From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 4 Nov 2019 09:07:44 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v4.4.199~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6bdc60b7bb9190436f98871c063219c0ec2fa145;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	hid-fix-error-message-in-hid_open_report.patch
---

diff --git a/queue-4.4/hid-fix-error-message-in-hid_open_report.patch b/queue-4.4/hid-fix-error-message-in-hid_open_report.patch
new file mode 100644
index 00000000000..bd6b79d6eb3
--- /dev/null
+++ b/queue-4.4/hid-fix-error-message-in-hid_open_report.patch
@@ -0,0 +1,60 @@
+From b3a81c777dcb093020680490ab970d85e2f6f04f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= <mirq-linux@rere.qmqm.pl>
+Date: Fri, 23 Aug 2019 21:15:27 +0200
+Subject: HID: fix error message in hid_open_report()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+
+commit b3a81c777dcb093020680490ab970d85e2f6f04f upstream.
+
+On HID report descriptor parsing error the code displays bogus
+pointer instead of error offset (subtracts start=NULL from end).
+Make the message more useful by displaying correct error offset
+and include total buffer size for reference.
+
+This was carried over from ancient times - "Fixed" commit just
+promoted the message from DEBUG to ERROR.
+
+Cc: stable@vger.kernel.org
+Fixes: 8c3d52fc393b ("HID: make parser more verbose about parsing errors by default")
+Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-core.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -959,6 +959,7 @@ int hid_open_report(struct hid_device *d
+ 	__u8 *start;
+ 	__u8 *buf;
+ 	__u8 *end;
++	__u8 *next;
+ 	int ret;
+ 	static int (*dispatch_type[])(struct hid_parser *parser,
+ 				      struct hid_item *item) = {
+@@ -1012,7 +1013,8 @@ int hid_open_report(struct hid_device *d
+ 	device->collection_size = HID_DEFAULT_NUM_COLLECTIONS;
+ 
+ 	ret = -EINVAL;
+-	while ((start = fetch_item(start, end, &item)) != NULL) {
++	while ((next = fetch_item(start, end, &item)) != NULL) {
++		start = next;
+ 
+ 		if (item.format != HID_ITEM_FORMAT_SHORT) {
+ 			hid_err(device, "unexpected long global item\n");
+@@ -1041,7 +1043,8 @@ int hid_open_report(struct hid_device *d
+ 		}
+ 	}
+ 
+-	hid_err(device, "item fetching failed at offset %d\n", (int)(end - start));
++	hid_err(device, "item fetching failed at offset %u/%u\n",
++		size - (unsigned int)(end - start), size);
+ err:
+ 	vfree(parser);
+ 	hid_close_report(device);
diff --git a/queue-4.4/series b/queue-4.4/series
index 08664387fde..c3530ed7b4f 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -32,3 +32,4 @@ usb-ldusb-fix-control-message-timeout.patch
 usb-serial-whiteheat-fix-potential-slab-corruption.patch
 usb-serial-whiteheat-fix-line-speed-endianness.patch
 hid-fix-assumption-that-devices-have-inputs.patch
+hid-fix-error-message-in-hid_open_report.patch