From: Sasha Levin <sashal@kernel.org>
Date: Sat, 16 May 2026 12:04:59 +0000 (-0400)
Subject: Drop hid-core-introduce-hid_safe_input_report.patch
X-Git-Tag: v6.6.140~1^2~1
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=ba2f8190a668ba423e2e16d456b92f1b11d05aa9;p=thirdparty%2Fkernel%2Fstable-queue.git

Drop hid-core-introduce-hid_safe_input_report.patch

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-6.18/hid-core-introduce-hid_safe_input_report.patch b/queue-6.18/hid-core-introduce-hid_safe_input_report.patch
deleted file mode 100644
index d04c1c1766..0000000000
--- a/queue-6.18/hid-core-introduce-hid_safe_input_report.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 206342541fc887ae919774a43942dc883161fece Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <bentiss@kernel.org>
-Date: Mon, 4 May 2026 10:47:23 +0200
-Subject: HID: core: introduce hid_safe_input_report()
-
-From: Benjamin Tissoires <bentiss@kernel.org>
-
-commit 206342541fc887ae919774a43942dc883161fece upstream.
-
-hid_input_report() is used in too many places to have a commit that
-doesn't cross subsystem borders. Instead of changing the API, introduce
-a new one when things matters in the transport layers:
-- usbhid
-- i2chid
-
-This effectively revert to the old behavior for those two transport
-layers.
-
-Fixes: 0a3fe972a7cb ("HID: core: Mitigate potential OOB by removing bogus memset()")
-Cc: stable@vger.kernel.org
-Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
-Signed-off-by: Jiri Kosina <jkosina@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/hid/hid-core.c             |   25 +++++++++++++++++++++++++
- drivers/hid/i2c-hid/i2c-hid-core.c |    7 ++++---
- drivers/hid/usbhid/hid-core.c      |   11 ++++++-----
- include/linux/hid.h                |    2 ++
- 4 files changed, 37 insertions(+), 8 deletions(-)
-
---- a/drivers/hid/hid-core.c
-+++ b/drivers/hid/hid-core.c
-@@ -2177,6 +2177,7 @@ unlock:
-  * @interrupt: distinguish between interrupt and control transfers
-  *
-  * This is data entry for lower layers.
-+ * Legacy, please use hid_safe_input_report() instead.
-  */
- int hid_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data, u32 size,
- 		     int interrupt)
-@@ -2187,6 +2188,30 @@ int hid_input_report(struct hid_device *
- }
- EXPORT_SYMBOL_GPL(hid_input_report);
- 
-+/**
-+ * hid_safe_input_report - report data from lower layer (usb, bt...)
-+ *
-+ * @hid: hid device
-+ * @type: HID report type (HID_*_REPORT)
-+ * @data: report contents
-+ * @bufsize: allocated size of the data buffer
-+ * @size: useful size of data parameter
-+ * @interrupt: distinguish between interrupt and control transfers
-+ *
-+ * This is data entry for lower layers.
-+ * Please use this function instead of the non safe version because we provide
-+ * here the size of the buffer, allowing hid-core to make smarter decisions
-+ * regarding the incoming buffer.
-+ */
-+int hid_safe_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data,
-+			  size_t bufsize, u32 size, int interrupt)
-+{
-+	return __hid_input_report(hid, type, data, bufsize, size, interrupt, 0,
-+				  false, /* from_bpf */
-+				  false /* lock_already_taken */);
-+}
-+EXPORT_SYMBOL_GPL(hid_safe_input_report);
-+
- bool hid_match_one_id(const struct hid_device *hdev,
- 		      const struct hid_device_id *id)
- {
---- a/drivers/hid/i2c-hid/i2c-hid-core.c
-+++ b/drivers/hid/i2c-hid/i2c-hid-core.c
-@@ -574,9 +574,10 @@ static void i2c_hid_get_input(struct i2c
- 		if (ihid->hid->group != HID_GROUP_RMI)
- 			pm_wakeup_event(&ihid->client->dev, 0);
- 
--		hid_input_report(ihid->hid, HID_INPUT_REPORT,
--				ihid->inbuf + sizeof(__le16),
--				ret_size - sizeof(__le16), 1);
-+		hid_safe_input_report(ihid->hid, HID_INPUT_REPORT,
-+				      ihid->inbuf + sizeof(__le16),
-+				      ihid->bufsize - sizeof(__le16),
-+				      ret_size - sizeof(__le16), 1);
- 	}
- 
- 	return;
---- a/drivers/hid/usbhid/hid-core.c
-+++ b/drivers/hid/usbhid/hid-core.c
-@@ -283,9 +283,9 @@ static void hid_irq_in(struct urb *urb)
- 			break;
- 		usbhid_mark_busy(usbhid);
- 		if (!test_bit(HID_RESUME_RUNNING, &usbhid->iofl)) {
--			hid_input_report(urb->context, HID_INPUT_REPORT,
--					 urb->transfer_buffer,
--					 urb->actual_length, 1);
-+			hid_safe_input_report(urb->context, HID_INPUT_REPORT,
-+					      urb->transfer_buffer, urb->transfer_buffer_length,
-+					      urb->actual_length, 1);
- 			/*
- 			 * autosuspend refused while keys are pressed
- 			 * because most keyboards don't wake up when
-@@ -482,9 +482,10 @@ static void hid_ctrl(struct urb *urb)
- 	switch (status) {
- 	case 0:			/* success */
- 		if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
--			hid_input_report(urb->context,
-+			hid_safe_input_report(urb->context,
- 				usbhid->ctrl[usbhid->ctrltail].report->type,
--				urb->transfer_buffer, urb->actual_length, 0);
-+				urb->transfer_buffer, urb->transfer_buffer_length,
-+				urb->actual_length, 0);
- 		break;
- 	case -ESHUTDOWN:	/* unplug */
- 		unplug = 1;
---- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -990,6 +990,8 @@ struct hid_field *hid_find_field(struct
- int hid_set_field(struct hid_field *, unsigned, __s32);
- int hid_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data, u32 size,
- 		     int interrupt);
-+int hid_safe_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data,
-+			  size_t bufsize, u32 size, int interrupt);
- struct hid_field *hidinput_get_led_field(struct hid_device *hid);
- unsigned int hidinput_count_leds(struct hid_device *hid);
- __s32 hidinput_calc_abs_res(const struct hid_field *field, __u16 code);
diff --git a/queue-6.18/series b/queue-6.18/series
index 0174eef60a..59d08ea909 100644
--- a/queue-6.18/series
+++ b/queue-6.18/series
@@ -1,7 +1,6 @@
 hid-playstation-clamp-num_touch_reports.patch
 hid-appletb-kbd-fix-uaf-in-inactivity-timer-cleanup-path.patch
 hid-appletb-kbd-run-inactivity-autodim-from-workqueues.patch
-hid-core-introduce-hid_safe_input_report.patch
 hid-pidff-fix-integer-overflow-in-pidff_rescale.patch
 media-uvcvideo-enable-vb2_dmabuf-for-metadata-stream.patch
 drm-msm-hdmi-fix-wrong-ctrl1-register-used-in-writing-info-frames.patch
diff --git a/queue-7.0/hid-core-introduce-hid_safe_input_report.patch b/queue-7.0/hid-core-introduce-hid_safe_input_report.patch
deleted file mode 100644
index 0a597f651d..0000000000
--- a/queue-7.0/hid-core-introduce-hid_safe_input_report.patch
+++ /dev/null
@@ -1,126 +0,0 @@
-From 206342541fc887ae919774a43942dc883161fece Mon Sep 17 00:00:00 2001
-From: Benjamin Tissoires <bentiss@kernel.org>
-Date: Mon, 4 May 2026 10:47:23 +0200
-Subject: HID: core: introduce hid_safe_input_report()
-
-From: Benjamin Tissoires <bentiss@kernel.org>
-
-commit 206342541fc887ae919774a43942dc883161fece upstream.
-
-hid_input_report() is used in too many places to have a commit that
-doesn't cross subsystem borders. Instead of changing the API, introduce
-a new one when things matters in the transport layers:
-- usbhid
-- i2chid
-
-This effectively revert to the old behavior for those two transport
-layers.
-
-Fixes: 0a3fe972a7cb ("HID: core: Mitigate potential OOB by removing bogus memset()")
-Cc: stable@vger.kernel.org
-Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
-Signed-off-by: Jiri Kosina <jkosina@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/hid/hid-core.c             |   25 +++++++++++++++++++++++++
- drivers/hid/i2c-hid/i2c-hid-core.c |    7 ++++---
- drivers/hid/usbhid/hid-core.c      |   11 ++++++-----
- include/linux/hid.h                |    2 ++
- 4 files changed, 37 insertions(+), 8 deletions(-)
-
---- a/drivers/hid/hid-core.c
-+++ b/drivers/hid/hid-core.c
-@@ -2177,6 +2177,7 @@ unlock:
-  * @interrupt: distinguish between interrupt and control transfers
-  *
-  * This is data entry for lower layers.
-+ * Legacy, please use hid_safe_input_report() instead.
-  */
- int hid_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data, u32 size,
- 		     int interrupt)
-@@ -2187,6 +2188,30 @@ int hid_input_report(struct hid_device *
- }
- EXPORT_SYMBOL_GPL(hid_input_report);
- 
-+/**
-+ * hid_safe_input_report - report data from lower layer (usb, bt...)
-+ *
-+ * @hid: hid device
-+ * @type: HID report type (HID_*_REPORT)
-+ * @data: report contents
-+ * @bufsize: allocated size of the data buffer
-+ * @size: useful size of data parameter
-+ * @interrupt: distinguish between interrupt and control transfers
-+ *
-+ * This is data entry for lower layers.
-+ * Please use this function instead of the non safe version because we provide
-+ * here the size of the buffer, allowing hid-core to make smarter decisions
-+ * regarding the incoming buffer.
-+ */
-+int hid_safe_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data,
-+			  size_t bufsize, u32 size, int interrupt)
-+{
-+	return __hid_input_report(hid, type, data, bufsize, size, interrupt, 0,
-+				  false, /* from_bpf */
-+				  false /* lock_already_taken */);
-+}
-+EXPORT_SYMBOL_GPL(hid_safe_input_report);
-+
- bool hid_match_one_id(const struct hid_device *hdev,
- 		      const struct hid_device_id *id)
- {
---- a/drivers/hid/i2c-hid/i2c-hid-core.c
-+++ b/drivers/hid/i2c-hid/i2c-hid-core.c
-@@ -574,9 +574,10 @@ static void i2c_hid_get_input(struct i2c
- 		if (ihid->hid->group != HID_GROUP_RMI)
- 			pm_wakeup_event(&ihid->client->dev, 0);
- 
--		hid_input_report(ihid->hid, HID_INPUT_REPORT,
--				ihid->inbuf + sizeof(__le16),
--				ret_size - sizeof(__le16), 1);
-+		hid_safe_input_report(ihid->hid, HID_INPUT_REPORT,
-+				      ihid->inbuf + sizeof(__le16),
-+				      ihid->bufsize - sizeof(__le16),
-+				      ret_size - sizeof(__le16), 1);
- 	}
- 
- 	return;
---- a/drivers/hid/usbhid/hid-core.c
-+++ b/drivers/hid/usbhid/hid-core.c
-@@ -283,9 +283,9 @@ static void hid_irq_in(struct urb *urb)
- 			break;
- 		usbhid_mark_busy(usbhid);
- 		if (!test_bit(HID_RESUME_RUNNING, &usbhid->iofl)) {
--			hid_input_report(urb->context, HID_INPUT_REPORT,
--					 urb->transfer_buffer,
--					 urb->actual_length, 1);
-+			hid_safe_input_report(urb->context, HID_INPUT_REPORT,
-+					      urb->transfer_buffer, urb->transfer_buffer_length,
-+					      urb->actual_length, 1);
- 			/*
- 			 * autosuspend refused while keys are pressed
- 			 * because most keyboards don't wake up when
-@@ -482,9 +482,10 @@ static void hid_ctrl(struct urb *urb)
- 	switch (status) {
- 	case 0:			/* success */
- 		if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
--			hid_input_report(urb->context,
-+			hid_safe_input_report(urb->context,
- 				usbhid->ctrl[usbhid->ctrltail].report->type,
--				urb->transfer_buffer, urb->actual_length, 0);
-+				urb->transfer_buffer, urb->transfer_buffer_length,
-+				urb->actual_length, 0);
- 		break;
- 	case -ESHUTDOWN:	/* unplug */
- 		unplug = 1;
---- a/include/linux/hid.h
-+++ b/include/linux/hid.h
-@@ -998,6 +998,8 @@ struct hid_field *hid_find_field(struct
- int hid_set_field(struct hid_field *, unsigned, __s32);
- int hid_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data, u32 size,
- 		     int interrupt);
-+int hid_safe_input_report(struct hid_device *hid, enum hid_report_type type, u8 *data,
-+			  size_t bufsize, u32 size, int interrupt);
- struct hid_field *hidinput_get_led_field(struct hid_device *hid);
- unsigned int hidinput_count_leds(struct hid_device *hid);
- __s32 hidinput_calc_abs_res(const struct hid_field *field, __u16 code);
diff --git a/queue-7.0/series b/queue-7.0/series
index e3d29b18d5..92eb38eb61 100644
--- a/queue-7.0/series
+++ b/queue-7.0/series
@@ -1,7 +1,6 @@
 hid-playstation-clamp-num_touch_reports.patch
 hid-appletb-kbd-fix-uaf-in-inactivity-timer-cleanup-path.patch
 hid-appletb-kbd-run-inactivity-autodim-from-workqueues.patch
-hid-core-introduce-hid_safe_input_report.patch
 hid-pidff-fix-integer-overflow-in-pidff_rescale.patch
 media-uvcvideo-enable-vb2_dmabuf-for-metadata-stream.patch
 drm-msm-hdmi-fix-wrong-ctrl1-register-used-in-writing-info-frames.patch