When the setup of the GHL fails, we are not calling hid_hw_stop().
This leads to the hidraw node not being released, meaning a crash
whenever somebody attempts to open the file.
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20211202095334.14399-2-benjamin.tissoires@redhat.com
Some HID drivers are only for USB drivers, yet did not depend on
CONFIG_USB_HID. This was hidden by the fact that the USB functions were
stubbed out in the past, but now that drivers are checking for USB
devices properly, build errors can occur with some random
configurations.
Reported-by: kernel test robot <lkp@intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20211202114819.2511954-1-gregkh@linuxfoundation.org
Many HID drivers assume that the HID device assigned to them is a USB
device as that was the only way HID devices used to be able to be
created in Linux. However, with the additional ways that HID devices
can be created for many different bus types, that is no longer true, so
properly check that we have a USB device associated with the HID device
before allowing a driver that makes this assumption to claim it.
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: Michael Zaidman <michael.zaidman@gmail.com>
Cc: Stefan Achatz <erazor_de@users.sourceforge.net>
Cc: Maxime Coquelin <mcoquelin.stm32@gmail.com>
Cc: Alexandre Torgue <alexandre.torgue@foss.st.com>
Cc: linux-input@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
[bentiss: amended for thrustmater.c hunk to apply]
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20211201183503.2373082-3-gregkh@linuxfoundation.org
The wacom driver accepts devices of more than just USB types, but some
code paths can cause problems if the device being controlled is not a
USB device due to a lack of checking. Add the needed checks to ensure
that the USB device accesses are only happening on a "real" USB device,
and not one on some other bus.
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-input@vger.kernel.org
Cc: stable@vger.kernel.org
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20211201183503.2373082-2-gregkh@linuxfoundation.org
A number of HID drivers already call hid_is_using_ll_driver() but only
for the detection of if this is a USB device or not. Make this more
obvious by creating hid_is_usb() and calling the function that way.
Also converts the existing hid_is_using_ll_driver() functions to use the
new call.
Cc: Jiri Kosina <jikos@kernel.org>
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: linux-input@vger.kernel.org
Cc: stable@vger.kernel.org
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Link: https://lore.kernel.org/r/20211201183503.2373082-1-gregkh@linuxfoundation.org
Add a HID_QUIRK_NO_INIT_REPORTS quirk for the
Microsoft Surface 3 (non pro) type-cover.
Trying to init the reports seems to confuse the type-cover and
causes 2 issues:
1. Despite hid-multitouch sending the command to switch the
touchpad to multitouch mode, it keeps sending events on the
mouse emulation interface.
2. The touchpad completely stops sending events after a reboot.
Adding the HID_QUIRK_NO_INIT_REPORTS quirk fixes both issues.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Iiyama ProLite T1931SAW does not work with Linux - input devices are
created but cursor does not move.
It has the infamous 0eef:0001 ID which has been reused for various
devices before.
It seems to require export_all_inputs = true.
Hopefully there are no HID devices using this ID that will break.
It should not break non-HID devices (handled by usbtouchscreen).
Signed-off-by: Ondrej Zary <linux@zary.sk>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The rumbling-related identifiers are never used in !CONFIG_NINTENDO_FF
case, so let's hide them in order to avoid unused warnings.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
In hid_magicmouse, if the user has set scroll_speed to a value between
55 and 63 and scrolls seven times in quick succession, the
step_hr variable in the magicmouse_emit_touch function becomes 0.
That causes a division by zero further down in the function when
it does `step_x_hr /= step_hr`.
To reproduce, create `/etc/modprobe.d/hid_magicmouse.conf` with the
following content:
```
options hid_magicmouse scroll_acceleration=1 scroll_speed=55
```
Then reboot, connect a Magic Mouse and scroll seven times quickly.
The system will freeze for a minute, and after that `dmesg` will
confirm that a division by zero occurred.
Enforce a minimum of 1 for the variable so the high resolution
step count can never reach 0 even at maximum scroll acceleration.
Fixes: d4b9f10a0e ("HID: magicmouse: enable high-resolution scroll")
Signed-off-by: Claudia Pellegrino <linux@cpellegrino.de>
Tested-by: José Expósito <jose.exposito89@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Changed 0 to NULL to fix following sparse warnings:
drivers/hid/hid-thrustmaster.c:208:43: warning: Using plain integer as NULL pointer
drivers/hid/hid-thrustmaster.c:241:17: warning: Using plain integer as NULL pointer
drivers/hid/hid-thrustmaster.c:275:37: warning: Using plain integer as NULL pointer
Signed-off-by: Vihas Mak <makvihas@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Battery status is reported for the HP Envy X360 Convertible 15-eu0xxx
even if it does not have a battery. Prevent it from always reporting the
battery as low.
Signed-off-by: Trevor Davenport <trevor.davenport@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
When a scancode is manually remapped that previously was not handled as
key, then the old usage type was incorrectly reused.
This caused issues on a "04b3:301b IBM Corp. SK-8815 Keyboard" which has
marked some of its keys with an invalid HID usage. These invalid usage
keys are being ignored since support for USB programmable buttons was
added.
The scancodes are however remapped explicitly by the systemd hwdb to the
keycodes that are printed on the physical buttons. During this mapping
step the existing usage is retrieved which will be found with a default
type of 0 (EV_SYN) instead of EV_KEY.
The events with the correct code but EV_SYN type are not forwarded to
userspace.
This also leads to a kernel oops when trying to print the report descriptor
via debugfs. hid_resolv_event() tries to resolve a EV_SYN event with an
EV_KEY code which leads to an out-of-bounds access in the EV_SYN names
array.
Fixes: bcfa8d1457 ("HID: input: Add support for Programmable Buttons")
Fixes: f5854fad39 ("Input: hid-input - allow mapping unknown usages")
Reported-by: Brent Roman <brent@mbari.org>
Tested-by: Brent Roman <brent@mbari.org>
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Reviewed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Fix parsing of HID_CP_CONSUMER_CONTROL fields which are not in
the HID_CP_PROGRAMMABLEBUTTONS collection.
Fixes: bcfa8d1457 ("HID: input: Add support for Programmable Buttons")
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2018096
Cc: Thomas Weißschuh <linux@weissschuh.net>
Suggested-by: Benjamin Tissoires <btissoir@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-By: Thomas Weißschuh <linux@weissschuh.net>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This reverts commit 2ea5999d07.
As Dmitry Torokhov pointed out, the previous code (KEY_DISPLAY_OFF) is
actually correct. The real issue is that current desktop environments
don't deal it properly. Mapping it to another event does not solve the
issue.
So I'm reverting that change, keeping key 0x35 mapped to KEY_DISPLAY_OFF
Signed-off-by: Vinícius Angiolucci Reis <angiolucci@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
A late addititon to the intel-ish-hid framework caused a build failure
with clang, and introduced an ABI to the module loader that stops working
if any driver ever needs to bind to more than one UUID:
drivers/hid/intel-ish-hid/ishtp-fw-loader.c:1067:4: error: initializer element is not a compile-time constant
Change the ishtp_device_id to have correct documentation and a driver_data
field like all the other ones, and change the drivers to use the ID table
as the primary identification in a way that works with all compilers
and avoids duplciating the identifiers.
Fixes: f155dfeaa4 ("platform/x86: isthp_eclite: only load for matching devices")
Fixes: facfe0a4fd ("platform/chrome: chros_ec_ishtp: only load for matching devices")
Fixes: 0d0cccc0fd ("HID: intel-ish-hid: hid-client: only load for matching devices")
Fixes: 44e2a58cb8 ("HID: intel-ish-hid: fw-loader: only load for matching devices")
Fixes: cb1a2c6847 ("HID: intel-ish-hid: use constants for modaliases")
Fixes: fa443bc3c1 ("HID: intel-ish-hid: add support for MODULE_DEVICE_TABLE()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
[jkosina@suse.cz: fix ecl_ishtp_cl_driver.id initialization]
[jkosina@suse.cz: fix conflict with already fixed kerneldoc]
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The HID descriptor of many of Wacom's touch input devices include a
"Confidence" usage that signals if a particular touch collection contains
useful data. The driver does not look at this flag, however, which causes
even invalid contacts to be reported to userspace. A lucky combination of
kernel event filtering and device behavior (specifically: contact ID 0 ==
invalid, contact ID >0 == valid; and order all data so that all valid
contacts are reported before any invalid contacts) spare most devices from
any visibly-bad behavior.
The DTH-2452 is one example of an unlucky device that misbehaves. It uses
ID 0 for both the first valid contact and all invalid contacts. Because
we report both the valid and invalid contacts, the kernel reports that
contact 0 first goes down (valid) and then goes up (invalid) in every
report. This causes ~100 clicks per second simply by touching the screen.
This patch inroduces new `confidence` flag in our `hid_data` structure.
The value is initially set to `true` at the start of a report and can be
set to `false` if an invalid touch usage is seen.
Link: https://github.com/linuxwacom/input-wacom/issues/270
Fixes: f8b6a74719 ("HID: wacom: generic: Support multiple tools per report")
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Tested-by: Joshua Dickens <joshua.dickens@wacom.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
These two error paths need to drop the lock before returning.
Fixes: c5e6267695 ("HID: nintendo: add player led support")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Previously it was loaded for all ISHTP devices.
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Previously it was loaded for all ISHTP devices.
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Pull HID updates from Jiri Kosina:
- support for Nintendo Switch Pro Controllers and Joy-Cons (Daniel J.
Ogorchock)
- support for new revision of the NitroKey U2F device firmware (Andrej
Shadura)
- LED handling improvements for Sony Playstation5 controllers (Roderick
Colenbrander)
- support for Apple 2021 Magic Keyboard (Alex Henrie)
- other assorted code cleanups and new device ID additions
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid: (41 commits)
HID: nintendo: fix -Werror build
HID: playstation: require multicolor LED functionality
HID: u2fzero: properly handle timeouts in usb_submit_urb
HID: u2fzero: clarify error check and length calculations
HID: u2fzero: Support NitroKey U2F revision of the device
HID: wacom: Make use of the helper function devm_add_action_or_reset()
HID: wacom: Shrink critical section in `wacom_add_shared_data`
HID: nintendo: prevent needless queueing of the rumble worker
HID: nintendo: ratelimit subcommands and rumble
HID: nintendo: improve rumble performance and stability
HID: nintendo: add IMU support
HID: nintendo: add support for reading user calibration
HID: nintendo: add support for charging grip
HID: nintendo: set controller uniq to MAC
HID: nintendo: reduce device removal subcommand errors
HID: nintendo: patch hw version for userspace HID mappings
HID: nintendo: send subcommands after receiving input report
HID: nintendo: improve subcommand reliability
HID: nintendo: add rumble support
HID: nintendo: add home led support
...
Highlights:
- AMD-PMC S0ix support fixes and improvements
- HP-WMI support for Omen laptops
- New nvidia-wmi-ec-backlight driver
- New Intel ISH ECLITE driver
- WMI core cleanups
- Support for various new Melanox platforms
- System76 Laptop support improvements
- Surface Laptop Studio support and initial Surface Pro 8 support
- Various other small fixes and hardware-id additions
The following is an automated git shortlog grouped by driver:
ABI:
- sysfs-platform-intel-pmc: add blank lines to make it valid for ReST
- sysfs-platform-dell-privacy-wmi: correct ABI entries
ASoC:
- Intel: Move soc_intel_is_foo() helpers to a generic header
Add Intel ishtp eclite driver:
- Add Intel ishtp eclite driver
Add driver for ACPI WMAA EC-based backlight control:
- Add driver for ACPI WMAA EC-based backlight control
Documentation/ABI:
- Add new line card attributes for mlxreg-io sysfs interfaces
- Add new attributes for mlxreg-io sysfs interfaces
HID:
- surface-hid: Allow driver matching for target ID 1 devices
- surface-hid: Use correct event registry for managing HID events
Input:
- axp20x-pek - Use new soc_intel_is_cht() helper
Remove "WMAA" from identifier names in wmaa-backlight-wmi.c:
- Remove "WMAA" from identifier names in wmaa-backlight-wmi.c
Rename wmaa-backlight-wmi to nvidia-wmi-ec-backlight:
- Rename wmaa-backlight-wmi to nvidia-wmi-ec-backlight
Support for EC-connected GPIOs for identify LED/button on Barco P50 board:
- Support for EC-connected GPIOs for identify LED/button on Barco P50 board
acer-wmi:
- use __packed instead of __attribute__((packed))
amd-pmc:
- Drop check for valid alarm time
- Downgrade dev_info message to dev_dbg
- fix compilation without CONFIG_RTC_SYSTOHC_DEVICE
- Add special handling for timer based S0i3 wakeup
- adjust arguments for `amd_pmc_send_cmd`
- Add alternative acpi id for PMC controller
- Add a message to print resume time info
- Send command to dump data after clearing OS_HINT
- Fix compilation when CONFIG_DEBUGFS is disabled
- Export Idlemask values based on the APU
- Check s0i3 cycle status
- Increase the response register timeout
asus-wmi:
- rename platform_profile_* function symbols
barco-p50-gpio:
- use KEY_VENDOR for button instead of KEY_RESTART
dell:
- Make DELL_WMI_PRIVACY depend on DELL_WMI
- fix DELL_WMI_PRIVACY dependencies & build error
dell-wmi:
- Recognise or support new switches
docs:
- ABI: fix documentation warning in sysfs-driver-mlxreg-io
gigabyte-wmi:
- add support for B550 AORUS ELITE AX V2
- add support for B550I Aorus Pro AX
hp-wmi:
- rename platform_profile_* function symbols
- add support for omen laptops
ideapad-laptop:
- Add platform support for Ideapad 5 Pro 16ACH6-82L5
int1092:
- Fix non sequential device mode handling
intel_int0002_vgpio:
- Use the new soc_intel_is_byt()/_cht() helpers
intel_scu_ipc:
- Update timeout value in comment
- Increase virtual timeout to 10s
- Fix busy loop expiry time
intel_skl_int3472:
- Correct null check
lg-laptop:
- replace snprintf in show functions with sysfs_emit
- Correctly handle dmi_get_system_info() returning NULL
mlx-platform:
- Add support for new system SGN2410
- Add BIOS attributes for CoffeeLake COMEx based systems
- Extend FAN and LED configuration to support new MQM97xx systems
- Add support for multiply cooling devices
- Configure notifier callbacks for modular system
- Add initial support for new modular system
panasonic-laptop:
- Replace snprintf in show functions with sysfs_emit
platform:
- x86: ideapad-laptop: Use ACPI_COMPANION() directly
- lg-laptop: drop unneeded MODULE_ALIAS
platform/mellanox:
- mlxreg-lc: Add initial support for Nvidia line card devices
- mlxreg-io: Extend number of hwmon attributes
- mlxreg-hotplug: Extend logic for hotplug devices operations
- mlxreg-io: Fix read access of n-bytes size attributes
- mlxreg-io: Fix argument base in kstrtou32() call
platform/surface:
- aggregator_registry: Add initial support for Surface Pro 8
- aggregator_registry: Add support for Surface Laptop Studio
- gpe: Add support for Surface Laptop Studio
platform/x86/intel:
- hid: Add DMI switches allow list
- punit_ipc: Drop wrong use of ACPI_PTR()
platform_data/mlxreg:
- Add new field for secured access
- Add new type to support modular systems
sony-laptop:
- replace snprintf in show functions with sysfs_emit
surface:
- surface3_power: Drop redundant acpi_bus_get_device() call
- surface3-wmi: Use ACPI_COMPANION() directly
system76_acpi:
- Fix input device error handling
- fix Kconfig dependencies
- Add attribute group for kb_led_color
- Add battery charging thresholds
- Replace Fn+F2 function for OLED models
- Report temperature and fan speed
thinkpad_acpi:
- Fix bitwise vs. logical warning
- Fix coccinelle warnings
- Switch to common use of attributes
touchscreen_dmi:
- Add info for the Viglen Connect 10 tablet
- Update info for the Chuwi Hi10 Plus (CWI527) tablet
- Add info for the Chuwi HiBook (CWI514) tablet
update email addresses. Change all email addresses for Mark Gross to use markgross@kernel.org.:
- update email addresses. Change all email addresses for Mark Gross to use markgross@kernel.org.
wmi:
- change notification handler type
- more detailed error reporting in find_guid()
- introduce helper to retrieve event data
- introduce helper to determine type
- introduce helper to generate method names
- introduce helper to convert driver to WMI driver
- simplify error handling logic
- do not fail if disabling fails
- improve debug messages
- align arguments of functions
- move variables
- remove variable
- use sizeof(*p) in allocation
- use !p to check for NULL
- use sysfs_emit()
- make GUID block packed
- use guid_t and guid_equal()
- use bool instead of int
- use BIT() macro
- remove unnecessary checks
- remove stray empty line
- remove unnecessary casts
- remove unnecessary argument
- remove unnecessary variable
- remove unnecessary initializations
- remove unnecessary initialization
- remove commas
- fix checkpatch warnings
- fix kernel doc
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEEuvA7XScYQRpenhd+kuxHeUQDJ9wFAmGBVW0UHGhkZWdvZWRl
QHJlZGhhdC5jb20ACgkQkuxHeUQDJ9xufQgAnheynzaOChdXasbvR//mv+lyGE49
76uRA9HF9SeP430B+MTkZuYhEIiiY7lKjHi7ZY15HPY0r6wrrbJn+zDBpXFo3Scy
6CC/KUNNkwZgy1KoDC0v1SynlkHZgS4F98S1/IKkcBDQH91N0VltLFKuYYiPw2Hp
APMmQUxGGxdmBlxyKOZnFK5BicNCzGL9klkU2evQmywICx3ZT3Q9jQ1YIoiw85O+
sH7Owt3jIpWVbhb6TcPupuKw4LP6hqa8z9yYLchGaJQFyr1RXTznmLAB7foKRCJ/
48jGgjlHF2OkrLiOvT8hFMqpU52VjVUr0fBGyRjWb7dIpt5Fp1M2HLlRXA==
=cpVa
-----END PGP SIGNATURE-----
Merge tag 'platform-drivers-x86-v5.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86
Pull x86 platform driver updates from Hans de Goede:
"Highlights:
- AMD-PMC S0ix support fixes and improvements
- HP-WMI support for Omen laptops
- New nvidia-wmi-ec-backlight driver
- New Intel ISH ECLITE driver
- WMI core cleanups
- Support for various new Melanox platforms
- System76 Laptop support improvements
- Surface Laptop Studio support and initial Surface Pro 8 support
- Various other small fixes and hardware-id additions"
* tag 'platform-drivers-x86-v5.16-1' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86: (106 commits)
platform/x86: system76_acpi: Fix input device error handling
platform/x86: touchscreen_dmi: Add info for the Viglen Connect 10 tablet
platform/surface: aggregator_registry: Add initial support for Surface Pro 8
platform/x86: mlx-platform: Add support for new system SGN2410
platform/x86: mlx-platform: Add BIOS attributes for CoffeeLake COMEx based systems
platform/x86: mlx-platform: Extend FAN and LED configuration to support new MQM97xx systems
platform/x86: asus-wmi: rename platform_profile_* function symbols
platform/x86: hp-wmi: rename platform_profile_* function symbols
platform/x86: amd-pmc: Drop check for valid alarm time
platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg
platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE
platform/x86: system76_acpi: fix Kconfig dependencies
platform/x86: barco-p50-gpio: use KEY_VENDOR for button instead of KEY_RESTART
platform/x86: sony-laptop: replace snprintf in show functions with sysfs_emit
platform/x86: lg-laptop: replace snprintf in show functions with sysfs_emit
docs: ABI: fix documentation warning in sysfs-driver-mlxreg-io
platform/x86: wmi: change notification handler type
HID: surface-hid: Allow driver matching for target ID 1 devices
HID: surface-hid: Use correct event registry for managing HID events
platform/surface: aggregator_registry: Add support for Surface Laptop Studio
...
The end goal of the current buffer overflow detection work[0] is to gain
full compile-time and run-time coverage of all detectable buffer overflows
seen via array indexing or memcpy(), memmove(), and memset(). The str*()
family of functions already have full coverage.
While much of the work for these changes have been on-going for many
releases (i.e. 0-element and 1-element array replacements, as well as
avoiding false positives and fixing discovered overflows[1]), this series
contains the foundational elements of several related buffer overflow
detection improvements by providing new common helpers and FORTIFY_SOURCE
changes needed to gain the introspection required for compiler visibility
into array sizes. Also included are a handful of already Acked instances
using the helpers (or related clean-ups), with many more waiting at the
ready to be taken via subsystem-specific trees[2]. The new helpers are:
- struct_group() for gaining struct member range introspection.
- memset_after() and memset_startat() for clearing to the end of structures.
- DECLARE_FLEX_ARRAY() for using flex arrays in unions or alone in structs.
Also included is the beginning of the refactoring of FORTIFY_SOURCE to
support memcpy() introspection, fix missing and regressed coverage under
GCC, and to prepare to fix the currently broken Clang support. Finishing
this work is part of the larger series[0], but depends on all the false
positives and buffer overflow bug fixes to have landed already and those
that depend on this series to land.
As part of the FORTIFY_SOURCE refactoring, a set of both a compile-time
and run-time tests are added for FORTIFY_SOURCE and the mem*()-family
functions respectively. The compile time tests have found a legitimate
(though corner-case) bug[6] already.
Please note that the appearance of "panic" and "BUG" in the
FORTIFY_SOURCE refactoring are the result of relocating existing code,
and no new use of those code-paths are expected nor desired.
Finally, there are two tree-wide conversions for 0-element arrays and
flexible array unions to gain sane compiler introspection coverage that
result in no known object code differences.
After this series (and the changes that have now landed via netdev
and usb), we are very close to finally being able to build with
-Warray-bounds and -Wzero-length-bounds. However, due corner cases in
GCC[3] and Clang[4], I have not included the last two patches that turn
on these options, as I don't want to introduce any known warnings to
the build. Hopefully these can be solved soon.
[0] https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@chromium.org/
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=FORTIFY_SOURCE
[2] https://lore.kernel.org/lkml/202108220107.3E26FE6C9C@keescook/
[3] https://lore.kernel.org/lkml/3ab153ec-2798-da4c-f7b1-81b0ac8b0c5b@roeck-us.net/
[4] https://bugs.llvm.org/show_bug.cgi?id=51682
[5] https://lore.kernel.org/lkml/202109051257.29B29745C0@keescook/
[6] https://lore.kernel.org/lkml/20211020200039.170424-1-keescook@chromium.org/
-----BEGIN PGP SIGNATURE-----
iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmGAFWcWHGtlZXNjb29r
QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJmKFD/45MJdnvW5MhIEeW5tc5UjfcIPS
ae+YvlEX/2ZwgSlTxocFVocE6hz7b6eCiX3dSAChPkPxsSfgeiuhjxsU+4ROnELR
04RqTA/rwT6JXfJcXbDPXfxDL4huUkgktAW3m1sT771AZspeap2GrSwFyttlTqKA
+kTiZ3lXJVFcw10uyhfp3Lk6eFJxdf5iOjuEou5kBOQfpNKEOduRL2K15hSowOwB
lARiAC+HbmN+E+npvDE7YqK4V7ZQ0/dtB0BlfqgTkn1spQz8N21kBAMpegV5vvIk
A+qGHc7q2oyk4M14TRTidQHGQ4juW1Kkvq3NV6KzwQIVD+mIfz0ESn3d4tnp28Hk
Y+OXTI1BRFlApQU9qGWv33gkNEozeyqMLDRLKhDYRSFPA9UKkpgXQRzeTzoLKyrQ
4B6n5NnUGcu7I6WWhpyZQcZLDsHGyy0vHzjQGs/NXtb1PzXJ5XIGuPdmx9pVMykk
IVKnqRcWyGWahfh3asOnoXvdhi1No4NSHQ/ZHfUM+SrIGYjBMaUisw66qm3Fe8ZU
lbO2CFkCsfGSoKNPHf0lUEGlkyxAiDolazOfflDNxdzzlZo2X1l/a7O/yoO4Pqul
cdL0eDjiNoQ2YR2TSYPnXq5KSL1RI0tlfS8pH8k1hVhZsQx0wpAQ+qki0S+fLePV
PdA9XB82G2tmqKc9cQ==
=9xbT
-----END PGP SIGNATURE-----
Merge tag 'overflow-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull overflow updates from Kees Cook:
"The end goal of the current buffer overflow detection work[0] is to
gain full compile-time and run-time coverage of all detectable buffer
overflows seen via array indexing or memcpy(), memmove(), and
memset(). The str*() family of functions already have full coverage.
While much of the work for these changes have been on-going for many
releases (i.e. 0-element and 1-element array replacements, as well as
avoiding false positives and fixing discovered overflows[1]), this
series contains the foundational elements of several related buffer
overflow detection improvements by providing new common helpers and
FORTIFY_SOURCE changes needed to gain the introspection required for
compiler visibility into array sizes. Also included are a handful of
already Acked instances using the helpers (or related clean-ups), with
many more waiting at the ready to be taken via subsystem-specific
trees[2].
The new helpers are:
- struct_group() for gaining struct member range introspection
- memset_after() and memset_startat() for clearing to the end of
structures
- DECLARE_FLEX_ARRAY() for using flex arrays in unions or alone in
structs
Also included is the beginning of the refactoring of FORTIFY_SOURCE to
support memcpy() introspection, fix missing and regressed coverage
under GCC, and to prepare to fix the currently broken Clang support.
Finishing this work is part of the larger series[0], but depends on
all the false positives and buffer overflow bug fixes to have landed
already and those that depend on this series to land.
As part of the FORTIFY_SOURCE refactoring, a set of both a
compile-time and run-time tests are added for FORTIFY_SOURCE and the
mem*()-family functions respectively. The compile time tests have
found a legitimate (though corner-case) bug[6] already.
Please note that the appearance of "panic" and "BUG" in the
FORTIFY_SOURCE refactoring are the result of relocating existing code,
and no new use of those code-paths are expected nor desired.
Finally, there are two tree-wide conversions for 0-element arrays and
flexible array unions to gain sane compiler introspection coverage
that result in no known object code differences.
After this series (and the changes that have now landed via netdev and
usb), we are very close to finally being able to build with
-Warray-bounds and -Wzero-length-bounds.
However, due corner cases in GCC[3] and Clang[4], I have not included
the last two patches that turn on these options, as I don't want to
introduce any known warnings to the build. Hopefully these can be
solved soon"
Link: https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@chromium.org/ [0]
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=FORTIFY_SOURCE [1]
Link: https://lore.kernel.org/lkml/202108220107.3E26FE6C9C@keescook/ [2]
Link: https://lore.kernel.org/lkml/3ab153ec-2798-da4c-f7b1-81b0ac8b0c5b@roeck-us.net/ [3]
Link: https://bugs.llvm.org/show_bug.cgi?id=51682 [4]
Link: https://lore.kernel.org/lkml/202109051257.29B29745C0@keescook/ [5]
Link: https://lore.kernel.org/lkml/20211020200039.170424-1-keescook@chromium.org/ [6]
* tag 'overflow-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (30 commits)
fortify: strlen: Avoid shadowing previous locals
compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer
treewide: Replace 0-element memcpy() destinations with flexible arrays
treewide: Replace open-coded flex arrays in unions
stddef: Introduce DECLARE_FLEX_ARRAY() helper
btrfs: Use memset_startat() to clear end of struct
string.h: Introduce memset_startat() for wiping trailing members and padding
xfrm: Use memset_after() to clear padding
string.h: Introduce memset_after() for wiping trailing members/padding
lib: Introduce CONFIG_MEMCPY_KUNIT_TEST
fortify: Add compile-time FORTIFY_SOURCE tests
fortify: Allow strlen() and strnlen() to pass compile-time known lengths
fortify: Prepare to improve strnlen() and strlen() warnings
fortify: Fix dropped strcpy() compile-time write overflow check
fortify: Explicitly disable Clang support
fortify: Move remaining fortify helpers into fortify-string.h
lib/string: Move helper functions out of string.c
compiler_types.h: Remove __compiletime_object_size()
cm4000_cs: Use struct_group() to zero struct cm4000_dev region
can: flexcan: Use struct_group() to zero struct flexcan_regs regions
...
There are a lot of warnings due to unused protocol constants, but I believe
it's good to leave them in the sources for documentation purposes for further
development.
Switch them over from static conts to macros to avoid the warnings.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The driver requires multicolor LED support; express that in Kconfig.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The wait_for_completion_timeout function returns 0 if timed out or a
positive value if completed. Hence, "less than zero" comparison always
misses timeouts and doesn't kill the URB as it should, leading to
re-sending it while it is active.
Fixes: 42337b9d4d ("HID: add driver for U2F Zero built-in LED and RNG")
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The previous commit fixed handling of incomplete packets but broke error
handling: offsetof returns an unsigned value (size_t), but when compared
against the signed return value, the return value is interpreted as if
it were unsigned, so negative return values are never less than the
offset.
To make the code easier to read, calculate the minimal packet length
once and separately, and assign it to a signed int variable to eliminate
unsigned math and the need for type casts. It then becomes immediately
obvious how the actual data length is calculated and why the return
value cannot be less than the minimal length.
Fixes: 22d65765f2 ("HID: u2fzero: ignore incomplete packets without data")
Fixes: 42337b9d4d ("HID: add driver for U2F Zero built-in LED and RNG")
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
NitroKey produced a clone of U2F Zero with a different firmware,
which moved extra commands into the vendor range.
Disambiguate hardware revisions and select the correct configuration in
u2fzero_probe.
Link: https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/commit/a93c16b41f
Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The helper function devm_add_action_or_reset() will internally
call devm_add_action(), and if devm_add_action() fails then it will
execute the action mentioned and return the error code. So
use devm_add_action_or_reset() instead of devm_add_action()
to simplify the error handling, reduce the code.
Signed-off-by: Cai Huoqing <caihuoqing@baidu.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The size of the critical section in this function appears to be larger
than necessary. The `wacom_udev_list_lock` exists to ensure that one
interface cannot begin checking if a shared object exists while a second
interface is doing the same (otherwise both could determine that no
object exists yet and create their own independent objects rather than
sharing just one). It should be safe for the critical section to end
once a fresly-allocated shared object would be found by other threads
(i.e., once it has been added to `wacom_udev_list`, which is looped
over by `wacom_get_hdev_data`).
This commit is a necessary pre-requisite for a later change to swap the
use of `devm_add_action` with `devm_add_action_or_reset`, which would
otherwise deadlock in its error case.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch adds a check for if the rumble queue ringbuffer is empty
prior to queuing the rumble workqueue. If the current rumble setting is
using a non-zero amplitude though, it will queue the worker anyway. This
is because the controller will automatically disable the rumble effect
if it isn't "refreshed".
This change improves bluetooth communication reliability with the
controller, since it reduces the amount of traffic.
Note that we still send a few periodic zero packets to avoid scenarios
where the controller fails to process the zero amplitude packet. Without
sending a few to be sure, the rumble could get stuck on until the
controller times out.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
It has been found that sending subcommands and rumble data packets at
too great a rate can result in controller disconnects. This patch limits
the rate of subcommands/rumble to once every 25 milliseconds.
Similar to sending subcommands, it is more reliable to send the rumble
data packets immediately after we've received an input report from the
controller. This results in far fewer bluetooth disconnects for the
controller.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch alters the method that the rumble data is sent to the
controller. Rather than using the enable rumble subcommand for this
purpose, the driver now employs the RUMBLE_ONLY output report. This has
the advantage of not needing to receive a subcommand reply (to the major
benefit of reducing IMU latency) and also seems to make the rumble
vibrations more continuous. Perhaps most importantly it reduces
disconnects during times of heavy rumble.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch adds support for the controller's IMU. The accelerometer and
gyro data are both provided to userspace using a second input device.
The devices can be associated using their uniq value (set to the
controller's MAC address).
A large part of this patch's functionality was provided by Carl Mueller.
The IMU device is blacklisted from the joydev input handler.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
If the controller's SPI flash contains user stick calibration(s), they
should be prioritized over the factory calibrations. The user
calibrations have 2 magic bytes preceding them. If the bytes are the
correct magic values, the user calibration is used.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch adds support for the joy-con charging grip. The peripheral
essentially behaves the same as a pro controller, but with two joy-cons
attached to the grip. However the grip exposes the two joy-cons as
separate hid devices, so extra handling is required. The joy-con is
queried to check if it is a right or left joy-con (since the product ID
is identical between left/right when using the grip).
Since controller model detection is now more complicated, the various
checks for hid product values have been replaced with helper macros to
reduce code duplication.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch sets the input device's uniq identifier to the controller's
MAC address. This is useful for future association between an IMU input
device with the normal input device as well as associating the
controller with any serial joy-con driver.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch fixes meaningless error output from trying to send
subcommands immediately after controller removal. It now disables
subcommands as soon as possible on removal.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This patch sets the most significant bit of the hid hw version to allow
userspace to distinguish between this driver's input mappings vs. the
default hid mappings. This prevents breaking userspace applications that
use SDL2 for gamepad input, allowing them to distinguish the mappings
based on the version.
Signed-off-by: Daniel J. Ogorchock <djogorchock@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
