[PATCH 1/1] HID: Bluetooth: hidp: make sure input buffers are big enough
Andy Whitcroft
apw at canonical.com
Fri Apr 4 10:03:54 UTC 2014
On Fri, Apr 04, 2014 at 10:58:32AM +0100, Andy Whitcroft wrote:
> From: David Herrmann <dh.herrmann at gmail.com>
>
> HID core expects the input buffers to be at least of size 4096
> (HID_MAX_BUFFER_SIZE). Other sizes will result in buffer-overflows if an
> input-report is smaller than advertised. We could, like i2c, compute the
> biggest report-size instead of using HID_MAX_BUFFER_SIZE, but this will
> blow up if report-descriptors are changed after ->start() has been called.
> So lets be safe and just use the biggest buffer we have.
>
> Note that this adds an additional copy to the HIDP input path. If there is
> a way to make sure the skb-buf is big enough, we should use that instead.
>
> The best way would be to make hid-core honor the @size argument, though,
> that sounds easier than it is. So lets just fix the buffer-overflows for
> now and afterwards look for a faster way for all transport drivers.
>
> Signed-off-by: David Herrmann <dh.herrmann at gmail.com>
> Signed-off-by: Jiri Kosina <jkosina at suse.cz>
>
> (cherry picked from commit a4b1b5877b514b276f0f31efe02388a9c2836728)
> BugLink: http://bugs.launchpad.net/bugs/1301990
Seems someone has Dup'd this bug against the one below, so please do
switch the buglink when applying:
BugLink: http://bugs.launchpad.net/bugs/1252874
-apw
More information about the kernel-team
mailing list