WSL2-Linux-Kernel/drivers
Vladis Dronov 13054abbaa HID: debug: fix the ring buffer implementation
Ring buffer implementation in hid_debug_event() and hid_debug_events_read()
is strange allowing lost or corrupted data. After commit 717adfdaf1
("HID: debug: check length before copy_to_user()") it is possible to enter
an infinite loop in hid_debug_events_read() by providing 0 as count, this
locks up a system. Fix this by rewriting the ring buffer implementation
with kfifo and simplify the code.

This fixes CVE-2019-3819.

v2: fix an execution logic and add a comment
v3: use __set_current_state() instead of set_current_state()

Link: https://bugzilla.redhat.com/show_bug.cgi?id=1669187
Cc: stable@vger.kernel.org # v4.18+
Fixes: cd667ce247 ("HID: use debugfs for events/reports dumping")
Fixes: 717adfdaf1 ("HID: debug: check length before copy_to_user()")
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
2019-01-29 12:09:11 +01:00
..
accessibility
acpi Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
amba
android
ata for-4.21/libata-20190102 2019-01-02 18:47:56 -08:00
atm
auxdisplay auxdisplay: charlcd: fix x/y command parsing 2018-12-21 21:27:21 +01:00
base Merge branch 'mount.part1' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-01-05 13:25:58 -08:00
bcma
block virtio, vhost: features, fixes, cleanups 2019-01-02 18:54:45 -08:00
bluetooth
bus ARM: SoC driver updates 2018-12-31 17:32:35 -08:00
cdrom gdrom: fix a memory leak bug 2018-12-29 08:20:44 -07:00
char Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
clk Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-01-02 18:56:59 -08:00
clocksource arch/csky patches for 4.21-rc1 2019-01-05 09:50:07 -08:00
connector
cpufreq powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
cpuidle powerpc updates for 4.21 2018-12-27 10:43:24 -08:00
crypto Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
dax mm, devm_memremap_pages: fix shutdown handling 2018-12-28 12:11:47 -08:00
dca
devfreq
dio
dma Merge branch 'next/drivers' into next/late 2019-01-04 14:31:38 -08:00
dma-buf drivers/dma-buf/udmabuf.c: convert to use vm_fault_t 2019-01-04 13:13:46 -08:00
edac
eisa
extcon
firewire Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
firmware arm64 fixes for -rc1 2019-01-05 11:28:39 -08:00
fmc
fpga Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
fsi
gnss
gpio This is the bulk of GPIO changes for the v4.21 kernel series: 2018-12-28 20:00:21 -08:00
gpu Merge branch 'next/drivers' into next/late 2019-01-04 14:31:38 -08:00
hid HID: debug: fix the ring buffer implementation 2019-01-29 12:09:11 +01:00
hsi
hv Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
hwmon Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
hwspinlock
hwtracing
i2c Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
i3c
ide for-4.21/block-20181221 2018-12-28 13:19:59 -08:00
idle
iio Staging/IIO driver patches for 4.21-rc1 2018-12-28 20:39:58 -08:00
infiniband Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-01-02 18:56:59 -08:00
iommu IOMMU Updates for Linux v4.21 2019-01-01 15:55:29 -08:00
ipack
irqchip Xtensa updates for v4.21: 2018-12-29 09:40:40 -08:00
isdn isdn: fix kernel-infoleak in capi_unlocked_ioctl 2019-01-02 10:31:39 -08:00
leds LEDs for 4.21-rc1 2018-12-25 14:52:50 -08:00
lightnvm lightnvm: pblk: fix use-after-free bug 2018-12-22 14:45:35 -07:00
macintosh Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
mailbox mailbox: tegra-hsp: Use device-managed registration API 2018-12-21 22:31:26 -06:00
mcb
md Merge branch 'akpm' (patches from Andrew) 2018-12-28 16:55:46 -08:00
media Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
memory ARM: SoC: late updates 2019-01-05 11:30:37 -08:00
memstick MMC core: 2018-12-28 16:52:18 -08:00
message
mfd
misc Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
mmc MMC core: 2018-12-28 16:52:18 -08:00
mtd Kbuild updates for v4.21 2018-12-29 12:03:17 -08:00
mux
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-03 12:53:47 -08:00
nfc
ntb
nubus
nvdimm Merge branch 'akpm' (patches from Andrew) 2018-12-28 16:55:46 -08:00
nvme
nvmem
of Merge tag 'devicetree-for-4.21' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux 2018-12-28 20:08:34 -08:00
opp
oprofile
parisc Kconfig file consolidation for v4.21 2018-12-29 13:40:29 -08:00
parport
pci Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
pcmcia Included in this update: 2019-01-05 11:23:17 -08:00
perf drivers/perf: hisi: Fixup one DDRC PMU register offset 2019-01-04 10:13:27 +00:00
phy
pinctrl Pin control bulk changes for the v4.21 kernel cycle: 2019-01-01 13:19:16 -08:00
platform Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
pnp Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
power power supply and reset changes for the v4.21 series 2018-12-28 20:22:45 -08:00
powercap
pps Kconfig updates for v4.21 2018-12-29 13:03:29 -08:00
ps3
ptp Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
pwm pwm: imx: Add ipg clock operation 2018-12-24 12:06:56 +01:00
rapidio
ras treewide: surround Kconfig file paths with double quotes 2018-12-22 00:25:54 +09:00
regulator Merge remote-tracking branch 'regulator/topic/coupled' into regulator-next 2018-12-21 13:43:35 +00:00
remoteproc
reset
rpmsg
rtc RTC for 4.21 2019-01-01 13:24:31 -08:00
s390 s390 updates for the 4.21 merge window 2019-01-02 18:37:01 -08:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next 2018-12-26 10:32:18 -08:00
scsi Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
sfi
sh
siox
slimbus
sn
soc ARM: SoC driver updates 2018-12-31 17:32:35 -08:00
soundwire
spi spi: Updates for v4.21 2018-12-25 14:43:54 -08:00
spmi
ssb
staging Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
target SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
tc
tee OP-TEE dynamic shm log message 2018-12-31 13:06:30 -08:00
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2019-01-05 16:07:28 -08:00
thunderbolt
tty ARM: SoC: late updates 2019-01-05 11:30:37 -08:00
uio Char/Misc driver patches for 4.21-rc1 2018-12-28 20:54:57 -08:00
usb Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
uwb
vfio IOMMU Updates for Linux v4.21 2019-01-01 15:55:29 -08:00
vhost Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
video Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
virt
virtio virtio, vhost: features, fixes, cleanups 2019-01-02 18:54:45 -08:00
visorbus
vlynq
vme
w1 treewide: surround Kconfig file paths with double quotes 2018-12-22 00:25:54 +09:00
watchdog linux-watchdog 4.21-rc1 tag 2019-01-01 13:16:45 -08:00
xen Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
zorro
Kconfig Kconfig file consolidation for v4.21 2018-12-29 13:40:29 -08:00
Makefile