On 2/10/20 4:01 PM, Alan Stern wrote:
> On Mon, 10 Feb 2020, Peter Enderborg wrote:
>
>> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract"
>> there added a check for buffer overruns. This made Elgato StreamDeck
>> to fail. This patch extend the buffer to 8192 to solve this. It also
>> adds a print of the requested length if it fails on this test.
>>
>> Signed-off-by: Peter Enderborg <peter.enderborg@xxxxxxxx>
>> ---
>> drivers/hid/hid-core.c | 2 +-
>> include/linux/hid.h | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
>> index 851fe54ea59e..28841219b3d2 100644
>> --- a/drivers/hid/hid-core.c
>> +++ b/drivers/hid/hid-core.c
>> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign
>>
>> /* Total size check: Allow for possible report index byte */
>> if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
>> - hid_err(parser->device, "report is too long\n");
>> + hid_err(parser->device, "report is too long (%d)\n", report->size);
>> return -1;
>> }
>>
>> diff --git a/include/linux/hid.h b/include/linux/hid.h
>> index cd41f209043f..875f71132b14 100644
>> --- a/include/linux/hid.h
>> +++ b/include/linux/hid.h
>> @@ -492,7 +492,7 @@ struct hid_report_enum {
>> };
>>
>> #define HID_MIN_BUFFER_SIZE 64 /* make sure there is at least a packet size of space */
>> -#define HID_MAX_BUFFER_SIZE 4096 /* 4kb */
>> +#define HID_MAX_BUFFER_SIZE 8192 /* 8kb */
>> #define HID_CONTROL_FIFO_SIZE 256 /* to init devices with >100 reports */
>> #define HID_OUTPUT_FIFO_SIZE 64
> The second part of this patch is identical to the "HID: core: increase
> HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few
> weeks ago. You might want to submit just the first part of your patch,
> or not submit anything at all.
>
> Alan Stern
>
>
Korsnes patch is not in Torvalds tree nor is it requested for stable. How do we get it there?
