Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp932262imu; Fri, 4 Jan 2019 09:44:12 -0800 (PST) X-Google-Smtp-Source: AFSGD/UewL54PTwjqI5yyWxvaan5h06pselVIZdm5LKofRXtmB5D9ytvMJS03s874/+l+b+5lUi1 X-Received: by 2002:a62:5d0c:: with SMTP id r12mr55126959pfb.0.1546623852144; Fri, 04 Jan 2019 09:44:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546623852; cv=none; d=google.com; s=arc-20160816; b=Rd9mgqM8uJqi6du4VJO89NlUPuKQPn73DGsdBu4LB8dry7OFQwSfACJ32j5Sj1VjnH nk/gq1VgWI4cwmJd+wCG6LU76s3vnq5WLMvw77Ibkrx708EtXQ7J4PaB3tfwhDXbP3Qz lsmXv1F7oC836iK+iVj5KWPAd3SIbaJ1dc82zxAuUwgqFi0yMzvORtnRHCOHbNrriIaS awc2tA6IaHnZqQRxGkkMG53a8yHh4ju7KdZv+AK/mut0G5Vj27c4nEGkfZ+l+BJhlXcp dBPDpbDa4f33T/mY07GoFq4artAtchnXHPMaza5uC9pfmTksTEVfCHosMieLmPcJ9cFH mIBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=kIPrvXgyo6VOqMsvWHzkUQ0Pf1d/cVy9Lvm/usq8UdI=; b=f3tkWjTx5t8zRtyAsmw40iklXfrmFunXDZGoCNHoB6AhfKKUohsH3lIezZbvajyVXV R39c+RCK0c5NoMJHlCJ1z1LTYE6mxmLnB22j4RKHz4d9kOgS9uOOrKGZEN8+LdV4dIrN lGh7Y/ibcHHkzsUTpT6ajv5nLdPD+/EjKk9WUxpVjR8ORjf7WooE+pH53Akr1+WeXuSU NR00cARZ1U4HJfqkLpi+Bh4eqKXWtRo5JV7hPHH1IfmNYWVsIEG+u410SGODPDBeevTV cIbuBkMHlCMy/0L3ZFhFKB87+/FbxpMMsqZBV3A8VCvCOcCkM419/VOSMwxpf4YbYgiw T0hg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ufIBLCOT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8si3015371pls.83.2019.01.04.09.43.57; Fri, 04 Jan 2019 09:44:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ufIBLCOT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726780AbfADQim (ORCPT + 99 others); Fri, 4 Jan 2019 11:38:42 -0500 Received: from mail-yb1-f195.google.com ([209.85.219.195]:40518 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726201AbfADQim (ORCPT ); Fri, 4 Jan 2019 11:38:42 -0500 Received: by mail-yb1-f195.google.com with SMTP id x201so11120710ybg.7; Fri, 04 Jan 2019 08:38:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kIPrvXgyo6VOqMsvWHzkUQ0Pf1d/cVy9Lvm/usq8UdI=; b=ufIBLCOTqDUcRXJH+qXKbdUpVEHJEr3x9YQ8slSZ9yqgdwWNYhFpKs3oG0uykVWd1N mcrtNBml7TQYJ8bObGXKd2tibth7jYijKmEUYGihRLZ8X8zAF9k14Yi0ggHsXLo1c04j 2AJJmCR/f1cYFBz9WDXEf1kzcJQUoF3vtnFIunoncu4k4C2FXx1nkrVbVCYONODjImQ0 OrIN/fbrEN4k4ZtJTVqOOfnBvbLUmR4t1tt0DgfFr3Dkkfsdu6jN8kS/pctop9fb7owx iTehtgu4264GiSeFCJ4M4uiHSmnv3NB7Zbsq+x7AWILBNDE9qPpgFkB6NW4ROM5tjPFH iK1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kIPrvXgyo6VOqMsvWHzkUQ0Pf1d/cVy9Lvm/usq8UdI=; b=k4NRCYoV8aAnia9mtKe6ZOyBT77ueSjKhvQduqT/PilIskabALvh4qBzAdExIA+iCt Fj1rWk2SlmB4Ipr4Wg0Tx1xj9EC/UMT0VvKFpEjqDt/cyT0NyWPB6EkUnzPaJCGfbemP 6h6dQGnq+yz7+oW9WKdULOvAyitxXAsx/P5z/L0qMfmzrzV2rUAGa/CESqe7KlcuN0o5 eEhcB6oTwrbKTC9xaLexFUTwjkPKr1mkWOofzzVRpk47azMNfgedlq0M408thr5mEr1v R/3E7JoqCdWLzBXfxYtY8ONvnX+9BVCBe+NcdTe5DRYC9ZZzTjuaxHpYA9wwkf6xWRud 6mTg== X-Gm-Message-State: AJcUukdSJiKbHCn6kfw+w/ZM4hlPt9tI1RMtVB4XRFqSX86MVxRjwD9C dbHn5Esd+Ms0Wj0L4/9jM6qqQ+/LJKIgmS8jkRpCww== X-Received: by 2002:a25:db85:: with SMTP id g127mr39490093ybf.394.1546619920266; Fri, 04 Jan 2019 08:38:40 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Roderick Colenbrander Date: Fri, 4 Jan 2019 08:38:28 -0800 Message-ID: Subject: Re: NULL pointer dereference when writing fuzzed data to /dev/uhid To: Benjamin Tissoires Cc: Anatoly Trosinenko , Jiri Kosina , lkml , "open list:HID CORE LAYER" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > For sony.bin: > > > > root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid > > [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max > > [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1 > > [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4 > > [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe > > [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe > > [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2 > > [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0 > > [ 16.928546] BUG: unable to handle kernel NULL pointer dereference > > at 0000000000000028 > > [ 16.929951] #PF error: [normal kernel read fault] > > [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0 > > [ 16.931836] Oops: 0000 [#1] SMP PTI > > [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted > > 4.20.0-xfstests-10979-g96d4f267e40 #1 > > [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), > > BIOS 1.11.1-1ubuntu1 04/01/2014 > > [ 16.935372] Workqueue: events uhid_device_add_worker > > [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110 > > In a sense, it's good to have a fault there because this was added to > make sure we do not blindly accept any data. The fact that it doesn't > fail gracefully is a sign that there is something else. > Maybe Roderick could have a look? > > Cheers, > Benjamin > Sure I can have a look. Would you be able to share the sony.bin file? Did you inject a particular device? We do a lot of remapping and processing in hid-sony at startup. It is probably related to that. Thanks, Roderick