linux-toradex.git/drivers/hid/hid-multitouch.c, branch v3.12 Linux kernel for Apalis and Colibri modules HID: multitouch: validate indexes details 2013-09-13T13:13:52+00:00 Benjamin Tissoires benjamin.tissoires@redhat.com 2013-09-11T19:56:58+00:00 8821f5dc187bdf16cfb32ef5aa8c3035273fa79a When working on report indexes, always validate that they are in bounds. Without this, a HID device could report a malicious feature report that could trick the driver into a heap overflow: [ 634.885003] usb 1-1: New USB device found, idVendor=0596, idProduct=0500 ... [ 676.469629] BUG kmalloc-192 (Tainted: G W ): Redzone overwritten Note that we need to change the indexes from s8 to s16 as they can be between -1 and 255. CVE-2013-2897 Cc: stable@vger.kernel.org Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
When working on report indexes, always validate that they are in bounds.
Without this, a HID device could report a malicious feature report that
could trick the driver into a heap overflow:

[  634.885003] usb 1-1: New USB device found, idVendor=0596, idProduct=0500
...
[  676.469629] BUG kmalloc-192 (Tainted: G        W   ): Redzone overwritten

Note that we need to change the indexes from s8 to s16 as they can
be between -1 and 255.

CVE-2013-2897

Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: do not init input reports for Win 8 multitouch devices 2013-08-27T08:00:00+00:00 Benjamin Tissoires benjamin.tissoires@redhat.com 2013-08-22T12:51:09+00:00 595e9276ce68791317484ec7f0f9f2e0457c3b34 Some multitouch screens do not like to be polled for input reports. However, the Win8 spec says that all touches should be sent during each report, making the initialization of reports unnecessary. The Win7 spec is less precise, so do not use this for those devices. Add the quirk HID_QUIRK_NO_INIT_INPUT_REPORTS so that we do not have to introduce a quirk for each problematic device. This quirk makes the driver behave the same way the Win 8 does. It actually retrieves the features, but not the inputs. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Reviewed-by: Henrik Rydberg <rydberg@euromail.se> Tested-by: Srinivas Pandruvada<srinivas.pandruvada@linux.intel.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
Some multitouch screens do not like to be polled for input reports.
However, the Win8 spec says that all touches should be sent during
each report, making the initialization of reports unnecessary.
The Win7 spec is less precise, so do not use this for those devices.

Add the quirk HID_QUIRK_NO_INIT_INPUT_REPORTS so that we do not have to
introduce a quirk for each problematic device. This quirk makes the driver
behave the same way the Win 8 does. It actually retrieves the features,
but not the inputs.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Reviewed-by: Henrik Rydberg <rydberg@euromail.se>
Tested-by: Srinivas Pandruvada<srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: detect Win 8 multitouch devices in core 2013-08-27T08:00:00+00:00 Benjamin Tissoires benjamin.tissoires@redhat.com 2013-08-22T12:51:08+00:00 f961bd3516e4f699bbacff5d7f5247d6d87c59f0 Detecting Win 8 multitouch devices in core allows us to set quirks before the device is parsed through hid_hw_start(). It also simplifies the detection of those devices in hid-multitouch and makes the handling of those devices cleaner. As Win 8 multitouch panels are in the group multitouch and rely on a special feature to be detected, this patch adds a bitfield in the parser. Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Reviewed-by: Henrik Rydberg <rydberg@euromail.se> Tested-by: Srinivas Pandruvada<srinivas.pandruvada@linux.intel.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
Detecting Win 8 multitouch devices in core allows us to set quirks
before the device is parsed through hid_hw_start().
It also simplifies the detection of those devices in hid-multitouch and
makes the handling of those devices cleaner.

As Win 8 multitouch panels are in the group multitouch and rely on a
special feature to be detected, this patch adds a bitfield in the parser.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Reviewed-by: Henrik Rydberg <rydberg@euromail.se>
Tested-by: Srinivas Pandruvada<srinivas.pandruvada@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: multitouch: devm conversion 2013-07-31T08:13:15+00:00 Benjamin Tissoires benjamin.tissoires@redhat.com 2013-07-24T17:38:05+00:00 c08d46aa805ba46d501f610c2448d07bea979780 HID special drivers can use safely the devres API. Use it to remove 25 lines of code and to clean up a little the error paths. Besides the basic kzalloc -> devm_kzalloc conversions, I changed the place of the allocation of the new name. Doing this right in mt_input_configured() removes the kstrdup call which was not very helpful and the new way is simpler to understand (and to debug). Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
HID special drivers can use safely the devres API.
Use it to remove 25 lines of code and to clean up a little the error paths.

Besides the basic kzalloc -> devm_kzalloc conversions, I changed the
place of the allocation of the new name. Doing this right in
mt_input_configured() removes the kstrdup call which was not very helpful
and the new way is simpler to understand (and to debug).

Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Merge branches 'for-3.11/multitouch', 'for-3.11/sony' and 'for-3.11/upstream' into for-linus 2013-07-04T13:02:26+00:00 Jiri Kosina jkosina@suse.cz 2013-07-04T13:02:26+00:00 08ec2dcc3527a20c619aca2fb36f800908256bac Conflicts: drivers/hid/hid-core.c 
Conflicts:
	drivers/hid/hid-core.c
HID: multitouch: prevent memleak with the allocated name 2013-06-12T09:13:38+00:00 Benjamin Tissoires benjamin.tissoires@redhat.com 2013-05-29T08:45:09+00:00 5939212df87e9377dd3813904264b94a962d19ca mt_free_input_name() was never called during .remove(): hid_hw_stop() removes the hid_input items in hdev->inputs, and so the list is therefore empty after the call. In the end, we never free the special names that has been allocated during .probe(). Restore the original name before freeing it to avoid acessing already freed pointer. This fixes a regression introduced by 49a5a827a ("HID: multitouch: append " Pen" to the name of the stylus input") Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
mt_free_input_name() was never called during .remove():
hid_hw_stop() removes the hid_input items in hdev->inputs, and so the
list is therefore empty after the call. In the end, we never free the
special names that has been allocated during .probe().

Restore the original name before freeing it to avoid acessing already
freed pointer.

This fixes a regression introduced by 49a5a827a ("HID: multitouch: append " Pen" to
the name of the stylus input")

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: remove duplicate ID for D-WAV eGalax 0x7224 2013-05-20T12:48:23+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2013-05-17T11:34:49+00:00 adb91aef9f9965341a9252bd610b5d828d5c016f This patch also removes the duplicate entry in the hid-multitouch.c as suggested by Benjamin Tissoires. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
This patch also removes the duplicate entry in the hid-multitouch.c as
suggested by Benjamin Tissoires.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: sort IDs for D-WAV eGalax multitouch devices 2013-05-20T12:48:09+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2013-05-17T11:34:48+00:00 aa672da1b05680f7f087873ae2d02f4a9bf4a829 Just sort the list by IDs. There is no functional change. Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-By: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
Just sort the list by IDs. There is no functional change.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-By: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
HID: multitouch: add support for Data Modul easyMaxTouch 2013-05-16T11:28:16+00:00 Steffen Trumtrar s.trumtrar@pengutronix.de 2013-05-16T09:49:41+00:00 0b7ddda69263c305375ab88d4272c4a548bf66c0 Add vendor ID for Data Modul and their easyMaxTouch device. The device has to be configured to multitouch mode prior to using this driver. Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz> 
Add vendor ID for Data Modul and their easyMaxTouch device.
The device has to be configured to multitouch mode prior to using this driver.

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Merge branch 'for-3.10/mt-hybrid-finger-pen' into for-linus 2013-04-30T08:17:48+00:00 Jiri Kosina jkosina@suse.cz 2013-04-30T08:17:48+00:00 72c16d9a5c303dce928a52a8861fe7a2a25f849a Conflicts: drivers/hid/hid-multitouch.c 
Conflicts:
	drivers/hid/hid-multitouch.c