| Message ID | 20221116160022.51829-1-roderick.colenbrander@sony.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 54980d30eff608545884416576416060b80d011e |
| Delegated to: | Jiri Kosina |
| Headers | show |
| Series | [1/2] HID: playstation: fix DualShock4 bluetooth memory corruption bug. | expand |
On Wed, 16 Nov 2022, Roderick Colenbrander wrote: > The size of the output buffer used for output reports was not updated > to the larger size needed for Bluetooth. This ultimately resulted > in memory corruption of surrounding structures e.g. due to memsets. > > Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.") > Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> Roderick, thanks for the fixes. I believe Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> would be appropriate for this one, right?
On Wed, Nov 16, 2022 at 3:10 PM Jiri Kosina <jikos@kernel.org> wrote: > > On Wed, 16 Nov 2022, Roderick Colenbrander wrote: > > > The size of the output buffer used for output reports was not updated > > to the larger size needed for Bluetooth. This ultimately resulted > > in memory corruption of surrounding structures e.g. due to memsets. > > > > Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.") > > Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> > > Roderick, > > thanks for the fixes. I believe > > Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> > > would be appropriate for this one, right? > > -- > Jiri Kosina > SUSE Labs > Yes, that would be appropriate there. I can submit if you would like. Thanks, Roderick
On Wed, 16 Nov 2022, Roderick Colenbrander wrote: > > > The size of the output buffer used for output reports was not updated > > > to the larger size needed for Bluetooth. This ultimately resulted > > > in memory corruption of surrounding structures e.g. due to memsets. > > > > > > Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.") > > > Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> > > > > Roderick, > > > > thanks for the fixes. I believe > > > > Reported-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> > > > > would be appropriate for this one, right? > > > > -- > > Jiri Kosina > > SUSE Labs > > > > Yes, that would be appropriate there. I can submit if you would like. No worries, I've added that and applied on top of the previous series. Thanks,
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c index bae3e712a562..f5e0d06d3cd8 100644 --- a/drivers/hid/hid-playstation.c +++ b/drivers/hid/hid-playstation.c @@ -2461,7 +2461,7 @@ static struct ps_device *dualshock4_create(struct hid_device *hdev) ds4->output_worker_initialized = true; hid_set_drvdata(hdev, ds4); - max_output_report_size = sizeof(struct dualshock4_output_report_usb); + max_output_report_size = sizeof(struct dualshock4_output_report_bt); ds4->output_report_dmabuf = devm_kzalloc(&hdev->dev, max_output_report_size, GFP_KERNEL); if (!ds4->output_report_dmabuf) return ERR_PTR(-ENOMEM);
The size of the output buffer used for output reports was not updated to the larger size needed for Bluetooth. This ultimately resulted in memory corruption of surrounding structures e.g. due to memsets. Fixes: 2d77474a2392 ("HID: playstation: add DualShock4 bluetooth support.") Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com> --- drivers/hid/hid-playstation.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)