[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44L0.2002110952570.1574-100000@iolanthe.rowland.org>
Date: Tue, 11 Feb 2020 09:54:05 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: peter enderborg <peter.enderborg@...y.com>
cc: Johan Korsnes <jkorsnes@...co.com>, Jiri Kosina <jikos@...nel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kernel development list <linux-kernel@...r.kernel.org>,
<stable@...r.kernel.org>
Subject: Re: [PATCH] HID: Extend report buffer size
On Tue, 11 Feb 2020, peter enderborg wrote:
> On 2/10/20 4:01 PM, Alan Stern wrote:
> > On Mon, 10 Feb 2020, Peter Enderborg wrote:
> >
> >> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract"
> >> there added a check for buffer overruns. This made Elgato StreamDeck
> >> to fail. This patch extend the buffer to 8192 to solve this. It also
> >> adds a print of the requested length if it fails on this test.
> >>
> >> Signed-off-by: Peter Enderborg <peter.enderborg@...y.com>
> >> ---
> >> drivers/hid/hid-core.c | 2 +-
> >> include/linux/hid.h | 2 +-
> >> 2 files changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> >> index 851fe54ea59e..28841219b3d2 100644
> >> --- a/drivers/hid/hid-core.c
> >> +++ b/drivers/hid/hid-core.c
> >> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign
> >>
> >> /* Total size check: Allow for possible report index byte */
> >> if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
> >> - hid_err(parser->device, "report is too long\n");
> >> + hid_err(parser->device, "report is too long (%d)\n", report->size);
> >> return -1;
> >> }
> >>
> >> diff --git a/include/linux/hid.h b/include/linux/hid.h
> >> index cd41f209043f..875f71132b14 100644
> >> --- a/include/linux/hid.h
> >> +++ b/include/linux/hid.h
> >> @@ -492,7 +492,7 @@ struct hid_report_enum {
> >> };
> >>
> >> #define HID_MIN_BUFFER_SIZE 64 /* make sure there is at least a packet size of space */
> >> -#define HID_MAX_BUFFER_SIZE 4096 /* 4kb */
> >> +#define HID_MAX_BUFFER_SIZE 8192 /* 8kb */
> >> #define HID_CONTROL_FIFO_SIZE 256 /* to init devices with >100 reports */
> >> #define HID_OUTPUT_FIFO_SIZE 64
> > The second part of this patch is identical to the "HID: core: increase
> > HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few
> > weeks ago. You might want to submit just the first part of your patch,
> > or not submit anything at all.
> >
> > Alan Stern
> >
> >
> Korsnes patch is not in Torvalds tree nor is it requested for stable. How do we get it there?
Bring the whole matter to Jiri's attention. He is the person who will
take care of it.
Alan Stern
Powered by blists - more mailing lists