lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211129181722.088037855@linuxfoundation.org>
Date:   Mon, 29 Nov 2021 19:18:10 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Brent Roman <brent@...ri.org>,
        Thomas Weißschuh <linux@...ssschuh.net>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Jiri Kosina <jkosina@...e.cz>, Sasha Levin <sashal@...nel.org>
Subject: [PATCH 5.15 096/179] HID: input: set usage type to key on keycode remap

From: Thomas Weißschuh <linux@...ssschuh.net>

[ Upstream commit 3e6a950d98366f5e716904e9a7e8ffc7ed638bd6 ]

When a scancode is manually remapped that previously was not handled as
key, then the old usage type was incorrectly reused.

This caused issues on a "04b3:301b IBM Corp. SK-8815 Keyboard" which has
marked some of its keys with an invalid HID usage.  These invalid usage
keys are being ignored since support for USB programmable buttons was
added.

The scancodes are however remapped explicitly by the systemd hwdb to the
keycodes that are printed on the physical buttons.  During this mapping
step the existing usage is retrieved which will be found with a default
type of 0 (EV_SYN) instead of EV_KEY.

The events with the correct code but EV_SYN type are not forwarded to
userspace.

This also leads to a kernel oops when trying to print the report descriptor
via debugfs.  hid_resolv_event() tries to resolve a EV_SYN event with an
EV_KEY code which leads to an out-of-bounds access in the EV_SYN names
array.

Fixes: bcfa8d1457 ("HID: input: Add support for Programmable Buttons")
Fixes: f5854fad39 ("Input: hid-input - allow mapping unknown usages")
Reported-by: Brent Roman <brent@...ri.org>
Tested-by: Brent Roman <brent@...ri.org>
Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@...il.com>
Signed-off-by: Jiri Kosina <jkosina@...e.cz>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
 drivers/hid/hid-input.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 4b3f4a5e23058..6561770f1af55 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -160,6 +160,7 @@ static int hidinput_setkeycode(struct input_dev *dev,
 	if (usage) {
 		*old_keycode = usage->type == EV_KEY ?
 				usage->code : KEY_RESERVED;
+		usage->type = EV_KEY;
 		usage->code = ke->keycode;
 
 		clear_bit(*old_keycode, dev->keybit);
-- 
2.33.0



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ