lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAO9qdTHgEkwUGk69MdT0hC5TQ-G7MNsF_GdbGSCdMfKYgCrZ1A@mail.gmail.com>
Date: Thu, 4 Sep 2025 13:52:26 +0900
From: Jeongjun Park <aha310510@...il.com>
To: Jiri Kosina <jikos@...nel.org>
Cc: bentiss@...nel.org, hadess@...ess.net, linux-input@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] HID: steelseries: refactor probe() and remove()

Hello Jiri,

Jiri Kosina <jikos@...nel.org> wrote:
>
> On Thu, 17 Jul 2025, Jeongjun Park wrote:
>
> > steelseries_srws1_probe() still does not use devm_kzalloc() and
> > devm_led_classdev_register(), so there is a lot of code to safely manage
> > heap, which reduces readability and may cause memory leaks due to minor
> > patch mistakes in the future.
> >
> > Therefore, it should be changed to use devm_kzalloc() and
> > devm_led_classdev_register() to easily and safely manage heap.
> >
> > Also, the current steelseries driver mainly checks sd->quriks to determine
> > which product a specific HID device is, which is not the correct way.
> >
> > remove(), unlike probe(), does not receive struct hid_device_id as an
> > argument, so it must check hdev unconditionally to know which product
> > it is.
> >
> > However, since struct steelseries_device and struct steelseries_srws1_data
> > have different structures, if SRWS1 is removed in remove(), converts
> > hdev->dev, which is initialized to struct steelseries_srws1_data,
> > to struct steelseries_device and uses it. This causes various
> > memory-related bugs as completely unexpected values exist in member
> > variables of the structure.
> >
> > Therefore, in order to modify probe() and remove() to work properly,
> > Arctis 1, 9 should be added to HID_USB_DEVICE and some functions should be
> > modified to check hdev->product when determining HID device product.
> >
> > Fixes: a0c76896c3fb ("HID: steelseries: Add support for Arctis 1 XBox")
> > Signed-off-by: Jeongjun Park <aha310510@...il.com>
>
> Applied to hid.git#for-6.18/steelseries, thanks.
>

I think this patch should be applied to 6.17 rc, not 6.18.

This is because while this patch primarily addresses a potential memory
leak, it also addresses a memory corruption vuln that occurs when using
the SRWS1 device.

Therefore, it should be patched quickly in the rc release, and the stable
release, where this bug exists, should also receive this patch.

> --
> Jiri Kosina
> SUSE Labs
>

Regards,
Jeongjun Park

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ