Add patch for HID i2c from Seth Forshee (rhbz 1188439)
This commit is contained in:
Josh Boyer
parent
19978814d6
commit
87e9e41595
|
|
@ -0,0 +1,39 @@
|
|||
From: Seth Forshee <seth.forshee () canonical ! com>
|
||||
Date: Fri, 20 Feb 2015 17:45:11 -0500
|
||||
Subject: [PATCH] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input
|
||||
events
|
||||
|
||||
d1c7e29e8d27 (HID: i2c-hid: prevent buffer overflow in early IRQ)
|
||||
changed hid_get_input() to read ihid->bufsize bytes, which can be
|
||||
more than wMaxInputLength. This is the case with the Dell XPS 13
|
||||
9343, and it is causing events to be missed. In some cases the
|
||||
missed events are releases, which can cause the cursor to jump or
|
||||
freeze, among other problems. Limit the number of bytes read to
|
||||
min(wMaxInputLength, ihid->bufsize) to prevent such problems.
|
||||
|
||||
Fixes: d1c7e29e8d27 "HID: i2c-hid: prevent buffer overflow in early IRQ"
|
||||
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
---
|
||||
drivers/hid/i2c-hid/i2c-hid.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
index 80e33e0abc52..6d7c9c580ceb 100644
|
||||
--- a/drivers/hid/i2c-hid/i2c-hid.c
|
||||
+++ b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
@@ -370,7 +370,10 @@ static int i2c_hid_hwreset(struct i2c_client *client)
|
||||
static void i2c_hid_get_input(struct i2c_hid *ihid)
|
||||
{
|
||||
int ret, ret_size;
|
||||
- int size = ihid->bufsize;
|
||||
+ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
|
||||
+
|
||||
+ if (size > ihid->bufsize)
|
||||
+ size = ihid->bufsize;
|
||||
|
||||
ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
|
||||
if (ret != size) {
|
||||
--
|
||||
2.1.0
|
||||
|
||||
|
|
@ -767,6 +767,9 @@ Patch26136: vhost-scsi-potential-memory-corruption.patch
|
|||
#CVE-2015-0275 rhbz 1193907 1195178
|
||||
Patch26138: ext4-Allocate-entire-range-in-zero-range.patch
|
||||
|
||||
#rhbz 1188439
|
||||
Patch26139: HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1497,6 +1500,9 @@ ApplyPatch vhost-scsi-potential-memory-corruption.patch
|
|||
#CVE-2015-0275 rhbz 1193907 1195178
|
||||
ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch
|
||||
|
||||
#rhbz 1188439
|
||||
ApplyPatch HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
|
||||
|
||||
%if 0%{?aarch64patches}
|
||||
ApplyPatch kernel-arm64.patch
|
||||
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
|
||||
|
|
@ -2316,6 +2322,7 @@ fi
|
|||
# || ||
|
||||
%changelog
|
||||
* Mon Feb 23 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Add patch for HID i2c from Seth Forshee (rhbz 1188439)
|
||||
- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
|
||||
|
||||
* Mon Feb 16 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
|
|
|
|||
Loading…
Reference in New Issue