lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 18 Oct 2017 10:48:03 +0200
From:   Benjamin Tissoires <benjamin.tissoires@...hat.com>
To:     Andrew Duggan <aduggan@...aptics.com>
Cc:     linux-input@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jiri Kosina <jikos@...nel.org>,
        Hendrik Langer <hendrik.langer@....de>
Subject: Re: [PATCH] HID: rmi: Check that a device is a RMI device before
 calling RMI functions

On Oct 17 2017 or thereabouts, Andrew Duggan wrote:
> The hid-rmi driver may handle non rmi devices on composite USB devices.
> Callbacks need to make sure that the current device is a RMI device before
> calling RMI specific functions. Most callbacks already have this check, but
> this patch adds checks to the remaining callbacks.
> 
> Signed-off-by: Andrew Duggan <aduggan@...aptics.com>
> ---
> This is the patch which hopefully will address the X1 tablet dock freeze:
> http://www.spinics.net/lists/linux-input/msg53582.html
> 
> I was not able to test on a composite USB device so I have not tested confirmed
> this will fix the reported issues. But, based on the description I think it will.
> I also added a check for rmi_raw_event() since it could be possible that another
> hid device using one of the same report IDs as an RMI device could result in calling
> into unitialized RMI functions. It was also the only callbacl left not checking the
> RMI_DEVICE flag. I wonder if this explains the attach crash.
> 
> Anyway, I would appriciate it if Hendrik or someone else with the device could test this
> patch to confirm it fixes the reported behavior.

Shouldn't rmi_hid_reset() also get the same check?

>From what I can see, even if the patch doesn't fix the immediate issue,
such a patch should definitively go in as those checks are clearly
missing.

Cheers,
Benjamin

> 
> Thanks,
> Andrew
> 
>  drivers/hid/hid-rmi.c | 13 ++++++++++---
>  1 file changed, 10 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
> index 5b40c26..d987e02 100644
> --- a/drivers/hid/hid-rmi.c
> +++ b/drivers/hid/hid-rmi.c
> @@ -368,6 +368,11 @@ static int rmi_check_sanity(struct hid_device *hdev, u8 *data, int size)
>  static int rmi_raw_event(struct hid_device *hdev,
>  		struct hid_report *report, u8 *data, int size)
>  {
> +	struct rmi_data *hdata = hid_get_drvdata(hdev);
> +
> +	if (!(hdata->device_flags & RMI_DEVICE))
> +		return 0;
> +
>  	size = rmi_check_sanity(hdev, data, size);
>  	if (size < 2)
>  		return 0;
> @@ -706,9 +711,11 @@ static void rmi_remove(struct hid_device *hdev)
>  {
>  	struct rmi_data *hdata = hid_get_drvdata(hdev);
>  
> -	clear_bit(RMI_STARTED, &hdata->flags);
> -	cancel_work_sync(&hdata->reset_work);
> -	rmi_unregister_transport_device(&hdata->xport);
> +	if (hdata->device_flags & RMI_DEVICE) {
> +		clear_bit(RMI_STARTED, &hdata->flags);
> +		cancel_work_sync(&hdata->reset_work);
> +		rmi_unregister_transport_device(&hdata->xport);
> +	}
>  
>  	hid_hw_stop(hdev);
>  }
> -- 
> 2.7.4
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ