lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Apr 2019 02:29:11 +0800
From:   Kai-Heng Feng <kai.heng.feng@...onical.com>
To:     Benjamin Tissoires <benjamin.tissoires@...hat.com>
Cc:     Jiri Kosina <jikos@...nel.org>,
        "open list:HID CORE LAYER" <linux-input@...r.kernel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Ronald Tschalär <ronald@...ovation.ch>
Subject: Re: [PATCH] HID: Increase maximum report size allowed by
 hid_field_extract()

at 17:42, Benjamin Tissoires <benjamin.tissoires@...hat.com> wrote:

> Hi,
>
>
> On Fri, Mar 8, 2019 at 6:11 AM Kai-Heng Feng
> <kai.heng.feng@...onical.com> wrote:
>> Commit 71f6fa90a353 ("HID: increase maximum global item tag report size
>> to 256") increases the max report size from 128 to 256.
>>
>> We also need to update the report size in hid_field_extract() otherwise
>> it complains and truncates now valid report size:
>> [ 406.165461] hid-sensor-hub 001F:8086:22D8.0002: hid_field_extract()  
>> called with n (192) > 32! (kworker/5:1)
>>
>> BugLink: https://bugs.launchpad.net/bugs/1818547
>> Fixes: 71f6fa90a353 ("HID: increase maximum global item tag report size  
>> to 256")
>> Signed-off-by: Kai-Heng Feng <kai.heng.feng@...onical.com>
>> ---
>>  drivers/hid/hid-core.c | 6 +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
>> index 9993b692598f..860e21ec6a49 100644
>> --- a/drivers/hid/hid-core.c
>> +++ b/drivers/hid/hid-core.c
>> @@ -1301,10 +1301,10 @@ static u32 __extract(u8 *report, unsigned  
>> offset, int n)
>>  u32 hid_field_extract(const struct hid_device *hid, u8 *report,
>>                         unsigned offset, unsigned n)
>
> Ronald (Cc-ed) raised quite a good point:
> what's the benefit of removing the error message if this function (and
> __extract) can only report an unsigned 32 bits value?

I didn’t spot this, sorry.

>
> My take is we should revert 94a9992f7dbdfb28976b upstream and think at
> a better solution.

I think using a new fix to replace it will be a better approach, as it at  
least partially solves the issue.

Kai-Heng

>
> Cheers,
> Benjamin
>
>> {
>> -       if (n > 32) {
>> -               hid_warn(hid, "hid_field_extract() called with n (%d) >  
>> 32! (%s)\n",
>> +       if (n > 256) {
>> +               hid_warn(hid, "hid_field_extract() called with n (%d) >  
>> 256! (%s)\n",
>>                          n, current->comm);
>> -               n = 32;
>> +               n = 256;
>>         }
>>
>>         return __extract(report, offset, n);
>> —

>> 2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ