* [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug.
@ 2022-11-16 16:00 Roderick Colenbrander
2022-11-16 16:00 ` [PATCH 2/2] HID: playstation: fix DualShock4 bluetooth CRC endian issue Roderick Colenbrander
2022-11-16 23:10 ` [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Jiri Kosina
0 siblings, 2 replies; 5+ messages in thread
From: Roderick Colenbrander @ 2022-11-16 16:00 UTC (permalink / raw)
To: Jiri Kosina, Benjamin Tissoires; +Cc: linux-input, Roderick Colenbrander
The size of the output buffer used for output reports was not updated
to the larger size needed for Bluetooth. This ultimately resulted
in memory corruption of surrounding structures e.g. due to memsets.
Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
---
drivers/hid/hid-playstation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index bae3e712a562..f5e0d06d3cd8 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev)
ds4->output_worker_initialized = true;
hid_set_drvdata(hdev, ds4);
- max_output_report_size = sizeof(struct dualshock4_output_report_usb);
+ max_output_report_size = sizeof(struct dualshock4_output_report_bt);
ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL);
if (!ds4->output_report_dmabuf)
return ERR_PTR(-ENOMEM);
--
2.38.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] HID: playstation: fix DualShock4 bluetooth CRC endian issue.
2022-11-16 16:00 [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Roderick Colenbrander
@ 2022-11-16 16:00 ` Roderick Colenbrander
2022-11-16 23:10 ` [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Jiri Kosina
1 sibling, 0 replies; 5+ messages in thread
From: Roderick Colenbrander @ 2022-11-16 16:00 UTC (permalink / raw)
To: Jiri Kosina, Benjamin Tissoires
Cc: linux-input, Roderick Colenbrander, kernel test robot
The driver was by accident reading the CRC directly from a hardware
structure instead of using get_unaligned_le32.
Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
---
drivers/hid/hid-playstation.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index f5e0d06d3cd8..7b5aef538044 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -2131,9 +2131,10 @@ static int dualshock4_parse_report(struct ps_device *ps_dev, struct hid_report *
} else if (hdev->bus == BUS_BLUETOOTH && report->id == DS4_INPUT_REPORT_BT &&
size == DS4_INPUT_REPORT_BT_SIZE) {
struct dualshock4_input_report_bt *bt = (struct dualshock4_input_report_bt *)data;
+ uint32_t report_crc = get_unaligned_le32(&bt->crc32);
/* Last 4 bytes of input report contains CRC. */
- if (!ps_check_crc32(PS_INPUT_CRC32_SEED, data, size - 4, bt->crc32)) {
+ if (!ps_check_crc32(PS_INPUT_CRC32_SEED, data, size - 4, report_crc)) {
hid_err(hdev, "DualShock4 input CRC's check failed\n");
return -EILSEQ;
}
--
2.38.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug.
2022-11-16 16:00 [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Roderick Colenbrander
2022-11-16 16:00 ` [PATCH 2/2] HID: playstation: fix DualShock4 bluetooth CRC endian issue Roderick Colenbrander
@ 2022-11-16 23:10 ` Jiri Kosina
2022-11-16 23:44 ` Roderick Colenbrander
1 sibling, 1 reply; 5+ messages in thread
From: Jiri Kosina @ 2022-11-16 23:10 UTC (permalink / raw)
To: Roderick Colenbrander
Cc: Benjamin Tissoires, linux-input, Roderick Colenbrander
On Wed, 16 Nov 2022, Roderick Colenbrander wrote:
> The size of the output buffer used for output reports was not updated
> to the larger size needed for Bluetooth. This ultimately resulted
> in memory corruption of surrounding structures e.g. due to memsets.
>
> Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
> Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Roderick,
thanks for the fixes. I believe
Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
would be appropriate for this one, right?
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug.
2022-11-16 23:10 ` [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Jiri Kosina
@ 2022-11-16 23:44 ` Roderick Colenbrander
2022-11-16 23:47 ` Jiri Kosina
0 siblings, 1 reply; 5+ messages in thread
From: Roderick Colenbrander @ 2022-11-16 23:44 UTC (permalink / raw)
To: Jiri Kosina; +Cc: Benjamin Tissoires, linux-input, Roderick Colenbrander
On Wed, Nov 16, 2022 at 3:10 PM Jiri Kosina <jikos@kernel.org> wrote:
>
> On Wed, 16 Nov 2022, Roderick Colenbrander wrote:
>
> > The size of the output buffer used for output reports was not updated
> > to the larger size needed for Bluetooth. This ultimately resulted
> > in memory corruption of surrounding structures e.g. due to memsets.
> >
> > Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
> > Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
>
> Roderick,
>
> thanks for the fixes. I believe
>
> Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
>
> would be appropriate for this one, right?
>
> --
> Jiri Kosina
> SUSE Labs
>
Yes, that would be appropriate there. I can submit if you would like.
Thanks,
Roderick
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug.
2022-11-16 23:44 ` Roderick Colenbrander
@ 2022-11-16 23:47 ` Jiri Kosina
0 siblings, 0 replies; 5+ messages in thread
From: Jiri Kosina @ 2022-11-16 23:47 UTC (permalink / raw)
To: Roderick Colenbrander
Cc: Benjamin Tissoires, linux-input, Roderick Colenbrander
On Wed, 16 Nov 2022, Roderick Colenbrander wrote:
> > > The size of the output buffer used for output reports was not updated
> > > to the larger size needed for Bluetooth. This ultimately resulted
> > > in memory corruption of surrounding structures e.g. due to memsets.
> > >
> > > Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.")
> > > Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
> >
> > Roderick,
> >
> > thanks for the fixes. I believe
> >
> > Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
> >
> > would be appropriate for this one, right?
> >
> > --
> > Jiri Kosina
> > SUSE Labs
> >
>
> Yes, that would be appropriate there. I can submit if you would like.
No worries, I've added that and applied on top of the previous series.
Thanks,
--
Jiri Kosina
SUSE Labs
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-11-16 23:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-16 16:00 [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Roderick Colenbrander
2022-11-16 16:00 ` [PATCH 2/2] HID: playstation: fix DualShock4 bluetooth CRC endian issue Roderick Colenbrander
2022-11-16 23:10 ` [PATCH 1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug Jiri Kosina
2022-11-16 23:44 ` Roderick Colenbrander
2022-11-16 23:47 ` Jiri Kosina
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.