Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3820903ybv;
        Mon, 10 Feb 2020 07:02:18 -0800 (PST)
X-Google-Smtp-Source: APXvYqz3SNn+lodG7nVH67bLByxZQNMopNIcXDO0Q7iJ2BQnGm8T40OurCfwfzdpOEYjtEqlkLoA
X-Received: by 2002:aca:d6c8:: with SMTP id n191mr1122218oig.103.1581346938834;
        Mon, 10 Feb 2020 07:02:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1581346938; cv=none;
        d=google.com; s=arc-20160816;
        b=bRVawrgRSRzWZbFX3AFKo9C2I+l3QEXBtlxX5Ba9lfJuqJuvJc5MKA329p4WlOj+py
         NCmWerW799hgGnJtUViasIlJNfPy++VJJ35MGha+vzj1GvEl9EJ766CF7RH2QnWcqgbr
         3iwqvTepM3eQIrSl35bUW5bguR5e//pQJycDl+riYU8z59B9skfFKzv1G64GzFoUlu44
         vRFpOu363JTpCfoDnF3/gBQbgBuksqhHxcMvfY7Qf5NgYprlA+90hfJ4f7eVgdvdS4Ej
         liCWaSeWgVpUv5MIxgQIjTbZtqAVWJns1GUJZRCPjFohau7rG+rkFa1Ek9CpYYGZyvtV
         +FYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:in-reply-to
         :subject:cc:to:from:date;
        bh=YYz7rNIBmmxkJ9RuN7IbfdX+UajBgFRFjKx+yyYMEc0=;
        b=kN6jXX7N64muBrdIVWkRY2a2ixgfECfZ4yKklRnJ4S2q/n0PqQFXNMO0CTVhExEzaf
         hRzCa1+3XowlK53haOjUAk0RmKcogwzR3B1S/F3wtn4hckT7ay7sJdJ+LqGc/HrQItwE
         o//CEokibS8FQDKAs+enWPyeG5/cotFVarSuo+rDfQrrh6x+eZ1bRenUNPOkAQxljH78
         txB2n8wL10lkCZHazZvq/+LBbwYYYWYYlovOp/hvKfpPP6+/AgR/SDQgBVQrDYsI62yB
         iDCAExkvPLOkoIOpLUQPMsON4v3Uk0ReCwyMp/z+sOpwX5NAtEa6OCpRJ9xM9nTJAwd8
         ElGQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g26si309120otn.180.2020.02.10.07.02.06;
        Mon, 10 Feb 2020 07:02:18 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728112AbgBJPBV (ORCPT <rfc822;7819ynot@gmail.com> + 99 others);
        Mon, 10 Feb 2020 10:01:21 -0500
Received: from netrider.rowland.org ([192.131.102.5]:40315 "HELO
        netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1726627AbgBJPBU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 Feb 2020 10:01:20 -0500
Received: (qmail 16865 invoked by uid 500); 10 Feb 2020 10:01:19 -0500
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 10 Feb 2020 10:01:19 -0500
Date:   Mon, 10 Feb 2020 10:01:19 -0500 (EST)
From:   Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@netrider.rowland.org
To:     Peter Enderborg <peter.enderborg@sony.com>
cc:     Jiri Kosina <jikos@kernel.org>, Johan Korsnes <jkorsnes@cisco.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Kernel development list <linux-kernel@vger.kernel.org>,
        <stable@vger.kernel.org>
Subject: Re: [PATCH] HID: Extend report buffer size
In-Reply-To: <20200210120847.31737-1-peter.enderborg@sony.com>
Message-ID: <Pine.LNX.4.44L0.2002100957401.14460-100000@netrider.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 10 Feb 2020, Peter Enderborg wrote:

> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract"
> there added a check for buffer overruns. This made Elgato StreamDeck
> to fail. This patch extend the buffer to 8192 to solve this. It also
> adds a print of the requested length if it fails on this test.
> 
> Signed-off-by: Peter Enderborg <peter.enderborg@sony.com>
> ---
>  drivers/hid/hid-core.c | 2 +-
>  include/linux/hid.h    | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 851fe54ea59e..28841219b3d2 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign
>  
>  	/* Total size check: Allow for possible report index byte */
>  	if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
> -		hid_err(parser->device, "report is too long\n");
> +		hid_err(parser->device, "report is too long (%d)\n", report->size);
>  		return -1;
>  	}
>  
> diff --git a/include/linux/hid.h b/include/linux/hid.h
> index cd41f209043f..875f71132b14 100644
> --- a/include/linux/hid.h
> +++ b/include/linux/hid.h
> @@ -492,7 +492,7 @@ struct hid_report_enum {
>  };
>  
>  #define HID_MIN_BUFFER_SIZE	64		/* make sure there is at least a packet size of space */
> -#define HID_MAX_BUFFER_SIZE	4096		/* 4kb */
> +#define HID_MAX_BUFFER_SIZE	8192		/* 8kb */
>  #define HID_CONTROL_FIFO_SIZE	256		/* to init devices with >100 reports */
>  #define HID_OUTPUT_FIFO_SIZE	64

The second part of this patch is identical to the "HID: core: increase
HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few
weeks ago.  You might want to submit just the first part of your patch,
or not submit anything at all.

Alan Stern