Commit Graph

4 Commits

Author SHA1 Message Date
Kees Cook 0fb6bd06e0 HID: LG: validate HID output report details
A HID device could send a malicious output report that would cause the
lg, lg3, and lg4 HID drivers to write beyond the output report allocation
during an event, causing a heap overflow:

[  325.245240] usb 1-1: New USB device found, idVendor=046d, idProduct=c287
...
[  414.518960] BUG kmalloc-4096 (Not tainted): Redzone overwritten

Additionally, while lg2 did correctly validate the report details, it was
cleaned up and shortened.

CVE-2013-2893

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: stable@vger.kernel.org
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-09-13 15:12:39 +02:00
Benjamin Tissoires d881427253 HID: use hid_hw_request() instead of direct call to usbhid
This allows the hid drivers to be independent from the transport layer.

The patch was constructed by replacing all occurences of
usbhid_submit_report() by its hid_hw_request() counterpart.
Then, drivers not requiring USB_HID anymore have their USB_HID
dependency cleaned in the Kconfig file.

Finally, few drivers still depends on USB_HID. Many of them
are requiring the io wait callback. They are found in the next patch.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@gmail.com>
Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>

For the sensor-hub part:
Tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-02-25 13:26:41 +01:00
Joe Perches 4291ee305e HID: Add and use hid_<level>: dev_<level> equivalents
Neaten current uses of dev_<level> by adding and using
hid specific hid_<level> macros.

Convert existing uses of dev_<level> uses to hid_<level>.
Convert hid-pidff printk uses to hid_<level>.

Remove err_hid and use hid_err instead.

Add missing newlines to logging messages where necessary.
Coalesce format strings.

Add and use pr_fmt(fmt) KBUILD_MODNAME ": " fmt

Other miscellaneous changes:

Add const struct hid_device * argument to hid-core functions
extract() and implement() so hid_<level> can be used by them.
Fix bad indentation in hid-core hid_input_field function
that calls extract() function above.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2010-12-10 15:10:38 +01:00
Gary Stein 74f292ca8c HID: add driver for the Logitech Flight System G940
Implements a new USB-HID for Force Feedback based on the normal
Logitech Force Feedback code and FF-Memless.

Currently only supports the FF_CONSTANT effect although the joystick
appears to support additional non-standard ones.

Signed-off-by: Gary Stein <LordCnidarian@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2010-01-13 00:26:31 +01:00