Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2179538pxa; Mon, 17 Aug 2020 03:08:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxx52b3UfJjwWDrpg9wjmo3YlBOeEsxCC6/2nf8/4l6APuAhSP9XE0q6gVh4A2tHiAnVNRW X-Received: by 2002:aa7:ce98:: with SMTP id y24mr14151815edv.76.1597658911749; Mon, 17 Aug 2020 03:08:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597658911; cv=none; d=google.com; s=arc-20160816; b=rcd3aWlUsMQGWdqlZWGlqU3KFhW5cMd1hlGDXAi0QHssllCTI5YDxmi2i0z8PeUBIO uCy+1byx9rjvAotIgMQYnvZIkGBzqu1bBjPcj/hM4JLvqOxrSAtY8WPk+0q1+Ps0ZRyV kndXcmIvUdfCoQHB7p9AwDmPSrCVfqYCrRr3M3s/LgvxDevkb34j/grGu4WTkQEZPB2S VFK4Id5KvNdkRob6v6NOJXQvocymoWwWxOlcG8pgx3dgdoMlkgQsOcLdksdHlBZ2woxJ kiY1Opv3edfFeNFfOSlw2uh/A5WSH6QpAvglTOVPNiHkvPYxrBqL0zd6sGoOcOoTzZIQ m1hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature; bh=TskHe6U972BeS188mmHHxn6+kANMbaIHlninudPNwuI=; b=uqyOX0W5EqfQ4R3LOXiwU92WoKoBS2OZhVhiFf6uCOBzwrCvKHC6YTJFdX73gsfYBj ZOvi217XiQN0f/YhZfORol1mLCZy3x5zx6hcXg0FDWpicoi//jgYENYKkWwr21KycLiC suU7C4L9vVl/mr+I/0hf9ApVvF+sp8i/vKlvJend4jDUsyLLUO6PpXpVlWN7ph1U8Czz vzTTGw2BRg88jXGFTVjYS901LHcN0QHDwu42uik29egooMBNKcFw+76uhheoU7C5Xh1R qIyzV+VhY3w9jz0txQm3MxKFDKtoDBvEHTItpHSzriMa5uWvjhse73l9Gc+41l5keMyg kOsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="iIIPM/3U"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n15si10782333ejk.642.2020.08.17.03.08.07; Mon, 17 Aug 2020 03:08:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="iIIPM/3U"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727093AbgHQKHP (ORCPT + 99 others); Mon, 17 Aug 2020 06:07:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:46468 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726760AbgHQKHO (ORCPT ); Mon, 17 Aug 2020 06:07:14 -0400 Received: from pobox.suse.cz (nat1.prg.suse.com [195.250.132.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AEE7D2067C; Mon, 17 Aug 2020 10:07:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597658834; bh=eCw+2/lSjBV7bP7ZhU0BJWsyz5bbYEzAf+VX/NT+hPs=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=iIIPM/3UjTg70NVgUJxOiOTsp3FhTrRIe4qeOMH4R3Pq32ZYAIdcsq4RXZriqMUoS UskIS4j8TH1QhGIw71c0/ypsYfJSrZ22eT6mj0CjMXQBrLP2Cy9V9uiQv5stR+Xfcb tHZ0SJpTD95agWGCKWw5QgN+9IypUs6jEOj/+1E8= Date: Mon, 17 Aug 2020 12:07:10 +0200 (CEST) From: Jiri Kosina To: Dan Carpenter cc: Stefan Achatz , Benjamin Tissoires , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] HID: roccat: add bounds checking in kone_sysfs_write_settings() In-Reply-To: <20200805095501.GD483832@mwanda> Message-ID: References: <20200805095501.GD483832@mwanda> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 5 Aug 2020, Dan Carpenter wrote: > In the original code we didn't check if the new value for > "settings->startup_profile" was within bounds that could possibly > result in an out of bounds array acccess. What we did was we checked if > we could write the data to the firmware and it's possibly the firmware > checks these values but there is no way to know. It's safer and easier > to read if we check it in the kernel as well. > > I also added a check to ensure that "settings->size" was correct. The > comments say that the only valid value is 36 which is sizeof(struct > kone_settings). > > Fixes: 14bf62cde794 ("HID: add driver for Roccat Kone gaming mouse") > Signed-off-by: Dan Carpenter Stefan, could I please get your Reviewed-by and/or Tested-by, to make sure this doesn't unintentionally somehow break userspace? Thanks, -- Jiri Kosina SUSE Labs