CVSROOT: /cvs
Module name: src
Changes by: an...@cvs.openbsd.org 2019/06/03 10:46:49
Modified files:
sys/dev/ic : pckbc.c
Log message:
Prevent corruption of the pckbc command queue. If multiple synchronous
commands are in flight and all corresponding threads are sleeping
waiting for a response, the first command to timeout will clear the
command queue. The remaining threads once awake will then try to remove
a dequeued command from the queue, leading to corruption. Instead,
remove commands from the queue before waking up the sleeping thread.
A quirk is still needed to handle the case where tsleep() returns
successfully during suspend.
ok mpi@ visa@
Reported-by: syzbot+fe74fc50c630bfa26...@syzkaller.appspotmail.com
