@marco-098 sorry I had to disable zfs, because it doesn't build
correctly with CONFIG_KASAN enabled.
However, thanks to @randombop dmesg.txt now I think I see a potential
stack corruption in the elantech code!
IIRC param[] in elantech_cahnge_report_id must be at least 3 bytes,
because elantech_read_reg_params() is calling ps2_command() with
PSMOUSE_CMD_GETINFO, that is going to write 3 bytes into param[], but
it's defined in the stack as an array of 2 bytes, therefore we can
definitely corrupt the stack here.
Basically the fix that I'd like to test is the following:
diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
index 2d0bc029619f..172a3c5db58f 100644
--- a/drivers/input/mouse/elantech.c
+++ b/drivers/input/mouse/elantech.c
@@ -1575,7 +1575,7 @@ static const struct dmi_system_id no_hw_res_dmi_table[] =
{
*/
static int elantech_change_report_id(struct psmouse *psmouse)
{
- unsigned char param[2] = { 0x10, 0x03 };
+ unsigned char param[3] = { 0x10, 0x03 };
if (elantech_write_reg_params(psmouse, 0x7, param) ||
elantech_read_reg_params(psmouse, 0x7, param) ||
I'm already preparing another test kernel (without KSASAN this time), let's see
if it fixes the problem.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1945590
Title:
Thinkpad E14 Gen2: Kernel panic with trackpad and trackpoint enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1945590/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
