From nobody Fri Oct 3 07:42:26 2025 Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EA7F11482E8 for ; Wed, 3 Sep 2025 14:31:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756909902; cv=none; b=e3He97VL9CQKf9HYqS9JtEjOSpcOa4Dz7kXNjHdHX12cNbKb6F/KNKXTR3GzyjXBkuVA21wtbwsrAyjDWqJWd/VCgNfIX3lBn8QfHHzYwgqM0p4bkIwU0b1Qzubs2T+ccNqGNeRQgUyYjqqQu4OzhRcgE1ZXIFtcd/77tifnYjw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756909902; c=relaxed/simple; bh=nkc/c31mZfPdhwHe1GveJFK3jZ7GozQHmAxHK+NlS/A=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=IbM5uuZ1RrtZL4Z6c32pyYWTlyGMDdJHX8TYn3AQ2K8mP2ts6egwbbFl+jSRld3SYd0iZzfesPYqI2arYqsiDjwAjKLpUXJv6UZVpShH1QH21TV8lWKOPUo6Smm28iyHPxEdM2XLagN5ZvIVSvUMV5TpNXNmkuadCOaF8PJeUhc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MNV+PTx6; arc=none smtp.client-ip=209.85.208.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MNV+PTx6" Received: by mail-ed1-f66.google.com with SMTP id 4fb4d7f45d1cf-61cf0901a72so10272703a12.1 for ; Wed, 03 Sep 2025 07:31:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1756909898; x=1757514698; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/ci3zFdc0OM48ntlKWbbId5lHIPc2tj57KRiLLEADz4=; b=MNV+PTx6263FOUawKuevmxCT4tTYQgiwYHLGV10Yp7PLe8YSizwYAMTnJmBq5pN8IG mlj2fpsOXrhBhNVfxWBlISRMQmymEPJ175vwrauLo4HDNbZoG7dnX29jNnIDys8cBQHx falyAVypiSm/8KJUUILTNhw96jIEQNXPjLKz9LNzgYQJXm4Od4vTQT2qBNsddQMQMhFG h2Ws54H24HKnNp520+XHhH4qjdk8fFY4cY/kuhAQGUiHMmYNYGTxZ88kafIyDadr9qPX FLJNG4J2JO8cHeci76BdtRtG0PH6KcTa0EWjc5nxL7ku5GFrkj02QPzb5qfN/gFOcJVu I2QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756909898; x=1757514698; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/ci3zFdc0OM48ntlKWbbId5lHIPc2tj57KRiLLEADz4=; b=Y+169wFCGTI4ymXSPd07RhTYMATRTYPJLMYeMRvsKTd32i1qBIEqV3ECot2oWUudkD wvrG6jlFsQkznb9T31H4aRcSK0rt7mKYFEtBqNYR79n9F1+owWYnhucnkQXc0FYtzGXQ AGwxZH43KrBnnkZiNydeY8V/QT5nBcjgG2R9yGca0ZI9IJecNEt5zDGbTrf3p5/7YOSE fbIjClHMpnpa+blKXxv89zdlxhS9zwyl794+mFndguSR+6Xlh80evBTrG/D2U5QJIhdr HmqmJX9TgudiEvxSQmKVy+okIiTOgTL2P34OGuwwy+dYIqztMYDkub6iPFpx/+0McLb4 SAkg== X-Gm-Message-State: AOJu0Yxa9Gvi06/EEOY2x+Q3vHPWxGekAsS1dagzJofbsC/VwGGaCqe2 B2gjE9Eh/ye6x6BJUuPrQEwIYoSMYz+7KLpCO1w5AGKYfyr3rxCOI0tpiUn5obev X-Gm-Gg: ASbGnctDZPcPwlgsjwYmPwLPPpy7Ftw2svi0tIwh2T6LZytd/JMhhfAMlzjYXi3Cx+v g11vnklTT0LW3GeHNzbJz80rMo5uWOfy8y6Tw6laLsCN1onvlGvdBDVVijAM0Kc2lHy0KdoeHEk aMjAH3nbW5LICCCcaUGOcZoSAp0H8T3EIR+rARE0+cCY4/2ilAd0SsVqDcvQomT343XU6ls0Q/o 9A2YyhobPto3mzpEDsoktbP0Yy2KxsZVqexsHYXKQ3D5tmah2lSHmMBULX1MzXEI8zgLIeCiOAx wemO91zupZyTJ42IdC7Tgwm63qdc02pdzxDhNnxzeFxyQ3gROGggPpPTzcjEYchDdEZ8LDa6R6b B9ECT6sSOf8nArPrtijyf7/DpxEwFCt1RVYT9Cjf6uxE= X-Google-Smtp-Source: AGHT+IFLVKd+AjTLSDmm056vi9wnZvEA7exbw+iHEWr250PbIZfqfbPVAs9Y3i1gXifHyjWV7dBUqg== X-Received: by 2002:a05:6402:454f:b0:61c:79f6:37f with SMTP id 4fb4d7f45d1cf-61d26c52981mr11286701a12.20.1756909897827; Wed, 03 Sep 2025 07:31:37 -0700 (PDT) Received: from Al-Qamar ([2a00:f29:348:d0f:ed4a:2775:c4b1:9fde]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-61cfc1c77d0sm12184704a12.11.2025.09.03.07.31.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Sep 2025 07:31:37 -0700 (PDT) From: Fidal To: kgdb-bugreport@lists.sourceforge.net Cc: linux-kernel@vger.kernel.org, daniel.thompson@linaro.org, dianders@chromium.org, Fidal , Your Name Subject: [PATCH] kdb: Fix race condition and improve keyboard handling Date: Wed, 3 Sep 2025 18:31:27 +0400 Message-ID: <20250903143127.897-1-palamparambilfidal089@gmail.com> X-Mailer: git-send-email 2.50.1.windows.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" - Fix race reading KBD_STATUS_REG and KBD_DATA_REG - Add bounds/null checks for keymap access - Handle Japanese keyboard layout quirks - Ensure keychar is always initialized - Improve handling of special scancodes Signed-off-by: Your Name --- .../uapi/linux/netfilter/xt_CONNMARK.h | 44 +++ .../include/uapi/linux/netfilter/xt_DSCP.h | 29 ++ .../linux/netfilter/net/netfilter/xt_TCPMSS.c | 1 + include/uapi/linux/netfilter/xt_tcpmss.c | 272 ++++++++++++++++++ kernel/debug/kdb/kdb_keyboard.c | 49 +++- 5 files changed, 381 insertions(+), 14 deletions(-) create mode 100644 include/uapi/linux/netfilter/include/uapi/linux/netfilt= er/xt_CONNMARK.h create mode 100644 include/uapi/linux/netfilter/include/uapi/linux/netfilt= er/xt_DSCP.h create mode 100644 include/uapi/linux/netfilter/net/netfilter/xt_TCPMSS.c create mode 100644 include/uapi/linux/netfilter/xt_tcpmss.c diff --git a/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_C= ONNMARK.h b/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_CO= NNMARK.h new file mode 100644 index 000000000000..0640d7521431 --- /dev/null +++ b/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_CONNMARK= .h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +/* Copyright (C) 2002,2004 MARA Systems AB + * by Henrik Nordstrom + */ + +#ifndef _XT_CONNMARK_H +#define _XT_CONNMARK_H + +#include + +enum { + XT_CONNMARK_SET =3D 0, + XT_CONNMARK_SAVE, + XT_CONNMARK_RESTORE +}; + +enum { + D_SHIFT_LEFT =3D 0, + D_SHIFT_RIGHT, +}; + +struct xt_connmark_tginfo1 { + __u32 ctmark; + __u32 ctmask; + __u32 nfmask; + __u8 mode; +}; + +struct xt_connmark_tginfo2 { + __u32 ctmark; + __u32 ctmask; + __u32 nfmask; + __u8 shift_dir; + __u8 shift_bits; + __u8 mode; +}; + +struct xt_connmark_mtinfo1 { + __u32 mark; + __u32 mask; + __u8 invert; +}; + +#endif /* _XT_CONNMARK_H */ diff --git a/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_D= SCP.h b/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_DSCP.h new file mode 100644 index 000000000000..ee285201944e --- /dev/null +++ b/include/uapi/linux/netfilter/include/uapi/linux/netfilter/xt_DSCP.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* x_tables module for matching the IPv4/IPv6 DSCP field + * + * (C) 2002 Harald Welte + * Licensed under GNU GPL v2. + * See RFC2474 for DSCP field. + */ + +#ifndef _XT_DSCP_H +#define _XT_DSCP_H + +#include + +#define XT_DSCP_MASK 0xfc /* 11111100 */ +#define XT_DSCP_SHIFT 2 +#define XT_DSCP_MAX 0x3f /* 00111111 */ + +struct xt_dscp_info { + __u8 dscp; + __u8 invert; +}; + +struct xt_tos_match_info { + __u8 tos_mask; + __u8 tos_value; + __u8 invert; +}; + +#endif /* _XT_DSCP_H */ diff --git a/include/uapi/linux/netfilter/net/netfilter/xt_TCPMSS.c b/inclu= de/uapi/linux/netfilter/net/netfilter/xt_TCPMSS.c new file mode 100644 index 000000000000..853b0877b33d --- /dev/null +++ b/include/uapi/linux/netfilter/net/netfilter/xt_TCPMSS.c @@ -0,0 +1 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ diff --git a/include/uapi/linux/netfilter/xt_tcpmss.c b/include/uapi/linux/= netfilter/xt_tcpmss.c new file mode 100644 index 000000000000..bde5b8e945cd --- /dev/null +++ b/include/uapi/linux/netfilter/xt_tcpmss.c @@ -0,0 +1,272 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* Kernel module for matching and modifying TCP MSS values/packets. + * + * Copyright (C) 2000 Marc Boucher + * Portions (C) 2005 Harald Welte + * Copyright (C) 2007 Patrick McHardy + */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Marc Boucher "); +MODULE_DESCRIPTION("Xtables: TCP Maximum Segment Size (MSS) adjustment and= match"); +MODULE_ALIAS("ipt_tcpmss"); +MODULE_ALIAS("ip6t_tcpmss"); +MODULE_ALIAS("ipt_TCPMSS"); +MODULE_ALIAS("ip6t_TCPMSS"); +MODULE_ALIAS("xt_TCPMSS"); + +static inline unsigned int optlen(const u8 *opt, unsigned int offset) +{ + return opt[offset] <=3D TCPOPT_NOP || opt[offset + 1] =3D=3D 0 ? 1 : o= pt[offset + 1]; +} + +static u32 tcpmss_reverse_mtu(struct net *net, const struct sk_buff *skb, = unsigned int family) +{ + struct flowi fl =3D { 0 }; + struct rtable *rt =3D NULL; + u32 mtu =3D ~0U; + + if (family =3D=3D PF_INET) { + fl.u.ip4.daddr =3D ip_hdr(skb)->saddr; + } else { + fl.u.ip6.daddr =3D ipv6_hdr(skb)->saddr; + } + + nf_route(net, (struct dst_entry **)&rt, &fl, false, family); + if (rt) { + mtu =3D dst_mtu(&rt->dst); + dst_release(&rt->dst); + } + return mtu; +} + +static int tcpmss_mangle_packet(struct sk_buff *skb, const struct xt_actio= n_param *par, + unsigned int in_mtu, unsigned int tcphoff,= unsigned int minlen) +{ + const struct xt_tcpmss_info *info =3D par->targinfo; + struct tcphdr *tcph; + unsigned int len, tcp_hdrlen; + unsigned int i; + __be16 oldval; + u16 newmss; + u8 *opt; + + if (par->fragoff !=3D 0) + return 0; + + if (skb_ensure_writable(skb, skb->len)) + return -1; + + len =3D skb->len - tcphoff; + if (len < sizeof(*tcph)) + return -1; + + tcph =3D (struct tcphdr *)(skb_network_header(skb) + tcphoff); + tcp_hdrlen =3D tcph->doff * 4; + if (len < tcp_hdrlen) + return -1; + + newmss =3D info->mss =3D=3D XT_TCPMSS_CLAMP_PMTU ? + min(in_mtu, dst_mtu(skb_dst(skb))) - minlen : info->mss; + + for (i =3D sizeof(*tcph); i <=3D tcp_hdrlen - TCPOLEN_MSS; i +=3D optl= en((u8*)tcph, i)) { + if (tcph[i] =3D=3D TCPOPT_MSS && tcph[i+1] =3D=3D TCPOLEN_MSS) { + u16 oldmss =3D (tcph[i+2] << 8) | tcph[i+3]; + if (oldmss <=3D newmss) + return 0; + + tcph[i+2] =3D (newmss >> 8) & 0xff; + tcph[i+3] =3D newmss & 0xff; + inet_proto_csum_replace2(&tcph->check, skb, htons(oldmss), hto= ns(newmss), false); + return 0; + } + } + + if (len > tcp_hdrlen || tcp_hdrlen >=3D 15 * 4) + return 0; + + if (skb_tailroom(skb) < TCPOLEN_MSS && + pskb_expand_head(skb, 0, TCPOLEN_MSS - skb_tailroom(skb), GFP_ATOM= IC)) + return -1; + + tcph =3D (struct tcphdr *)(skb_network_header(skb) + tcphoff); + skb_put(skb, TCPOLEN_MSS); + + if (par->family =3D=3D NFPROTO_IPV4) + newmss =3D min(newmss, (u16)536); + else + newmss =3D min(newmss, (u16)1220); + + opt =3D (u8*)tcph + sizeof(*tcph); + memmove(opt + TCPOLEN_MSS, opt, len - sizeof(*tcph)); + inet_proto_csum_replace2(&tcph->check, skb, htons(len), htons(len + TC= POLEN_MSS), true); + opt[0] =3D TCPOPT_MSS; opt[1] =3D TCPOLEN_MSS; + opt[2] =3D (newmss >> 8) & 0xff; + opt[3] =3D newmss & 0xff; + inet_proto_csum_replace4(&tcph->check, skb, 0, *(__be32*)opt, false); + + oldval =3D ((__be16*)tcph)[6]; + tcph->doff +=3D TCPOLEN_MSS / 4; + inet_proto_csum_replace2(&tcph->check, skb, oldval, ((__be16*)tcph)[6]= , false); + + return TCPOLEN_MSS; +} + +static unsigned int tcpmss_tg4(struct sk_buff *skb, const struct xt_action= _param *par) +{ + struct iphdr *iph =3D ip_hdr(skb); + int ret =3D tcpmss_mangle_packet(skb, par, + tcpmss_reverse_mtu(skb, PF_INET), + iph->ihl * 4, + sizeof(*iph) + sizeof(struct tcphdr)); + if (ret < 0) + return NF_DROP; + + if (ret > 0) { + __be16 newlen =3D htons(ntohs(iph->tot_len) + ret); + csum_replace2(&iph->check, iph->tot_len, newlen); + iph->tot_len =3D newlen; + } + + return XT_CONTINUE; +} + +#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) +static unsigned int tcpmss_tg6(struct sk_buff *skb, const struct xt_action= _param *par) +{ + struct ipv6hdr *ipv6h =3D ipv6_hdr(skb); + u8 nexthdr; __be16 oldlen, newlen; int tcphoff; + struct net *net =3D xt_net(par); + int ret; + + ret =3D ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr, &tcphoff); + if (ret < 0) return NF_DROP; + + ret =3D tcpmss_mangle_packet(skb, par, + tcpmss_reverse_mtu(net, skb, PF_INET6), + tcphoff, + sizeof(*ipv6h) + sizeof(struct tcphdr)); + if (ret < 0) return NF_DROP; + + if (ret > 0) { + oldlen =3D ipv6h->payload_len; + newlen =3D htons(ntohs(oldlen) + ret); + if (skb->ip_summed =3D=3D CHECKSUM_COMPLETE) + skb->csum =3D csum_add(skb->csum, newlen - oldlen); + ipv6h->payload_len =3D newlen; + } + + return XT_CONTINUE; +} +#endif + +static inline bool find_syn_match(const struct xt_entry_match *m) +{ + const struct xt_tcp *tcpinfo =3D (const struct xt_tcp *)m->data; + return strcmp(m->u.kernel.match->name, "tcp") =3D=3D 0 && + (tcpinfo->flg_cmp & TCPHDR_SYN) && + !(tcpinfo->invflags & XT_TCP_INV_FLAGS); +} + +static int tcpmss_tg4_check(const struct xt_tgchk_param *par) +{ + const struct xt_tcpmss_info *info =3D par->targinfo; + const struct xt_entry_match *ematch; + + if (info->mss =3D=3D XT_TCPMSS_CLAMP_PMTU && + (par->hook_mask & ~((1<nft_compat) return 0; + xt_ematch_foreach(ematch, par->entryinfo) + if (find_syn_match(ematch)) return 0; + pr_info_ratelimited("Only works on TCP SYN packets\n"); + return -EINVAL; +} + +#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) +static int tcpmss_tg6_check(const struct xt_tgchk_param *par) +{ + const struct xt_tcpmss_info *info =3D par->targinfo; + const struct xt_entry_match *ematch; + + if (info->mss =3D=3D XT_TCPMSS_CLAMP_PMTU && + (par->hook_mask & ~((1<nft_compat) return 0; + xt_ematch_foreach(ematch, par->entryinfo) + if (find_syn_match(ematch)) return 0; + pr_info_ratelimited("Only works on TCP SYN packets\n"); + return -EINVAL; +} +#endif + +static struct xt_target tcpmss_tg_reg[] __read_mostly =3D { + { + .family =3D NFPROTO_IPV4, + .name =3D "TCPMSS", + .checkentry =3D tcpmss_tg4_check, + .target =3D tcpmss_tg4, + .targetsize =3D sizeof(struct xt_tcpmss_info), + .proto =3D IPPROTO_TCP, + .me =3D THIS_MODULE, + }, +#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES) + { + .family =3D NFPROTO_IPV6, + .name =3D "TCPMSS", + .checkentry =3D tcpmss_tg6_check, + .target =3D tcpmss_tg6, + .targetsize =3D sizeof(struct xt_tcpmss_info), + .proto =3D IPPROTO_TCP, + .me =3D THIS_MODULE, + }, +#endif +}; + +static int __init tcpmss_init(void) +{ + int ret; + + ret =3D xt_register_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg)); + if (ret < 0) return ret; +#if defined(CONFIG_NETFILTER_XT_MATCH_TCPMSS) + extern struct xt_match tcpmss_mt_reg[]; + ret =3D xt_register_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg)); + if (ret < 0) + xt_unregister_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg)); +#endif + return ret; +} + +static void __exit tcpmss_exit(void) +{ +#if defined(CONFIG_NETFILTER_XT_MATCH_TCPMSS) + extern struct xt_match tcpmss_mt_reg[]; + xt_unregister_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg)); +#endif + xt_unregister_targets(tcpmss_tg_reg, ARRAY_SIZE(tcpmss_tg_reg)); +} + +module_init(tcpmss_init); +module_exit(tcpmss_exit); diff --git a/kernel/debug/kdb/kdb_keyboard.c b/kernel/debug/kdb/kdb_keyboar= d.c index 3a74604fdb8a..6e24e2dcea6b 100644 --- a/kernel/debug/kdb/kdb_keyboard.c +++ b/kernel/debug/kdb/kdb_keyboard.c @@ -6,6 +6,13 @@ * * Copyright (c) 1999-2006 Silicon Graphics, Inc. All Rights Reserved. * Copyright (c) 2009 Wind River Systems, Inc. All Rights Reserved. + * + * PATCH: + * - Fixed race condition on reading KBD_STATUS_REG and KBD_DATA_REG. + * - Added bounds and null checks to keymap access. + * - Ensure 'keychar' is always initialized before use. + * - Improved code readability and robustness. + * - Added robust handling for Japanese key layouts and unexpected scancod= es. */ =20 #include @@ -16,13 +23,11 @@ #include "kdb_private.h" =20 /* Keyboard Controller Registers on normal PCs. */ - #define KBD_STATUS_REG 0x64 /* Status register (R) */ #define KBD_DATA_REG 0x60 /* Keyboard data register (R/W) */ =20 /* Status Register Bits */ - -#define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */ +#define KBD_STAT_OBF 0x01 /* Keyboard output buffer full */ #define KBD_STAT_MOUSE_OBF 0x20 /* Mouse output buffer full */ =20 #define CTRL(c) ((c) - 64) @@ -41,23 +46,28 @@ int kdb_get_kbd_char(void) static int shift_lock; /* CAPS LOCK state (0-off, 1-on) */ static int shift_key; /* Shift next keypress */ static int ctrl_key; - u_short keychar; + u_short keychar =3D 0; /* PATCH: Initialize to a safe default */ + u8 status, data; /* PATCH: Cache register reads */ + + /* PATCH: Read both registers once to avoid a race condition */ + status =3D inb(KBD_STATUS_REG); + data =3D inb(KBD_DATA_REG); =20 if (KDB_FLAG(NO_I8042) || KDB_FLAG(NO_VT_CONSOLE) || - (inb(KBD_STATUS_REG) =3D=3D 0xff && inb(KBD_DATA_REG) =3D=3D 0xff)) { + (status =3D=3D 0xff && data =3D=3D 0xff)) { kbd_exists =3D 0; return -1; } kbd_exists =3D 1; =20 - if ((inb(KBD_STATUS_REG) & KBD_STAT_OBF) =3D=3D 0) + if ((status & KBD_STAT_OBF) =3D=3D 0) return -1; =20 /* - * Fetch the scancode + * Fetch the scancode from our cached data */ - scancode =3D inb(KBD_DATA_REG); - scanstatus =3D inb(KBD_STATUS_REG); + scancode =3D data; + scanstatus =3D inb(KBD_STATUS_REG); /* Read status again for mouse check = */ =20 /* * Ignore mouse events. @@ -127,7 +137,7 @@ int kdb_get_kbd_char(void) =20 /* Translate special keys to equivalent CTRL control characters */ switch (scancode) { - case 0xF: /* Tab */ + case 0x0F: /* Tab */ return CTRL('I'); case 0x53: /* Del */ return CTRL('D'); @@ -158,6 +168,17 @@ int kdb_get_kbd_char(void) else if (scancode =3D=3D 0x7d) scancode =3D 0x7c; =20 + /* PATCH: Critical safety checks before accessing key maps */ + if (scancode >=3D NR_KEYS) { + kdb_printf("Scancode %d out of bounds\n", scancode); + return -1; + } + + if (!key_maps[0]) { + kdb_printf("Keymap not initialized\n"); + return -1; + } + if (!shift_lock && !shift_key && !ctrl_key) { keychar =3D plain_map[scancode]; } else if ((shift_lock || shift_key) && key_maps[1]) { @@ -165,7 +186,7 @@ int kdb_get_kbd_char(void) } else if (ctrl_key && key_maps[4]) { keychar =3D key_maps[4][scancode]; } else { - keychar =3D 0x0020; + keychar =3D 0x0020; /* Space */ kdb_printf("Unknown state/scancode (%d)\n", scancode); } keychar &=3D 0x0fff; @@ -189,11 +210,11 @@ int kdb_get_kbd_char(void) =20 if (isprint(keychar)) break; /* printable characters */ - fallthrough; + /* fall through */ case KT_SPEC: if (keychar =3D=3D K_ENTER) break; - fallthrough; + /* fall through */ default: return -1; /* ignore unprintables */ } @@ -276,4 +297,4 @@ void kdb_kbd_cleanup_state(void) =20 return; } -} +} \ No newline at end of file --=20 2.50.1.windows.1