On 08/07/2016 06:37 PM, Levin, Alexander wrote:
> From: Cameron Gutman <aicommander@xxxxxxxxx>
>
> This patch has been added to the 4.1 stable tree. If you have any
> objections, please let us know.
>
I see my timing is not ideal here given that 4.1.30 and 3.18.39 were
just tagged, but somehow I only received (3 copies of) this email
last night for 4.1 (and never received one for 3.18), even though
it seems to have been queued for 4.1 for 5 days.
Is c7f1429389ec1aa25e042bb13451385fbb596f8c going in too? It was marked
for stable and committed earlier than this patch. I never tested just
this patch alone on a kernel that supports Xbox One controllers.
My concern is now that we're not oopsing, we'll actually bind to
interface 2 on some Xbox One controllers. That interface is likely used
to send firmware updates to the controllers, which creates the
possibility that xpad might brick the controller when userspace tries
to talk to it.
The possibility might be remote, but it's hard to know with so many
different firmware versions and manufacturers out there. I'd definitely
feel more comfortable if the other patch was included too. Likewise for
your 3.18 stable tree.
I'm going to try a build without c7f1429389ec to see what happens with
the controllers I have on hand, so at least we'll know what to expect.
> ===============
>
> [ Upstream commit caca925fca4fb30c67be88cacbe908eec6721e43 ]
>
> This prevents a malicious USB device from causing an oops.
>
> Signed-off-by: Cameron Gutman <aicommander@xxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
> Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
> ---
> drivers/input/joystick/xpad.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
> index 61c7611..a450c4e 100644
> --- a/drivers/input/joystick/xpad.c
> +++ b/drivers/input/joystick/xpad.c
> @@ -1025,6 +1025,9 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
> int ep_irq_in_idx;
> int i, error;
>
> + if (intf->cur_altsetting->desc.bNumEndpoints != 2)
> + return -ENODEV;
> +
> for (i = 0; xpad_device[i].idVendor; i++) {
> if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) &&
> (le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))
>
Regards,
Cameron
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html