Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5084359ybv; Tue, 11 Feb 2020 08:54:26 -0800 (PST) X-Google-Smtp-Source: APXvYqwqM2IKdfqsU7M3tsKC/MXkHGpuSD8k2wUz9XrFK208uVp4KY1UYBwaoK0cWbH0YRmqfUd6 X-Received: by 2002:a9d:7852:: with SMTP id c18mr5659345otm.247.1581440066607; Tue, 11 Feb 2020 08:54:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581440066; cv=none; d=google.com; s=arc-20160816; b=O32UMiZWGMrd9qEHFGyZtX6+vAkTtcCJS9xmqzyi1K/p9NNp/fRfjZr9gFoTkvp4oP eGD7/CAigM/7zgM+M5N3hUx4wVRlT0vvToWC3KKnYNhw2ZeLNiorRQOt08/5Yvw/e5ic db1mCfxhKfjM/PcFqLyAJKMHyaWuvGdi9AR7B9B5Dx4sewQAwjgzwL4soUCbV8vRVHys 14VEvS/1gzoRDrn/by0KGKJP/OhWqlL8K8xq6tKbITgTimfolNY3HKyD7OS5NvprChd0 C19wmDHENi/K4XHklvBgVpEhgsgEtwplcuCayGdnFAZX5+5MUB2jl6O6T5J2drIdaRD2 om9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:in-reply-to :subject:cc:to:from:date; bh=yO57gnAIEkEX9PGptHcD2aIhWLhBCpQn0vO/JKaXV4A=; b=RjxOxcEo041DuBt4qQs08fm+zan8zLuoTuvOhnjeho7Sjx8ythVUD0nJTAtd+tSOUf ExUfbFIcSRROeLmUSiGf5svUlaA5NUOfbHO0k+IyHQ60yovHlgD1UnxgoJvc/yRxGHg9 DQwt71R2aBfiGpbo5iwa8eCC64npB+ET9SVgpQ635H+R3wVP+qzV0GXXTlrI1WwQCYfY SZRTMEa4tE2MEeGtFrLoful4Tp2NOM8txKes2mpVT0WNIp+pN8AaQL9IaV9t1TqlshC/ HlJM5cO7YFFVDdE8aXCJaVuPD6GEKlbh7926aQUvVqxkhAmpvpVuQD5y90kiKHly6qqu IoOA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m14si2134468otr.131.2020.02.11.08.54.14; Tue, 11 Feb 2020 08:54:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728637AbgBKOyH (ORCPT + 99 others); Tue, 11 Feb 2020 09:54:07 -0500 Received: from iolanthe.rowland.org ([192.131.102.54]:33660 "HELO iolanthe.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1727264AbgBKOyG (ORCPT ); Tue, 11 Feb 2020 09:54:06 -0500 Received: (qmail 2909 invoked by uid 2102); 11 Feb 2020 09:54:05 -0500 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Feb 2020 09:54:05 -0500 Date: Tue, 11 Feb 2020 09:54:05 -0500 (EST) From: Alan Stern X-X-Sender: stern@iolanthe.rowland.org To: peter enderborg cc: Johan Korsnes , Jiri Kosina , Greg Kroah-Hartman , Kernel development list , Subject: Re: [PATCH] HID: Extend report buffer size In-Reply-To: <91e0077e-b229-e43f-6f5c-5088b0c0f561@sony.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 11 Feb 2020, peter enderborg wrote: > On 2/10/20 4:01 PM, Alan Stern wrote: > > On Mon, 10 Feb 2020, Peter Enderborg wrote: > > > >> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract" > >> there added a check for buffer overruns. This made Elgato StreamDeck > >> to fail. This patch extend the buffer to 8192 to solve this. It also > >> adds a print of the requested length if it fails on this test. > >> > >> Signed-off-by: Peter Enderborg > >> --- > >> drivers/hid/hid-core.c | 2 +- > >> include/linux/hid.h | 2 +- > >> 2 files changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c > >> index 851fe54ea59e..28841219b3d2 100644 > >> --- a/drivers/hid/hid-core.c > >> +++ b/drivers/hid/hid-core.c > >> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign > >> > >> /* Total size check: Allow for possible report index byte */ > >> if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) { > >> - hid_err(parser->device, "report is too long\n"); > >> + hid_err(parser->device, "report is too long (%d)\n", report->size); > >> return -1; > >> } > >> > >> diff --git a/include/linux/hid.h b/include/linux/hid.h > >> index cd41f209043f..875f71132b14 100644 > >> --- a/include/linux/hid.h > >> +++ b/include/linux/hid.h > >> @@ -492,7 +492,7 @@ struct hid_report_enum { > >> }; > >> > >> #define HID_MIN_BUFFER_SIZE 64 /* make sure there is at least a packet size of space */ > >> -#define HID_MAX_BUFFER_SIZE 4096 /* 4kb */ > >> +#define HID_MAX_BUFFER_SIZE 8192 /* 8kb */ > >> #define HID_CONTROL_FIFO_SIZE 256 /* to init devices with >100 reports */ > >> #define HID_OUTPUT_FIFO_SIZE 64 > > The second part of this patch is identical to the "HID: core: increase > > HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few > > weeks ago. You might want to submit just the first part of your patch, > > or not submit anything at all. > > > > Alan Stern > > > > > Korsnes patch is not in Torvalds tree nor is it requested for stable. How do we get it there? Bring the whole matter to Jiri's attention. He is the person who will take care of it. Alan Stern