From: Andrey Smirnov <andrew.smirnov@gmail.com>
To: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: "open list:HID CORE LAYER" <linux-input@vger.kernel.org>,
Sam Bazely <sambazley@fastmail.com>,
Jiri Kosina <jikos@kernel.org>,
Henrik Rydberg <rydberg@bitmath.org>,
"Pierre-Loup A . Griffais" <pgriffais@valvesoftware.com>,
Austin Palmer <austinp@valvesoftware.com>,
lkml <linux-kernel@vger.kernel.org>,
"3.8+" <stable@vger.kernel.org>
Subject: Re: [PATCH 3/3] HID: logitech-hidpp: add G920 device validation quirk
Date: Fri, 11 Oct 2019 16:32:58 -0700 [thread overview]
Message-ID: <CAHQ1cqHNca22fAWMnLFBuD-txb7MvdFrY9bY2A9uViq4P5Cikg@mail.gmail.com> (raw)
In-Reply-To: <CAO-hwJ+HZEhn_riNwrODKSySt4aP4RzZq+omYDAF-7q5dLQR1Q@mail.gmail.com>
On Fri, Oct 11, 2019 at 3:33 PM Benjamin Tissoires
<benjamin.tissoires@redhat.com> wrote:
>
> On Fri, Oct 11, 2019 at 9:39 PM Andrey Smirnov <andrew.smirnov@gmail.com> wrote:
> >
> > On Fri, Oct 11, 2019 at 7:56 AM Benjamin Tissoires
> > <benjamin.tissoires@redhat.com> wrote:
> > >
> > > On Mon, Oct 7, 2019 at 7:13 AM Andrey Smirnov <andrew.smirnov@gmail.com> wrote:
> > > >
> > > > G920 device only advertises REPORT_ID_HIDPP_LONG and
> > > > REPORT_ID_HIDPP_VERY_LONG in its HID report descriptor, so querying
> > > > for REPORT_ID_HIDPP_SHORT with optional=false will always fail and
> > > > prevent G920 to be recognized as a valid HID++ device.
> > > >
> > > > Modify hidpp_validate_device() to check only REPORT_ID_HIDPP_LONG with
> > > > optional=false on G920 to fix this.
> > > >
> > > > Fixes: fe3ee1ec007b ("HID: logitech-hidpp: allow non HID++ devices to be handled by this module")
> > > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204191
> > > > Reported-by: Sam Bazely <sambazley@fastmail.com>
> > > > Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
> > > > Cc: Jiri Kosina <jikos@kernel.org>
> > > > Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
> > > > Cc: Henrik Rydberg <rydberg@bitmath.org>
> > > > Cc: Sam Bazely <sambazley@fastmail.com>
> > > > Cc: Pierre-Loup A. Griffais <pgriffais@valvesoftware.com>
> > > > Cc: Austin Palmer <austinp@valvesoftware.com>
> > > > Cc: linux-input@vger.kernel.org
> > > > Cc: linux-kernel@vger.kernel.org
> > > > Cc: stable@vger.kernel.org
> > > > ---
> > > > drivers/hid/hid-logitech-hidpp.c | 6 ++++++
> > > > 1 file changed, 6 insertions(+)
> > > >
> > > > diff --git a/drivers/hid/hid-logitech-hidpp.c b/drivers/hid/hid-logitech-hidpp.c
> > > > index cadf36d6c6f3..f415bf398e17 100644
> > > > --- a/drivers/hid/hid-logitech-hidpp.c
> > > > +++ b/drivers/hid/hid-logitech-hidpp.c
> > > > @@ -3511,6 +3511,12 @@ static bool hidpp_validate_report(struct hid_device *hdev, int id,
> > > >
> > > > static bool hidpp_validate_device(struct hid_device *hdev)
> > > > {
> > > > + struct hidpp_device *hidpp = hid_get_drvdata(hdev);
> > > > +
> > > > + if (hidpp->quirks & HIDPP_QUIRK_CLASS_G920)
> > > > + return hidpp_validate_report(hdev, REPORT_ID_HIDPP_LONG,
> > > > + HIDPP_REPORT_SHORT_LENGTH, false);
> > > > +
> > >
> > > with https://patchwork.kernel.org/patch/11184749/ we also have a need
> > > for such a trick for BLE mice.
> > >
> > > I wonder if we should not have a more common way of validating the devices
> > >
> >
> > What about just checking for:
> >
> > hidpp_validate_report(REPORT_ID_HIDPP_SHORT,
> > HIDPP_REPORT_SHORT_LENGTH, true) ||
> > hidpp_validate_report(hdev, REPORT_ID_HIDPP_LONG,
> > HIDPP_REPORT_LONG_LENGTH, true);
> >
> > and probably dropping the "optional" argument for
> > hidpp_validate_report()? Original code allows there to be devices
> > supporting shorts reports only, but it seems that devices that support
> > only long reports are legitimate too, so maybe the only "invalid"
> > combination is if both are invalid length or missing?
>
> Well, the problem is we also want to detect 2 things:
> - devices that do not have any of the HID++ collections, and handle
> them as generic ones (the second mouse/keyboard collection in the
> gaming mice should still be exported by the driver, or this will kill
> the macros / rebinding capabilities
> - malicious devices that pretends to have a HID++ collection but want
> to trigger a buffer overflow by having a shorter than expected report
> length
>
> Point 2 above should still be fine, but point 1 is why we have the
> enforcement of the HID++ short report in the first place.
>
It sounds like the result of hidpp_validate_report() can't really be
contained in a bool. If we modify it to return -EINVAL for bogus
report length, -ENOTSUPP if report ID is not supported and 0 if
everything is valid we should be able to capture all valid permutation
by checking for with
int id_short = hidpp_validate_report(ID_SHORT);
int id_long = hidpp_validate_report(ID_LONG);
return (!id_short && !id_long) || (id_short == -ENOTSUPP && !id_long)
|| (id_long == -ENOTSUPP && !id_short)
no?
Thanks,
Andrey Smirnov
next prev parent reply other threads:[~2019-10-11 23:33 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 5:12 [PATCH 0/3] Logitech G920 fixes Andrey Smirnov
2019-10-07 5:12 ` [PATCH 1/3] HID: logitech-hidpp: use devres to manage FF private data Andrey Smirnov
2019-10-11 14:52 ` Benjamin Tissoires
2019-10-11 18:18 ` Andrey Smirnov
2019-10-11 19:16 ` Benjamin Tissoires
2019-10-11 18:26 ` Dmitry Torokhov
2019-10-11 19:25 ` Benjamin Tissoires
2019-10-11 20:33 ` Dmitry Torokhov
2019-10-11 20:35 ` Dmitry Torokhov
2019-10-11 21:33 ` Dmitry Torokhov
2019-10-11 22:48 ` Benjamin Tissoires
2019-10-11 23:23 ` Dmitry Torokhov
2019-10-14 9:13 ` Benjamin Tissoires
2019-10-11 21:02 ` Andrey Smirnov
2019-10-11 21:11 ` Dmitry Torokhov
2019-10-11 21:11 ` Dmitry Torokhov
2019-10-11 22:34 ` Benjamin Tissoires
2019-10-11 20:52 ` Andrey Smirnov
[not found] ` <20191014035417.4CE8F2083B@mail.kernel.org>
2019-10-15 4:45 ` Andrey Smirnov
2019-10-07 5:12 ` [PATCH 2/3] HID: logitech-hidpp: split g920_get_config() Andrey Smirnov
2019-10-07 5:12 ` [PATCH 3/3] HID: logitech-hidpp: add G920 device validation quirk Andrey Smirnov
2019-10-11 14:55 ` Benjamin Tissoires
2019-10-11 19:38 ` Andrey Smirnov
2019-10-11 22:32 ` Benjamin Tissoires
2019-10-11 23:32 ` Andrey Smirnov [this message]
2019-10-14 9:47 ` Benjamin Tissoires
2019-10-10 21:20 ` [PATCH 0/3] Logitech G920 fixes Sam Bazley
2019-10-10 22:38 ` Sam Bazley
2019-10-11 14:53 ` Benjamin Tissoires
2019-10-11 18:19 ` Andrey Smirnov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHQ1cqHNca22fAWMnLFBuD-txb7MvdFrY9bY2A9uViq4P5Cikg@mail.gmail.com \
--to=andrew.smirnov@gmail.com \
--cc=austinp@valvesoftware.com \
--cc=benjamin.tissoires@redhat.com \
--cc=jikos@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pgriffais@valvesoftware.com \
--cc=rydberg@bitmath.org \
--cc=sambazley@fastmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.