1. Patchew
  2. linux
  3. View series

[PATCH 0/2] Input: alps/psmouse: Fix UAF bugs and improve workqueue synchronization

Duoming Zhou posted 2 patches 1 month, 1 week ago
There is a newer version of this series
drivers/input/mouse/alps.c         | 1 +
drivers/input/mouse/psmouse-base.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
[PATCH 0/2] Input: alps/psmouse: Fix UAF bugs and improve workqueue synchronization
Posted by Duoming Zhou 1 month, 1 week ago 
This patch series addresses use-after-free bugs in the ALPS
touchpad driver and enhances workqueue handling efficiency
in the psmouse subsystem.

The first patch fixes a critical use-after-free race condition
in the ALPS driver where dev3_register_work could be scheduled
after the alps_data structure was already freed. This was caused
by insufficient synchronization during device disconnection,
where flush_workqueue() couldn't prevent subsequent work item
submissions.

The second patch optimizes the psmouse disconnect path by replacing
flush_workqueue() with disable_delayed_work_sync() for better
efficiency and robustness.

Duoming Zhou (2):
  Input: alps - fix use-after-free bugs caused by dev3_register_work
  Input: psmouse - Replace flush_workqueue() with
    disable_delayed_work_sync()

 drivers/input/mouse/alps.c         | 1 +
 drivers/input/mouse/psmouse-base.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

-- 
2.34.1
Re: [PATCH 0/2] Input: alps/psmouse: Fix UAF bugs and improve workqueue synchronization
Posted by Andy Shevchenko 1 month, 1 week ago 
On Sat, Nov 08, 2025 at 08:40:03PM +0800, Duoming Zhou wrote:
> This patch series addresses use-after-free bugs in the ALPS
> touchpad driver and enhances workqueue handling efficiency
> in the psmouse subsystem.
> 
> The first patch fixes a critical use-after-free race condition
> in the ALPS driver where dev3_register_work could be scheduled
> after the alps_data structure was already freed. This was caused
> by insufficient synchronization during device disconnection,
> where flush_workqueue() couldn't prevent subsequent work item
> submissions.
> 
> The second patch optimizes the psmouse disconnect path by replacing
> flush_workqueue() with disable_delayed_work_sync() for better
> efficiency and robustness.

You forgot two things:
1) make it v2 (run `git format-patch -v<X> ...` where <X> is the version);
2) changelog.

No need to resend (unless requested by the maintainer), just reply with the
missed changelog for now.

-- 
With Best Regards,
Andy Shevchenko
Re: [PATCH 0/2] Input: alps/psmouse: Fix UAF bugs and improve workqueue synchronization
Posted by duoming@zju.edu.cn 1 month, 1 week ago 
On Sun, 09 Nov 2025 18:13:38 +0200, Andy Shevchenko wrote:
> > This patch series addresses use-after-free bugs in the ALPS
> > touchpad driver and enhances workqueue handling efficiency
> > in the psmouse subsystem.
> > 
> > The first patch fixes a critical use-after-free race condition
> > in the ALPS driver where dev3_register_work could be scheduled
> > after the alps_data structure was already freed. This was caused
> > by insufficient synchronization during device disconnection,
> > where flush_workqueue() couldn't prevent subsequent work item
> > submissions.
> > 
> > The second patch optimizes the psmouse disconnect path by replacing
> > flush_workqueue() with disable_delayed_work_sync() for better
> > efficiency and robustness.
> 
> You forgot two things:
> 1) make it v2 (run `git format-patch -v<X> ...` where <X> is the version);
> 2) changelog.
> 
> No need to resend (unless requested by the maintainer), just reply with the
> missed changelog for now.

The changes in this version include the following:
1) Split the original patch into two separate patches (psmouse-base and alps).
2) For the psmouse patch, focus on the robustness and efficiency improvements
   of disable_delayed_work_sync(), not on the UAF aspect.

Best Regards,
Duoming Zhou

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.