
History
Gaosheng Cui 5abbeebd82 tty: fix possible null-ptr-defer in spk_ttyio_release 
Run the following tests on the qemu platform:

syzkaller:~# modprobe speakup_audptr
 input: Speakup as /devices/virtual/input/input4
 initialized device: /dev/synth, node (MAJOR 10, MINOR 125)
 speakup 3.1.6: initialized
 synth name on entry is: (null)
 synth probe

spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned
failed (errno -16), then remove the module, we will get a null-ptr-defer
problem, as follow:

syzkaller:~# modprobe -r speakup_audptr
 releasing synth audptr
 BUG: kernel NULL pointer dereference, address: 0000000000000080
 #PF: supervisor write access in kernel mode
 #PF: error_code(0x0002) - not-present page
 PGD 0 P4D 0
 Oops: 0002 [#1] PREEMPT SMP PTI
 CPU: 2 PID: 204 Comm: modprobe Not tainted 6.1.0-rc6-dirty #1
 RIP: 0010:mutex_lock+0x14/0x30
 Call Trace:
 <TASK>
  spk_ttyio_release+0x19/0x70 [speakup]
  synth_release.part.6+0xac/0xc0 [speakup]
  synth_remove+0x56/0x60 [speakup]
  __x64_sys_delete_module+0x156/0x250
  ? fpregs_assert_state_consistent+0x1d/0x50
  do_syscall_64+0x37/0x90
  entry_SYSCALL_64_after_hwframe+0x63/0xcd
 </TASK>
 Modules linked in: speakup_audptr(-) speakup
 Dumping ftrace buffer:

in_synth->dev was not initialized during modprobe, so we add check
for in_synth->dev to fix this bug.

Fixes: 4f2a81f3a8 ("speakup: Reference synth from tty and tty from synth")
Cc: stable <stable@kernel.org>
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Link: https://lore.kernel.org/r/20221202060633.217364-1-cuigaosheng1@huawei.com
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-01-19 16:24:04 +01:00
..
.gitignore speakup: Generate speakupmap.h automatically 2022-06-27 15:15:55 +02:00
buffers.c
DefaultKeyAssignments
devsynth.c
fakekey.c accessiblity: speakup: cleanup comments 2022-04-20 19:24:00 +02:00
genmap.c speakup: Generate speakupmap.h automatically 2022-06-27 15:15:55 +02:00
i18n.c speakup: use C99 syntax for array initializers 2021-07-21 13:45:53 +02:00
i18n.h speakup: Separate out translations for bright colors names 2021-06-15 17:07:46 +02:00
Kconfig speakup: only build serialio when ISA is enabled 2020-08-18 13:15:34 +02:00
keyhelp.c
kobjects.c accessibility: speakup: phonetic spelling while arrowing letter by letter 2022-11-23 19:47:15 +01:00
main.c accessibility: speakup: phonetic spelling while arrowing letter by letter 2022-11-23 19:47:15 +01:00
Makefile speakup: Fix building as extmod 2022-11-23 19:55:03 +01:00
makemapdata.c speakup: Fix building as extmod 2022-11-23 19:55:03 +01:00
selection.c speakup: Fix clearing selection in safe context 2020-11-09 18:14:20 +01:00
serialio.c accessiblity: speakup: cleanup comments 2022-04-20 19:24:00 +02:00
serialio.h serial: Consolidate BOTH_EMPTY use 2022-06-27 14:41:31 +02:00
speakup_acnt.h
speakup_acntpc.c Accessiblity: speakup_acntpc: specifying the default driver parameters among the module params 2022-11-23 19:46:27 +01:00
speakup_acntsa.c Accessiblity: speakup_acntsa: specifying the default driver parameters among the module params 2022-11-23 19:46:27 +01:00
speakup_apollo.c Accessiblity: speakup_apollo: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_audptr.c Accessiblity: speakup_audptr: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_bns.c Accessiblity: speakup_bns: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_decext.c Accessiblity: speakup_decext: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_decpc.c Accessiblity: speakup_decpc: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_dectlk.c Accessiblity: speakup_dectlk: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_dtlk.c Accessiblity: speakup_dtlk: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_dtlk.h
speakup_dummy.c Accessiblity: speakup_dummy: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_keypc.c Accessiblity: speakup_keypc: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_ltlk.c Accessiblity: speakup_ltlk: specifying the default driver parameters among the module params 2022-11-23 19:46:27 +01:00
speakup_soft.c Accessiblity: speakup_soft: specifying the default driver parameters among the module params 2022-11-23 19:46:26 +01:00
speakup_spkout.c Accessiblity: speakup_spkout: specifying the default driver parameters among the module params 2022-11-23 19:46:27 +01:00
speakup_txprt.c Accessiblity: speakup_txprt: specifying the default driver parameters among the module params 2022-11-23 19:46:27 +01:00
speakup.h accessibility: speakup: phonetic spelling while arrowing letter by letter 2022-11-23 19:47:15 +01:00
speakupmap.map
spk_priv_keyinfo.h
spk_priv.h speakup: add the missing synth parameter to all io functions 2021-01-27 13:12:04 +01:00
spk_ttyio.c tty: fix possible null-ptr-defer in spk_ttyio_release 2023-01-19 16:24:04 +01:00
spk_types.h accessibility: speakup: phonetic spelling while arrowing letter by letter 2022-11-23 19:47:15 +01:00
synth.c speakup: Allow lower values for the flush parameter 2022-02-08 12:12:27 +01:00
thread.c
TODO
utils.h speakup: replace utils' u_char with unsigned char 2022-11-09 15:25:24 +01:00
varhandlers.c accessibility: speakup: phonetic spelling while arrowing letter by letter 2022-11-23 19:47:15 +01:00