Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes

[Eric Naim]

On 4/23/26 5:29 PM, Greg KH wrote:
> On Thu, Apr 23, 2026 at 05:55:00AM +0000, Eric Naim wrote:
>> On 4/18/26 3:14 PM, Greg KH wrote:
>>> On Sat, Apr 18, 2026 at 02:58:23PM +1200, Taylor Hewetson wrote:
>>>> Some USB HID devices (observed on ASUS ROG Azoth via its 2.4GHz
>>>> dongle, USB ID 0b05:1a85) report an iSerialNumber string whose
>>>> USB string descriptor declares a longer length than the actual
>>>> serial, leaving uninitialized firmware memory - including control
>>>> characters such as 0x18 - appended to the returned string.
>>>>
>>>> These non-printable bytes propagate into hid->uniq, which in turn
>>>> populates /sys/class/input/inputN/uniq. Downstream userspace
>>>> components (systemd sd-device property_is_valid(), and by extension
>>>> mutter input enumeration on GNOME Wayland sessions) reject devices
>>>> with control characters in their uniq, rendering otherwise-
>>>> functional input devices unusable in graphical sessions despite
>>>> the kernel input layer correctly translating keypresses.
>>>>
>>>> Truncate hid->uniq at the first byte outside the printable ASCII
>>>> range (0x20..0x7e) after the serial is read.
>>>
>>> Why aren't we doing this in the USB core instead of forcing all users of
>>> this to do it instead?
>>
>> Should it be up to the kernel to do this as well? Currently this is only a
>> problem with systemd because they added this check, and it looks like they
>> have something in mind to fix it as well [1].
>>
>> [1] https://github.com/systemd/systemd/issues/41339#issuecomment-4266429563
> 
> It's either up to the kernel, or every single userspace program that
> reads the strings from a device.  Might as well do it in one place,
> right?

That is a very good point. Thanks for the insight!

> 
> thanks,
> 
> greg k-h


-- 
Regards,
  Eric