Hi Terry, kernel test robot noticed the following build warnings: [auto build test WARNING on 58c9bf3363e596d744f56616d407278ef5f97f5a] url: https://github.com/intel-lab-lkp/linux/commits/Terry-Junge/HID-usbhid-Eliminate-recurrent-out-of-bounds-bug-in-usbhid_parse/20250307-130514 base: 58c9bf3363e596d744f56616d407278ef5f97f5a patch link: https://lore.kernel.org/r/20250307045449.745634-1-linuxhid%40cosmicgizmosystems.com patch subject: [PATCH v1] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() config: s390-randconfig-r133-20250308 (https://download.01.org/0day-ci/archive/20250309/202503090701.715nV1DW-lkp@xxxxxxxxx/config) compiler: clang version 15.0.7 (https://github.com/llvm/llvm-project 8dfdcc7b7bf66834a761bd8de445840ef68e4d1a) reproduce: (https://download.01.org/0day-ci/archive/20250309/202503090701.715nV1DW-lkp@xxxxxxxxx/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202503090701.715nV1DW-lkp@xxxxxxxxx/ All warnings (new ones prefixed by >>): >> drivers/hid/usbhid/hid-core.c:1055:4: warning: format specifies type 'unsigned char' but the argument has type 'int' [-Wformat] hdesc->bNumDescriptors - 1); ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/hid.h:1239:31: note: expanded from macro 'hid_warn' dev_warn(&(hid)->dev, fmt, ##__VA_ARGS__) ~~~ ^~~~~~~~~~~ include/linux/dev_printk.h:156:70: note: expanded from macro 'dev_warn' dev_printk_index_wrap(_dev_warn, KERN_WARNING, dev, dev_fmt(fmt), ##__VA_ARGS__) ~~~ ^~~~~~~~~~~ include/linux/dev_printk.h:110:23: note: expanded from macro 'dev_printk_index_wrap' _p_func(dev, fmt, ##__VA_ARGS__); \ ~~~ ^~~~~~~~~~~ 1 warning generated. vim +1055 drivers/hid/usbhid/hid-core.c 979 980 static int usbhid_parse(struct hid_device *hid) 981 { 982 struct usb_interface *intf = to_usb_interface(hid->dev.parent); 983 struct usb_host_interface *interface = intf->cur_altsetting; 984 struct usb_device *dev = interface_to_usbdev (intf); 985 struct hid_descriptor *hdesc; 986 struct hid_class_descriptor *hcdesc; 987 u32 quirks = 0; 988 unsigned int rsize = 0; 989 char *rdesc; 990 int ret; 991 992 quirks = hid_lookup_quirk(hid); 993 994 if (quirks & HID_QUIRK_IGNORE) 995 return -ENODEV; 996 997 /* Many keyboards and mice don't like to be polled for reports, 998 * so we will always set the HID_QUIRK_NOGET flag for them. */ 999 if (interface->desc.bInterfaceSubClass == USB_INTERFACE_SUBCLASS_BOOT) { 1000 if (interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_KEYBOARD || 1001 interface->desc.bInterfaceProtocol == USB_INTERFACE_PROTOCOL_MOUSE) 1002 quirks |= HID_QUIRK_NOGET; 1003 } 1004 1005 if (usb_get_extra_descriptor(interface, HID_DT_HID, &hdesc) && 1006 (!interface->desc.bNumEndpoints || 1007 usb_get_extra_descriptor(&interface->endpoint[0], HID_DT_HID, &hdesc))) { 1008 dbg_hid("class descriptor not present\n"); 1009 return -ENODEV; 1010 } 1011 1012 if (!hdesc->bNumDescriptors || 1013 hdesc->bLength != sizeof(*hdesc) + 1014 (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { 1015 dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", 1016 hdesc->bLength, hdesc->bNumDescriptors); 1017 return -EINVAL; 1018 } 1019 1020 hid->version = le16_to_cpu(hdesc->bcdHID); 1021 hid->country = hdesc->bCountryCode; 1022 1023 if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) 1024 rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); 1025 1026 if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { 1027 dbg_hid("weird size of report descriptor (%u)\n", rsize); 1028 return -EINVAL; 1029 } 1030 1031 rdesc = kmalloc(rsize, GFP_KERNEL); 1032 if (!rdesc) 1033 return -ENOMEM; 1034 1035 hid_set_idle(dev, interface->desc.bInterfaceNumber, 0, 0); 1036 1037 ret = hid_get_class_descriptor(dev, interface->desc.bInterfaceNumber, 1038 HID_DT_REPORT, rdesc, rsize); 1039 if (ret < 0) { 1040 dbg_hid("reading report descriptor failed\n"); 1041 kfree(rdesc); 1042 goto err; 1043 } 1044 1045 ret = hid_parse_report(hid, rdesc, rsize); 1046 kfree(rdesc); 1047 if (ret) { 1048 dbg_hid("parsing report descriptor failed\n"); 1049 goto err; 1050 } 1051 1052 if (hdesc->bNumDescriptors > 1) 1053 hid_warn(intf, 1054 "%hhu unsupported optional hid class descriptors\n", > 1055 hdesc->bNumDescriptors - 1); 1056 1057 hid->quirks |= quirks; 1058 1059 return 0; 1060 err: 1061 return ret; 1062 } 1063 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
