On 08/08/2016 08:39 PM, Cameron Gutman wrote:
> On 08/07/2016 06:37 PM, Levin, Alexander wrote:
>> From: Cameron Gutman <aicommander@xxxxxxxxx>
>>
>> This patch has been added to the 4.1 stable tree. If you have any
>> objections, please let us know.
>>
>
> I see my timing is not ideal here given that 4.1.30 and 3.18.39 were
> just tagged, but somehow I only received (3 copies of) this email
> last night for 4.1 (and never received one for 3.18), even though
> it seems to have been queued for 4.1 for 5 days.
>
> Is c7f1429389ec1aa25e042bb13451385fbb596f8c going in too? It was marked
> for stable and committed earlier than this patch. I never tested just
> this patch alone on a kernel that supports Xbox One controllers.
>
> My concern is now that we're not oopsing, we'll actually bind to
> interface 2 on some Xbox One controllers. That interface is likely used
> to send firmware updates to the controllers, which creates the
> possibility that xpad might brick the controller when userspace tries
> to talk to it.
>
> The possibility might be remote, but it's hard to know with so many
> different firmware versions and manufacturers out there. I'd definitely
> feel more comfortable if the other patch was included too. Likewise for
> your 3.18 stable tree.
>
> I'm going to try a build without c7f1429389ec to see what happens with
> the controllers I have on hand, so at least we'll know what to expect.
>
It looks like this might be fine after all. Interface 2 only exposes
2 endpoints in a non-default alternate setting, so the check in this
patch alone is sufficient to prevent xpad from trying to bind to that
interface.
>> ===============
>>
>> [ Upstream commit caca925fca4fb30c67be88cacbe908eec6721e43 ]
>>
>> This prevents a malicious USB device from causing an oops.
>>
>> Signed-off-by: Cameron Gutman <aicommander@xxxxxxxxx>
>> Cc: stable@xxxxxxxxxxxxxxx
>> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@xxxxxxxxx>
>> Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
>> ---
>> drivers/input/joystick/xpad.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c
>> index 61c7611..a450c4e 100644
>> --- a/drivers/input/joystick/xpad.c
>> +++ b/drivers/input/joystick/xpad.c
>> @@ -1025,6 +1025,9 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id
>> int ep_irq_in_idx;
>> int i, error;
>>
>> + if (intf->cur_altsetting->desc.bNumEndpoints != 2)
>> + return -ENODEV;
>> +
>> for (i = 0; xpad_device[i].idVendor; i++) {
>> if ((le16_to_cpu(udev->descriptor.idVendor) == xpad_device[i].idVendor) &&
>> (le16_to_cpu(udev->descriptor.idProduct) == xpad_device[i].idProduct))
>>
>
> Regards,
> Cameron
>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html