| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250112145938.7138c922@jic23-huawei>
Date: Sun, 12 Jan 2025 14:59:38 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: "Chia-Lin Kao (AceLan)" <acelan.kao@...onical.com>
Cc: Lars-Peter Clausen <lars@...afoo.de>, Peter Zijlstra
<peterz@...radead.org>, Greg KH <gregkh@...uxfoundation.org>,
linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org, Jiri Kosina
<jikos@...nel.org>, Srinivas Pandruvada
<srinivas.pandruvada@...ux.intel.com>
Subject: Re: [PATCH] iio: hid-sensor-attributes: validate sensitivity
attributes
On Thu, 9 Jan 2025 12:00:06 +0800
"Chia-Lin Kao (AceLan)" <acelan.kao@...onical.com> wrote:
> An invalid sensor device was observed which provided valid index and
> report_ids for poll, report_state and power_state attributes, but had
> invalid report_latency, sensitivity, and timestamp attributes. This would
> cause the system to hang when using iio_info to access attributes, as
> runtime PM tried to wake up an unresponsive sensor.
>
> [ 2.594565] [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff
> [ 2.594573] [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff ffffffff:ffffffff
> [ 2.595485] [453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff
> [ 2.595492] [453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:11, 3:11, 1:11 ffffffff:ffffffff ffffffff:ffffffff
>
> Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@...onical.com>
If you can come up with an appropriate fixes tag that would be great
as will help us figure out how far this might be backported.
Also, can we add any info on what device this was seen on?
+CC Jiri and Srinivas who are the other listed maintainers of this driver.
Thanks,
Jonathan
> ---
> .../hid-sensors/hid-sensor-attributes.c | 23 +++++++++++--------
> 1 file changed, 14 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/iio/common/hid-sensors/hid-sensor-attributes.c b/drivers/iio/common/hid-sensors/hid-sensor-attributes.c
> index ad1882f608c0..b7ffd97e6c56 100644
> --- a/drivers/iio/common/hid-sensors/hid-sensor-attributes.c
> +++ b/drivers/iio/common/hid-sensors/hid-sensor-attributes.c
> @@ -564,8 +564,21 @@ int hid_sensor_parse_common_attributes(struct hid_sensor_hub_device *hsdev,
> } else
> st->timestamp_ns_scale = 1000000000;
>
> + ret = 0;
> + if (st->sensitivity.index < 0 || st->sensitivity_rel.index < 0) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> hid_sensor_get_report_latency_info(hsdev, usage_id, st);
>
> + ret = sensor_hub_get_feature(hsdev,
> + st->power_state.report_id,
> + st->power_state.index, sizeof(value), &value);
> + if (value < 0)
> + ret = -EINVAL;
> +
> +out:
> hid_dbg(hsdev->hdev, "common attributes: %x:%x, %x:%x, %x:%x %x:%x %x:%x\n",
> st->poll.index, st->poll.report_id,
> st->report_state.index, st->report_state.report_id,
> @@ -573,15 +586,7 @@ int hid_sensor_parse_common_attributes(struct hid_sensor_hub_device *hsdev,
> st->sensitivity.index, st->sensitivity.report_id,
> timestamp.index, timestamp.report_id);
>
> - ret = sensor_hub_get_feature(hsdev,
> - st->power_state.report_id,
> - st->power_state.index, sizeof(value), &value);
> - if (ret < 0)
> - return ret;
> - if (value < 0)
> - return -EINVAL;
> -
> - return 0;
> + return ret;
> }
> EXPORT_SYMBOL_NS(hid_sensor_parse_common_attributes, "IIO_HID");
>
Powered by blists - more mailing lists