Thread (17 messages) 17 messages, 4 authors, 17d ago

Re: [PATCH 5/6] Input: mms114 - replace BUG() and fix alignment

From: sashiko-bot@kernel.org
Date: 2026-06-16 05:27:26

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] Race condition in `mms114_suspend` leading to stuck touch state.
--

commit a5a14734d553a190d315dfdcd845e9a868df4005
Author: Dmitry Torokhov [off-list ref]

Input: mms114 - replace BUG() and fix alignment

This commit avoids crashing the kernel by replacing a BUG() call with WARN_ON()
when userspace reads a write-only register. It also corrects parameter
alignment in several function calls to match kernel coding style.
quoted hunk ↗ jump to hunk
diff --git a/drivers/input/touchscreen/mms114.c b/drivers/input/touchscreen/mms114.c
index c59aec8f2febe..bf01eee0560a1 100644
--- a/drivers/input/touchscreen/mms114.c
+++ b/drivers/input/touchscreen/mms114.c
[ ... ]

[Severity: High]
This isn't a bug introduced by this patch, but I noticed a potential race
condition in mms114_suspend() that could leave the touchscreen stuck in a
pressed state:

drivers/input/touchscreen/mms114.c:mms114_suspend() {
    ...
	for (id = 0; id < MMS114_MAX_TOUCH; id++) {
		input_mt_slot(input_dev, id);
		input_mt_report_slot_inactive(input_dev);
	}

	input_mt_report_pointer_emulation(input_dev, true);
	input_sync(input_dev);

	guard(mutex)(&input_dev->mutex);

	if (input_device_enabled(input_dev))
		mms114_stop(data);
    ...
}

Can mms114_interrupt() execute concurrently after input_sync() but before
mms114_stop() disables the IRQ?

If a user touches the screen during this window, wouldn't the interrupt
handler report a new active touch state right after these synthetic release
events?

Because mms114_stop() then disables the IRQ, would this freeze the touch in a
pressed state throughout suspend?

When resuming, releasing the screen wouldn't generate a release interrupt,
which might leave the touchscreen stuck until reboot or until that exact
slot is touched again.

Could mms114_stop() be called before synthesizing the release events to
prevent this race?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260616050912.1531241-1-dmitry.torokhov@gmail.com?part=5
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help