| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Feb 2015 09:05:22 +0200 From: Mika Westerberg <mika.westerberg@...ux.intel.com> To: Benjamin Tissoires <benjamin.tissoires@...hat.com> Cc: Jiri Kosina <jkosina@...e.cz>, Mark Rutland <mark.rutland@....com>, sb@...abs.hk, linux-input@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/3] HID: i2c-hid: Read wMaxInputLength of input report instead of bufsize On Mon, Feb 23, 2015 at 10:26:35AM -0500, Benjamin Tissoires wrote: > On Feb 23 2015 or thereabouts, Mika Westerberg wrote: > > Wacom digitizer (WCOM0008) on Lenovo Thinkpad 10 seems to allow reading of > > subsequent reports (or part of them) if we read more than wMaxInputLength > > of data at the time. This data is not always aligned so that the next > > report would start right after another. > > > > For example we might get following sequence: > > > > i2c_hid i2c-WCOM0008:00: input: 0a 00 02 21 20 17 ad 22 11 03 > > i2c_hid i2c-WCOM0008:00: input: ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 0a 00 02 21 20 17 > > ad 22 11 03 > > i2c_hid i2c-WCOM0008:00: input: 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 ad 22 11 03 0a 00 > > 02 21 20 17 > > i2c_hid i2c-WCOM0008:00: i2c_hid_get_input: incomplete report (76/8450) > > > > The bufsize is 76 and wMaxInputLength is 10. In above example the first > > read gets right amount of data. The second and third reads get full bufsize > > (76 bytes) but the report is missing a start already. This causes the > > driver to reject the report because we got less than was expected by the > > report length (0x2102 = 8450). > > > > If we read only wMaxInputLength at the time this does not happen at all and > > the digitizer works fine. > > > > Based on this change the driver to read wMaxInputLength bytes instead of > > bufsize if the value looks sane. > > > > Reported-by: Sébastien Bourdeauducq <sb@...abs.hk> > > Signed-off-by: Mika Westerberg <mika.westerberg@...ux.intel.com> > > --- > > We can actually drop this one. Jiri already applied a patch sent last > week which does the exact same thing: > https://patchwork.kernel.org/patch/5857521/ (should appear shortly in > Jiri's tree I guess). Indeed looks like it does the same. Thanks for letting me know. > But thanks for confirming that it was really needed for other devices. No problem :-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists