diff options
| author |   Alan Stern <stern@rowland.harvard.edu> | 2021-09-01 12:36:00 -0400 |
|---|---|---|
| committer |   Jiri Kosina <jkosina@suse.cz> | 2021-09-01 20:52:31 +0200 |
| commit | 0a824efdb724e07574bafcd2c2486b2a3de35ff6 (patch) | |
| tree | 1b0db6fa8d983cb67b797336139cf8125e9f10b2 /tools/perf/scripts/python/call-graph-from-sql.py | |
| parent | HID: usbhid: Fix flood of "control queue full" messages (diff) | |
| download | linux-dev-0a824efdb724e07574bafcd2c2486b2a3de35ff6.tar.xz linux-dev-0a824efdb724e07574bafcd2c2486b2a3de35ff6.zip | |
HID: usbhid: Fix warning caused by 0-length input reports
Syzbot found a warning caused by hid_submit_ctrl() submitting a
control request to transfer a 0-length input report:
usb 1-1: BOGUS control dir, pipe 80000280 doesn't match bRequestType a1
(The warning message is a little difficult to understand. It means
that the control request claims to be for an IN transfer but this
contradicts the USB spec, which requires 0-length control transfers
always to be in the OUT direction.)
Now, a zero-length report isn't good for anything and there's no
reason for a device to have one, but the fuzzer likes to pick out
these weird edge cases. In the future, perhaps we will decide to
reject 0-length reports at probe time. For now, the simplest approach
for avoiding these warnings is to pretend that the report actually has
length 1.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+9b57a46bf1801ce2a2ca@syzkaller.appspotmail.com
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Tested-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-sql.py')
0 files changed, 0 insertions, 0 deletions