Re: usb/hid: slab-out-of-bounds read in usbhid_parse

2017-09-19 Thread Kim Jaejoong
Hi Andrey 2017-09-19 21:38 GMT+09:00 Andrey Konovalov <andreyk...@google.com>: > On Tue, Sep 19, 2017 at 1:47 PM, Kim Jaejoong <climbbb@gmail.com> wrote: >> Hi, Andrey Konovalov >> >> Thanks for the report. >> >> 2017-09-19 2:33 GMT+09:00 And

Re: usb/hid: slab-out-of-bounds read in usbhid_parse

2017-09-19 Thread Kim Jaejoong
Hi Andrey 2017-09-19 21:38 GMT+09:00 Andrey Konovalov : > On Tue, Sep 19, 2017 at 1:47 PM, Kim Jaejoong wrote: >> Hi, Andrey Konovalov >> >> Thanks for the report. >> >> 2017-09-19 2:33 GMT+09:00 Andrey Konovalov : >>> Hi! >>> >&g

Re: usb/hid: slab-out-of-bounds read in usbhid_parse

2017-09-19 Thread Kim Jaejoong
Hi, Andrey Konovalov Thanks for the report. 2017-09-19 2:33 GMT+09:00 Andrey Konovalov : > Hi! > > I've got the following crash while fuzzing the kernel with syzkaller. > > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18). > > It seems that there's no proper

Re: usb/hid: slab-out-of-bounds read in usbhid_parse

2017-09-19 Thread Kim Jaejoong
Hi, Andrey Konovalov Thanks for the report. 2017-09-19 2:33 GMT+09:00 Andrey Konovalov : > Hi! > > I've got the following crash while fuzzing the kernel with syzkaller. > > On commit ebb2c2437d8008d46796902ff390653822af6cc4 (Sep 18). > > It seems that there's no proper check on the

Re: [PATCH 2/2] HID: hiddev: store hiddev's minor number when hiddev is connected

2017-03-02 Thread Kim Jaejoong
2017-03-02 23:13 GMT+09:00 Benjamin Tissoires : > On Mar 02 2017 or thereabouts, Jaejoong Kim wrote: >> The hid-core announces kernel message which driver is loaded if there is >> a hiddev, but hiddev's minor number is always zero even though it's not >> zero. >> >>

Re: [PATCH 2/2] HID: hiddev: store hiddev's minor number when hiddev is connected

2017-03-02 Thread Kim Jaejoong
2017-03-02 23:13 GMT+09:00 Benjamin Tissoires : > On Mar 02 2017 or thereabouts, Jaejoong Kim wrote: >> The hid-core announces kernel message which driver is loaded if there is >> a hiddev, but hiddev's minor number is always zero even though it's not >> zero. >> >> So, we need to store the minor

Re: [PATCH 1/2] HID: hiddev: move hiddev's minor number from struct hid_device to hiddev

2017-03-02 Thread Kim Jaejoong
2017-03-02 23:10 GMT+09:00 Benjamin Tissoires : > On Mar 02 2017 or thereabouts, Jaejoong Kim wrote: >> We need to store the minor number each drivers. In case of hidraw, it's >> minor number stores in struct hidraw. But hiddev's minor is located in >> struct

Re: [PATCH 1/2] HID: hiddev: move hiddev's minor number from struct hid_device to hiddev

2017-03-02 Thread Kim Jaejoong
2017-03-02 23:10 GMT+09:00 Benjamin Tissoires : > On Mar 02 2017 or thereabouts, Jaejoong Kim wrote: >> We need to store the minor number each drivers. In case of hidraw, it's >> minor number stores in struct hidraw. But hiddev's minor is located in >> struct hid_device. >> >> So reallocates for