lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <000001d9d026$b9f3d640$2ddb82c0$@samsung.com>
Date:   Wed, 16 Aug 2023 15:16:52 +0530
From:   "sandeep.cs" <sandeep.cs@...sung.com>
To:     "'Benjamin Tissoires'" <bentiss@...nel.org>
Cc:     "'Jiri Kosina'" <jikos@...nel.org>,
        "'Benjamin Tissoires'" <benjamin.tissoires@...hat.com>,
        <junwan.cho@...sung.com>, <jitender.s21@...sung.com>,
        <suhyun_.kim@...sung.com>, <ih0923.kim@...sung.com>,
        <gaudium.lee@...sung.com>, <linux-input@...r.kernel.org>,
        <linux-kernel@...r.kernel.org>
Subject: RE: [HID Patchsets v1 2/2] HID: Removed USB Validation check

Hi Benjamin,

I hope this email finds you well. 
I wanted to remind you about our last email where we discussed about moving
USB validation check.
Your thoughts and input are important to us.
Please guide!

Thanks & regards
Sandeep C S

-----Original Message-----
From: sandeep.cs <sandeep.cs@...sung.com> 
Sent: 31 July 2023 16:44
To: 'Benjamin Tissoires' <bentiss@...nel.org>
Cc: 'Jiri Kosina' <jikos@...nel.org>; 'Benjamin Tissoires'
<benjamin.tissoires@...hat.com>; 'junwan.cho@...sung.com'
<junwan.cho@...sung.com>; 'jitender.s21@...sung.com'
<jitender.s21@...sung.com>; 'suhyun_.kim@...sung.com'
<suhyun_.kim@...sung.com>; 'ih0923.kim@...sung.com'
<ih0923.kim@...sung.com>; 'gaudium.lee@...sung.com'
<gaudium.lee@...sung.com>; 'linux-input@...r.kernel.org'
<linux-input@...r.kernel.org>; 'linux-kernel@...r.kernel.org'
<linux-kernel@...r.kernel.org>
Subject: RE: [HID Patchsets v1 2/2] HID: Removed USB Validation check

Hi Benjamin,

Thanks for the quick review our changes

As suggested we will refactor as below and send you an update shortly.


1. USB check validation moving to appropriate function
(samsung_kbd_mouse_input_mapping())
2. fix the checkpatch complain
3+ Split the remaining changes one per device

Clarifying for the Point 1 , below is the pseudocode:

static int samsung_kbd_mouse_input_mapping(struct hid_device *hdev,
  struct hid_input *hi, struct hid_field *field, struct hid_usage *usage,
  unsigned long **bit, int *max)
{
 + if (!hid_is_usb(hdev))
   + return 0;
    ...
}   


Thanks & Regards
Sandeep C S

-----Original Message-----
From: Benjamin Tissoires <bentiss@...nel.org>
Sent: 24 July 2023 15:40
To: sandeep.cs <sandeep.cs@...sung.com>
Cc: Jiri Kosina <jikos@...nel.org>; Benjamin Tissoires
<benjamin.tissoires@...hat.com>; junwan.cho@...sung.com;
jitender.s21@...sung.com; suhyun_.kim@...sung.com; ih0923.kim@...sung.com;
gaudium.lee@...sung.com; linux-input@...r.kernel.org;
linux-kernel@...r.kernel.org
Subject: Re: [HID Patchsets v1 2/2] HID: Removed USB Validation check

Hi Sandeep,

On Jul 24 2023, sandeep.cs wrote:
> Earlier Samsung driver only handles USB HID devices and returns an error
if it encounters a Bluetooth type of HID device.
> By removing this USB validation check, we allow the driver to handle other
types of HID devices including Bluetooth HID devices, which were previously
excluded.

Please no, not with that patch at least.

hid_is_usb() protects the kernel from making an oops if the actual transport
layer is not USB, let's say an emulated uhid device. So by removing that
check you are just allowing anybody with root access to access random memory
in the kernel.

The correct fix is to move the check where it's needed, in
samsung_kbd_mouse_input_mapping().
I'll let you decide what need should be done if it's not a USB device
there: consider the interface to be 0 or just abort the function.

Cheers,
Benjamin

> 
> This change improves driver compatibility and extends its support for a
wide range of devices.
> 
> Signed-off-by: Sandeep C S<sandeep.cs@...sung.com>
> Signed-off-by: Junwan Cho <junwan.cho@...sung.com>
> Signed-off-by: Jitender Sajwan <jitender.s21@...sung.com>
> ---
>  drivers/hid/hid-samsung.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/drivers/hid/hid-samsung.c b/drivers/hid/hid-samsung.c 
> index 33e963303d11..3cafbf4d9dc6 100644
> --- a/drivers/hid/hid-samsung.c
> +++ b/drivers/hid/hid-samsung.c
> @@ -517,9 +517,6 @@ static int samsung_probe(struct hid_device *hdev,
>  	int ret;
>  	unsigned int cmask = HID_CONNECT_DEFAULT;
>  
> -	if (!hid_is_usb(hdev))
> -		return -EINVAL;
> -
>  	ret = hid_parse(hdev);
>  	if (ret) {
>  		hid_err(hdev, "parse failed\n");
> --
> 2.25.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ