Re: [PATCH] HID: Extend report buffer size

From: Alan Stern
Date: Mon Feb 10 2020 - 10:01:22 EST


On Mon, 10 Feb 2020, Peter Enderborg wrote:

> In the patch "HID: Fix slab-out-of-bounds read in hid_field_extract"
> there added a check for buffer overruns. This made Elgato StreamDeck
> to fail. This patch extend the buffer to 8192 to solve this. It also
> adds a print of the requested length if it fails on this test.
>
> Signed-off-by: Peter Enderborg <peter.enderborg@xxxxxxxx>
> ---
> drivers/hid/hid-core.c | 2 +-
> include/linux/hid.h | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
> index 851fe54ea59e..28841219b3d2 100644
> --- a/drivers/hid/hid-core.c
> +++ b/drivers/hid/hid-core.c
> @@ -290,7 +290,7 @@ static int hid_add_field(struct hid_parser *parser, unsigned report_type, unsign
>
> /* Total size check: Allow for possible report index byte */
> if (report->size > (HID_MAX_BUFFER_SIZE - 1) << 3) {
> - hid_err(parser->device, "report is too long\n");
> + hid_err(parser->device, "report is too long (%d)\n", report->size);
> return -1;
> }
>
> diff --git a/include/linux/hid.h b/include/linux/hid.h
> index cd41f209043f..875f71132b14 100644
> --- a/include/linux/hid.h
> +++ b/include/linux/hid.h
> @@ -492,7 +492,7 @@ struct hid_report_enum {
> };
>
> #define HID_MIN_BUFFER_SIZE 64 /* make sure there is at least a packet size of space */
> -#define HID_MAX_BUFFER_SIZE 4096 /* 4kb */
> +#define HID_MAX_BUFFER_SIZE 8192 /* 8kb */
> #define HID_CONTROL_FIFO_SIZE 256 /* to init devices with >100 reports */
> #define HID_OUTPUT_FIFO_SIZE 64

The second part of this patch is identical to the "HID: core: increase
HID report buffer size to 8KiB" patch submitted by Johan Korsnes a few
weeks ago. You might want to submit just the first part of your patch,
or not submit anything at all.

Alan Stern