Add patch for HID i2c from Seth Forshee (rhbz 1188439)
This commit is contained in:
Josh Boyer
parent
8b51d0f5ea
commit
a36e7653df
|
|
@ -0,0 +1,39 @@
|
|||
From: Seth Forshee <seth.forshee () canonical ! com>
|
||||
Date: Fri, 20 Feb 2015 17:45:11 -0500
|
||||
Subject: [PATCH] HID: i2c-hid: Limit reads to wMaxInputLength bytes for input
|
||||
events
|
||||
|
||||
d1c7e29e8d27 (HID: i2c-hid: prevent buffer overflow in early IRQ)
|
||||
changed hid_get_input() to read ihid->bufsize bytes, which can be
|
||||
more than wMaxInputLength. This is the case with the Dell XPS 13
|
||||
9343, and it is causing events to be missed. In some cases the
|
||||
missed events are releases, which can cause the cursor to jump or
|
||||
freeze, among other problems. Limit the number of bytes read to
|
||||
min(wMaxInputLength, ihid->bufsize) to prevent such problems.
|
||||
|
||||
Fixes: d1c7e29e8d27 "HID: i2c-hid: prevent buffer overflow in early IRQ"
|
||||
Cc: Benjamin Tissoires <benjamin.tissoires@redhat.com>
|
||||
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
|
||||
---
|
||||
drivers/hid/i2c-hid/i2c-hid.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
index d43e967e7533..5e72fc2428f0 100644
|
||||
--- a/drivers/hid/i2c-hid/i2c-hid.c
|
||||
+++ b/drivers/hid/i2c-hid/i2c-hid.c
|
||||
@@ -370,7 +370,10 @@ static int i2c_hid_hwreset(struct i2c_client *client)
|
||||
static void i2c_hid_get_input(struct i2c_hid *ihid)
|
||||
{
|
||||
int ret, ret_size;
|
||||
- int size = ihid->bufsize;
|
||||
+ int size = le16_to_cpu(ihid->hdesc.wMaxInputLength);
|
||||
+
|
||||
+ if (size > ihid->bufsize)
|
||||
+ size = ihid->bufsize;
|
||||
|
||||
ret = i2c_master_recv(ihid->client, ihid->inbuf, size);
|
||||
if (ret != size) {
|
||||
--
|
||||
2.1.0
|
||||
|
||||
|
|
@ -619,6 +619,9 @@ Patch26137: fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch
|
|||
#CVE-2015-0275 rhbz 1193907 1195178
|
||||
Patch26138: ext4-Allocate-entire-range-in-zero-range.patch
|
||||
|
||||
#rhbz 1188439
|
||||
Patch26139: HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
|
||||
|
||||
# git clone ssh://git.fedorahosted.org/git/kernel-arm64.git, git diff master...devel
|
||||
Patch30000: kernel-arm64.patch
|
||||
Patch30001: kernel-arm64-fix-psci-when-pg.patch
|
||||
|
|
@ -1345,6 +1348,9 @@ ApplyPatch fifo-nv04-remove-the-loop-from-the-interrupt-handler.patch
|
|||
#CVE-2015-0275 rhbz 1193907 1195178
|
||||
ApplyPatch ext4-Allocate-entire-range-in-zero-range.patch
|
||||
|
||||
#rhbz 1188439
|
||||
ApplyPatch HID-i2c-hid-Limit-reads-to-wMaxInputLength-bytes-for.patch
|
||||
|
||||
%if 0%{?aarch64patches}
|
||||
ApplyPatch kernel-arm64.patch
|
||||
%ifnarch aarch64 # this is stupid, but i want to notice before secondary koji does.
|
||||
|
|
@ -2203,6 +2209,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Mon Feb 23 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- Add patch for HID i2c from Seth Forshee (rhbz 1188439)
|
||||
|
||||
* Mon Feb 23 2015 Josh Boyer <jwboyer@fedoraproject.org> - 4.0.0-0.rc1.git0.1
|
||||
- Linux v4.0-rc1
|
||||
- CVE-2015-0275 ext4: fallocate zero range page size > block size BUG (rhbz 1193907 1195178)
|
||||
|
|
|
|||
Loading…
Reference in New Issue