milos-linux/drivers/hid/bpf
Benjamin Tissoires 2c85c61d13 HID: pass the buffer size to hid_report_raw_event
commit 0a3fe972a7 ("HID: core: Mitigate potential OOB by removing
bogus memset()") enforced the provided data to be at least the size of
the declared buffer in the report descriptor to prevent a buffer
overflow. However, we can try to be smarter by providing both the buffer
size and the data size, meaning that hid_report_raw_event() can make
better decision whether we should plaining reject the buffer (buffer
overflow attempt) or if we can safely memset it to 0 and pass it to the
rest of the stack.

Fixes: 0a3fe972a7 ("HID: core: Mitigate potential OOB by removing bogus memset()")
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Acked-by: Johan Hovold <johan@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
2026-05-12 18:03:37 +02:00
..
progs bpf: Add fix for Trust Philips SPK6327 (145f:024b) modifier keys 2026-04-08 21:47:02 +02:00
hid_bpf_dispatch.c HID: pass the buffer size to hid_report_raw_event 2026-05-12 18:03:37 +02:00
hid_bpf_dispatch.h HID: bpf: prevent infinite recursions with hid_hw_raw_requests hooks 2024-06-27 11:00:12 +02:00
hid_bpf_struct_ops.c Revert "HID: bpf: allow write access to quirks field in struct hid_device" 2024-11-25 09:21:47 -08:00
Kconfig hid: bpf: add BPF_JIT dependency 2024-07-22 16:52:05 +02:00
Makefile HID: bpf: remove tracing HID-BPF capability 2024-06-14 11:20:20 +02:00