Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes

Next message: sunliming: "[PATCH] drm/nouveau/gsp: Fix possible NULL pointer dereference warning in r535_dmac_alloc"
Previous message: Biju Das: "RE: [PATCH] serial: sh-sci: optimize max_freq determination"
In reply to: Taylor Hewetson: "[PATCH] HID: usbhid: sanitize hid-&gt;uniq against non-printable bytes"
Next in thread: Taylor Hewetson: "USB: core: sanitize string descriptors against C0 control characters"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Sat Apr 18 2026 - 03:15:10 EST

On Sat, Apr 18, 2026 at 02:58:23PM +1200, Taylor Hewetson wrote:
> Some USB HID devices (observed on ASUS ROG Azoth via its 2.4GHz
> dongle, USB ID 0b05:1a85) report an iSerialNumber string whose
> USB string descriptor declares a longer length than the actual
> serial, leaving uninitialized firmware memory - including control
> characters such as 0x18 - appended to the returned string.
>
> These non-printable bytes propagate into hid->uniq, which in turn
> populates /sys/class/input/inputN/uniq. Downstream userspace
> components (systemd sd-device property_is_valid(), and by extension
> mutter input enumeration on GNOME Wayland sessions) reject devices
> with control characters in their uniq, rendering otherwise-
> functional input devices unusable in graphical sessions despite
> the kernel input layer correctly translating keypresses.
>
> Truncate hid->uniq at the first byte outside the printable ASCII
> range (0x20..0x7e) after the serial is read.

Why aren't we doing this in the USB core instead of forcing all users of
this to do it instead?

thanks,

greg k-h