Re: [PATCH 1/1] HID: uhid: Fix out-of-bounds write caused by raw events mismanagement

[Lee Jones]

On Thu, 26 Feb 2026, Benjamin Tissoires wrote:

> On Feb 26 2026, Lee Jones wrote:
> > On Tue, 24 Feb 2026, Jiri Kosina wrote:
> > 
> > > On Tue, 24 Feb 2026, Benjamin Tissoires wrote:
> > > 
> > > > Long story short: that patch is too intrusive as it makes assumption on
> > > > the behavior of the device. We need to understand where/if the bug was
> > > > spotted and fix the caller of hid_hw_raw_request, not the uhid
> > > > implementation.
> > > 
> > > Thanks a lot for the analysis, Benjamin!
> > > 
> > > I asked about that here:
> > > 
> > > 	https://lore.kernel.org/all/172q4775-616s-p7s4-7n80-p8579n0r3516@xxxxxxxxxx/
> > > 
> > > So let's wait for Lee to clarify. Until that, the patch stays out of the 
> > > branch.
> > 
> > Thanks to both of you for looking into this.  I appreciate your efforts.
> > 
> > This is very much real world.
> > 
> > Is there a way to add an errata for the PS3 controller?
> > 
> 
> Unfortunatelly no. uhid merely emulates what a device can do, and HID is
> a convention. So if we were to have a special case to PS3 controllers,
> we would then start having to maintain an endless list of quirks when
> the issue is *not* in uhid, but in the processing of the device after
> (maybe in hid-core?).

Actually I think the issue is in UHID.  At least the way I read it.

Are there legitimate use-cases for devices overwriting the Report ID
contained in the first index of the data buffer?  From my very limited
knowledge of the subsystem, this sounds like an oversight.

-- 
Lee Jones [李琼斯]