On Wed, Dec 01, 2021 at 05:38:49PM +0100, Benjamin Tissoires wrote: > > > On Wed, Dec 1, 2021 at 4:05 PM Benjamin Tissoires <benjamin.tissoires@xxxxxxxxxx> wrote: > > > > FWIW, I am also working on a test that generates all registered USB > > > > vid/pids from the currently running kernel and will try to inject them > > > > in the testsuite. This should validate this patch and prevent future > > > > mishaps. > > > > > > That would be great to see. Let me know if you want these broken up > > > smaller, and I will go fix the above issues. > > > > https://gitlab.freedesktop.org/bentiss/hid-tools/-/commit/2b04c6cf46c7405c8a916f324988660cb54dadea > > > > This seems sufficient to make an unpatched kernel scream :) > > I have now opened https://gitlab.freedesktop.org/libevdev/hid-tools/-/merge_requests/122 > with a quicker solution. > > This leads apparently to 2 extra crashes: > - one in hid-holtek-kbd -> hid_is_usb() is called *after* hid_parse(), so > report_fixup is actually called for uhid devices. Fixed that one in my v2 patch submission. > - another in bigbenff which is fixed by the following patch: > > --- > diff --git a/drivers/hid/hid-bigbenff.c b/drivers/hid/hid-bigbenff.c > index db6da21ade06..74ad8bf98bfd 100644 > --- a/drivers/hid/hid-bigbenff.c > +++ b/drivers/hid/hid-bigbenff.c > @@ -191,7 +191,7 @@ static void bigben_worker(struct work_struct *work) > struct bigben_device, worker); > struct hid_field *report_field = bigben->report->field[0]; > - if (bigben->removed) > + if (bigben->removed || !report_field) I don't see how this is a "USB device" issue. It's a good "fuzz the driver with invalid data" fix though :) thanks, greg k-h
