[PATCH OLK-6.6] HID: core: remove unnecessary WARN_ON() in implement() - Kernel

22 Jul 2024

From: Nikita Zhandarovich n.zhandarovich@fintech.ru
stable inclusion
from stable-v6.6.35
commit 30f76bc468b9b2cbbd5d3eb482661e3e4798893f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD00R
CVE: CVE-2024-39509
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 4aa2dcfbad538adf7becd0034a3754e1bd01b2b5 ]
Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.
Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:
    ...
    value &= m;
    ...
WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.
[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU: 0 PID: 5084 Comm: syz-executor424 Not tainted 6.9.0-rc7-syzkaller-00183-gcf87f46fd34d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
RIP: 0010:implement drivers/hid/hid-core.c:1451 [inline]
RIP: 0010:hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
...
Call Trace:
 <TASK>
 __usbhid_submit_report drivers/hid/usbhid/hid-core.c:591 [inline]
 usbhid_submit_report+0x43d/0x9e0 drivers/hid/usbhid/hid-core.c:636
 hiddev_ioctl+0x138b/0x1f00 drivers/hid/usbhid/hiddev.c:726
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:904 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:890
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
Fixes: 95d1c8951e5b ("HID: simplify implement() a bit")
Reported-by: syzbot+5186630949e3c55f0799@syzkaller.appspotmail.com
Suggested-by: Alan Stern stern@rowland.harvard.edu
Signed-off-by: Nikita Zhandarovich n.zhandarovich@fintech.ru
Signed-off-by: Jiri Kosina jkosina@suse.com
Signed-off-by: Sasha Levin sashal@kernel.org
Signed-off-by: Wang Hai wanghai38@huawei.com
---
 drivers/hid/hid-core.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index e0181218ad85..85ddeb13a3fa 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -1448,7 +1448,6 @@ static void implement(const struct hid_device *hid, u8 *report,
    		hid_warn(hid,
    			 "%s() called with too large value %d (n: %d)! (%s)\n",
    			 __func__, value, n, current->comm);
-			WARN_ON(1);
    		value &= m;
    	}
    }
-- 
2.17.1


    