Basavaraj Natikar 5a45ed1ae3 HID: amd_sfh: Fix for shift-out-of-bounds ...

commit 87854366176403438d01f368b09de3ec2234e0f5 upstream.

Shift operation of 'exp' and 'shift' variables exceeds the maximum number
of shift values in the u32 range leading to UBSAN shift-out-of-bounds.

...
[    6.120512] UBSAN: shift-out-of-bounds in drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_desc.c:149:50
[    6.120598] shift exponent 104 is too large for 64-bit type 'long unsigned int'
[    6.120659] CPU: 4 PID: 96 Comm: kworker/4:1 Not tainted 6.4.0amd_1-next-20230519-dirty #10
[    6.120665] Hardware name: AMD Birman-PHX/Birman-PHX, BIOS SFH_with_HPD_SEN.FD 04/05/2023
[    6.120667] Workqueue: events amd_sfh_work_buffer [amd_sfh]
[    6.120687] Call Trace:
[    6.120690]  <TASK>
[    6.120694]  dump_stack_lvl+0x48/0x70
[    6.120704]  dump_stack+0x10/0x20
[    6.120707]  ubsan_epilogue+0x9/0x40
[    6.120716]  __ubsan_handle_shift_out_of_bounds+0x10f/0x170
[    6.120720]  ? psi_group_change+0x25f/0x4b0
[    6.120729]  float_to_int.cold+0x18/0xba [amd_sfh]
[    6.120739]  get_input_rep+0x57/0x340 [amd_sfh]
[    6.120748]  ? __schedule+0xba7/0x1b60
[    6.120756]  ? __pfx_get_input_rep+0x10/0x10 [amd_sfh]
[    6.120764]  amd_sfh_work_buffer+0x91/0x180 [amd_sfh]
[    6.120772]  process_one_work+0x229/0x430
[    6.120780]  worker_thread+0x4a/0x3c0
[    6.120784]  ? __pfx_worker_thread+0x10/0x10
[    6.120788]  kthread+0xf7/0x130
[    6.120792]  ? __pfx_kthread+0x10/0x10
[    6.120795]  ret_from_fork+0x29/0x50
[    6.120804]  </TASK>
...

Fix this by adding the condition to validate shift ranges.

Fixes: 93ce5e0231d7 ("HID: amd_sfh: Implement SFH1.1 functionality")
Cc: stable@vger.kernel.org
Tested-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Basavaraj Natikar <Basavaraj.Natikar@amd.com>
Signed-off-by: Akshata MukundShetty <akshata.mukundshetty@amd.com>
Link: https://lore.kernel.org/r/20230707065722.9036-3-Basavaraj.Natikar@amd.com
Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-07-23 13:49:18 +02:00

..

amd-sfh-hid

HID: amd_sfh: Fix for shift-out-of-bounds

2023-07-23 13:49:18 +02:00

i2c-hid

HID: retain initial quirks set up when creating HID devices

2023-03-10 09:33:21 +01:00

intel-ish-hid

HID: intel-ish-hid: Fix kernel panic during warm reset

2023-04-20 12:35:13 +02:00

surface-hid

HID: surface-hid: Add support for hot-removal

2022-06-13 17:25:08 +02:00

usbhid

HID: move from strlcpy with unused retval to strscpy

2022-08-25 11:44:27 +02:00

.kunitconfig

HID: uclogic: Add KUnit tests for uclogic_rdesc_template_apply()

2022-06-15 15:51:46 +02:00

hid-a4tech.c

HID: a4tech: use A4_2WHEEL_MOUSE_HACK_B8 for A4TECH NB-95

2021-05-05 14:29:13 +02:00

hid-accutouch.c

…

hid-alps.c

HID: alps: Declare U1_UNICORN_LEGACY support

2022-07-22 15:02:20 +02:00

hid-apple.c

HID: apple: Set the tilde quirk flag on the Geyser 3

2023-05-24 17:32:41 +01:00

hid-appleir.c

HID: appleir: Use devm_kzalloc() instead of kzalloc()

2020-03-13 17:33:11 +01:00

hid-asus.c

HID: asus: use spinlock to safely schedule workers

2023-03-10 09:32:32 +01:00

hid-aureal.c

…

hid-axff.c

…

hid-belkin.c

…

hid-betopff.c

HID: betop: check shape of output reports

2023-02-01 08:34:24 +01:00

hid-bigbenff.c

hid: bigben_probe(): validate report count

2023-03-10 09:33:23 +01:00

hid-cherry.c

…

hid-chicony.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-cmedia.c

HID: cmedia: add support for HS-100B mute button

2021-07-28 11:51:07 +02:00

hid-core.c

HID: core: Provide new max_buffer_size attribute to over-ride the default

2023-03-17 08:50:17 +01:00

hid-corsair.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-cougar.c

HID: cougar: Make use of the helper function devm_add_action_or_reset()

2021-10-07 13:37:25 +02:00

hid-cp2112.c

HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded

2023-03-30 12:49:16 +02:00

hid-creative-sb0540.c

…

hid-cypress.c

HID: cypress: Support Varmilo Keyboards' media hotkeys

2020-10-23 13:23:44 +02:00

hid-debug.c

HID: Add Mapping for System Microphone Mute

2023-03-10 09:33:55 +01:00

hid-dr.c

…

hid-elan.c

HID: elan: Fix potential double free in elan_input_configured

2022-04-21 11:38:28 +02:00

hid-elecom.c

HID: elecom: add support for TrackBall 056E:011C

2023-03-03 11:52:20 +01:00

hid-elo.c

HID: elo: Revert USB reference counting

2022-02-17 14:14:41 +01:00

hid-emsff.c

…

hid-ezkey.c

…

hid-ft260.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-gaff.c

…

hid-gembird.c

…

hid-generic.c

…

hid-gfrm.c

…

hid-glorious.c

HID: Add driver fixing Glorious PC Gaming Race mouse report descriptor

2020-03-18 13:36:21 +01:00

hid-google-hammer.c

HID: google: add jewel USB id

2023-06-09 10:34:18 +02:00

hid-gt683r.c

HID: gt683r: add missing MODULE_DEVICE_TABLE

2021-05-27 15:40:34 +02:00

hid-gyration.c

…

hid-holtek-kbd.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-holtek-mouse.c

HID: holtek: fix mouse probing

2021-12-20 11:25:42 +01:00

hid-holtekff.c

…

hid-hyperv.c

HID: hyperv: fix possible memory leak in mousevsc_probe()

2022-11-02 14:34:56 +01:00

hid-icade.c

…

hid-ids.h

HID: google: add jewel USB id

2023-06-09 10:34:18 +02:00

hid-input.c

HID: Ignore battery for ELAN touchscreen on ROG Flow X13 GV301RA

2023-05-24 17:32:41 +01:00

hid-ite.c

HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10

2022-11-14 23:55:12 +01:00

hid-jabra.c

…

hid-kensington.c

…

hid-keytouch.c

…

hid-kye.c

HID: uclogic: Switch to Digitizer usage for styluses

2022-05-11 14:19:27 +02:00

hid-lcpower.c

…

hid-led.c

HID: hid-led: fix maximum brightness for Dream Cheeky

2022-04-21 10:28:49 +02:00

hid-lenovo.c

HID: lenovo: Make array tp10ubkbd_led static const

2022-10-18 14:43:59 +02:00

hid-letsketch.c

HID: Add new Letsketch tablet driver

2022-01-06 14:22:51 +01:00

hid-lg2ff.c

…

hid-lg3ff.c

…

hid-lg4ff.c

HID: hid-lg4ff: Add check for empty lbuf

2022-11-14 23:56:52 +01:00

hid-lg4ff.h

…

hid-lg-g15.c

HID: lg-g15: Fix comment typo

2022-07-21 13:47:12 +02:00

hid-lg.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-lg.h

…

hid-lgff.c

…

hid-logitech-dj.c

HID: logitech-dj: add new lightspeed receiver id

2022-02-16 16:26:21 +01:00

hid-logitech-hidpp.c

HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.

2023-07-01 13:16:26 +02:00

hid-macally.c

HID: macally: Constify macally_id_table

2020-08-17 11:38:49 +02:00

hid-magicmouse.c

HID: magicmouse: Do not set BTN_MOUSE on double report

2022-10-14 10:47:50 +01:00

hid-maltron.c

…

hid-mcp2221.c

HID: mcp2221: don't connect hidraw

2022-12-31 13:33:10 +01:00

hid-megaworld.c

HID: Add support for Mega World controller force feedback

2022-05-06 08:29:26 +02:00

hid-mf.c

HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter

2020-11-25 14:30:33 +01:00

hid-microsoft.c

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid

2020-09-02 12:55:46 -07:00

hid-monterey.c

…

hid-multitouch.c

HID: multitouch: Add quirks for flipped axes

2023-03-10 09:33:20 +01:00

hid-nintendo.c

HID: nintendo: check analog user calibration for plausibility

2022-09-21 13:25:26 +01:00

hid-nti.c

…

hid-ntrig.c

…

hid-ortek.c

…

hid-penmount.c

…

hid-petalynx.c

…

hid-picolcd_backlight.c

…

hid-picolcd_cir.c

media: rc: harmonize infrared durations to microseconds

2020-09-03 16:18:55 +02:00

hid-picolcd_core.c

HID: hid-picolcd_core: Remove unused variable 'ret'

2021-04-07 18:46:20 +02:00

hid-picolcd_debugfs.c

…

hid-picolcd_fb.c

fbdev: Rename pagelist to pagereflist for deferred I/O

2022-05-03 16:04:22 +02:00

hid-picolcd_lcd.c

…

hid-picolcd_leds.c

…

hid-picolcd.h

…

hid-pl.c

…

hid-plantronics.c

HID: plantronics: Additional PIDs for double volume key presses quirk

2023-01-04 11:28:58 +01:00

hid-playstation.c

HID: playstation: sanity check DualSense calibration data.

2023-02-06 08:06:33 +01:00

hid-primax.c

…

hid-prodikeys.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-pxrc.c

HID: Add driver for PhoenixRC Flight Controller

2022-09-20 11:36:21 +01:00

hid-quirks.c

HID: retain initial quirks set up when creating HID devices

2023-03-10 09:33:21 +01:00

hid-razer.c

HID: Add driver for Razer Blackwidow keyboards

2022-02-16 17:12:14 +01:00

hid-redragon.c

…

hid-retrode.c

…

hid-rmi.c

HID: i2c: let RMI devices decide what constitutes wakeup event

2022-12-31 13:32:14 +01:00

hid-roccat-arvo.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-arvo.h

…

hid-roccat-common.c

…

hid-roccat-common.h

…

hid-roccat-isku.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-isku.h

…

hid-roccat-kone.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-kone.h

HID: roccat: Use struct_group() to zero kone_mouse_event

2021-09-25 08:20:48 -07:00

hid-roccat-koneplus.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-koneplus.h

…

hid-roccat-konepure.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-kovaplus.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-kovaplus.h

…

hid-roccat-lua.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-lua.h

…

hid-roccat-pyra.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-pyra.h

…

hid-roccat-ryos.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-savu.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-roccat-savu.h

…

hid-roccat.c

HID: roccat: Fix use-after-free in roccat_read()

2022-09-20 14:49:15 +02:00

hid-saitek.c

HID: saitek: add madcatz variant of MMO7 mouse device ID

2022-10-18 14:42:45 +02:00

hid-samsung.c

HID: check for valid USB device for many HID drivers

2021-12-02 15:36:18 +01:00

hid-semitek.c

HID: semitek: new driver for GK6X series keyboards

2021-05-05 14:21:08 +02:00

hid-sensor-custom.c

HID: hid-sensor-custom: set fixed size for custom attributes

2022-12-31 13:32:14 +01:00

hid-sensor-hub.c

HID: hid-sensor-hub: Return error for hid_set_field() failure

2021-05-05 14:36:18 +02:00

hid-sigmamicro.c

HID: add SiGma Micro driver

2022-02-02 15:12:22 +01:00

hid-sjoy.c

…

hid-sony.c

HID: sony: Fix double word in comments

2022-09-20 11:27:29 +01:00

hid-speedlink.c

…

hid-steam.c

Merge branch 'for-6.1/core' into for-linus

2022-10-05 10:19:06 +01:00

hid-steelseries.c

…

hid-sunplus.c

…

hid-thrustmaster.c

HID: thrustmaster: Add sparco wheel and fix array length

2022-08-25 11:38:55 +02:00

hid-tivo.c

…

hid-tmff.c

HID: thrustmaster use swap() to make code cleaner

2021-12-14 10:50:23 +01:00

hid-topre.c

hid: topre: Add driver fixing report descriptor

2022-09-20 12:16:25 +01:00

hid-topseed.c

…

hid-twinhan.c

…

hid-u2fzero.c

HID: add hid_is_usb() function to make it simpler for USB detection

2021-12-02 15:35:57 +01:00

hid-uclogic-core.c

HID: uclogic: Add support for XP-PEN Deco Pro MW

2023-03-10 09:33:57 +01:00

hid-uclogic-params-test.c

HID: uclogic: Parse the UGEE v2 frame type

2022-08-25 10:26:31 +02:00

hid-uclogic-params.c

HID: uclogic: Add support for XP-PEN Deco Pro MW

2023-03-10 09:33:57 +01:00

hid-uclogic-params.h

HID: uclogic: Add battery quirk

2023-03-10 09:33:56 +01:00

hid-uclogic-rdesc-test.c

HID: uclogic: KUnit best practices and naming conventions

2022-08-25 10:26:31 +02:00

hid-uclogic-rdesc.c

HID: uclogic: Add support for XP-PEN Deco LW

2022-12-31 13:33:00 +01:00

hid-uclogic-rdesc.h

HID: uclogic: Add support for XP-PEN Deco LW

2022-12-31 13:33:00 +01:00

hid-udraw-ps3.c

HID: udraw-ps3: Replace HTTP links with HTTPS ones

2020-07-20 12:24:41 +02:00

hid-viewsonic.c

HID: uclogic: Switch to Digitizer usage for styluses

2022-05-11 14:19:27 +02:00

hid-vivaldi-common.c

HID: vivaldi: convert to use dev_groups

2022-08-25 11:37:21 +02:00

hid-vivaldi-common.h

HID: vivaldi: convert to use dev_groups

2022-08-25 11:37:21 +02:00

hid-vivaldi.c

HID: vivaldi: convert to use dev_groups

2022-08-25 11:37:21 +02:00

hid-vrc2.c

HID: Add driver for VRC-2 Car Controller

2022-09-20 11:35:00 +01:00

hid-waltop.c

…

hid-wiimote-core.c

HID: wiimote: remove h from printk format specifier

2021-01-07 10:14:58 +01:00

hid-wiimote-debug.c

…

hid-wiimote-modules.c

HID: Wiimote: Treat the d-pad as an analogue stick

2020-06-19 14:17:22 +02:00

hid-wiimote.h

HID: Wiimote: Treat the d-pad as an analogue stick

2020-06-19 14:17:22 +02:00

hid-xiaomi.c

HID: Add support for side buttons of Xiaomi Mi Dual Mode Wireless Mouse Silent

2021-09-22 11:53:07 +02:00

hid-xinmo.c

…

hid-zpff.c

…

hid-zydacron.c

…

hidraw.c

HID: hidraw: fix data race on device refcount

2023-07-01 13:16:26 +02:00

Kconfig

HID: uclogic: Modular KUnit tests should not depend on KUNIT=y

2023-07-19 16:21:28 +02:00

Makefile

Merge branch 'for-6.1/uclogic' into for-linus

2022-10-05 10:34:48 +01:00

uhid.c

HID: uhid: Over-ride the default maximum data buffer value with our own

2023-03-17 08:50:17 +01:00

wacom_sys.c

HID: wacom: Add error check to wacom_parse_and_register()

2023-06-28 11:12:35 +02:00

wacom_wac.c

HID: wacom: Use ktime_t rather than int when dealing with timestamps

2023-07-01 13:16:26 +02:00

wacom_wac.h

HID: wacom: Use ktime_t rather than int when dealing with timestamps

2023-07-01 13:16:26 +02:00

wacom.h

HID: wacom: Simplify comments

2022-08-25 11:32:31 +02:00