From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Roderick Colenbrander <roderick@gaikai.com>,
Roderick Colenbrander <roderick.colenbrander@sony.com>,
Jiri Kosina <jkosina@suse.cz>, Sasha Levin <sashal@kernel.org>,
jikos@kernel.org, benjamin.tissoires@redhat.com,
linux-input@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 22/35] HID: playstation: sanity check DualSense calibration data.
Date: Tue, 24 Jan 2023 08:41:18 -0500 [thread overview]
Message-ID: <20230124134131.637036-22-sashal@kernel.org> (raw)
In-Reply-To: <20230124134131.637036-1-sashal@kernel.org>
From: Roderick Colenbrander <roderick@gaikai.com>
[ Upstream commit ccf1e1626d37745d0a697db67407beec9ae9d4b8 ]
Make sure calibration values are defined to prevent potential kernel
crashes. This fixes a hypothetical issue for virtual or clone devices
inspired by a similar fix for DS4.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-playstation.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index 0b58763bfd30..2228f6e4ba23 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -712,6 +712,7 @@ ATTRIBUTE_GROUPS(ps_device);
static int dualsense_get_calibration_data(struct dualsense *ds)
{
+ struct hid_device *hdev = ds->base.hdev;
short gyro_pitch_bias, gyro_pitch_plus, gyro_pitch_minus;
short gyro_yaw_bias, gyro_yaw_plus, gyro_yaw_minus;
short gyro_roll_bias, gyro_roll_plus, gyro_roll_minus;
@@ -722,6 +723,7 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
int speed_2x;
int range_2g;
int ret = 0;
+ int i;
uint8_t *buf;
buf = kzalloc(DS_FEATURE_REPORT_CALIBRATION_SIZE, GFP_KERNEL);
@@ -773,6 +775,21 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
ds->gyro_calib_data[2].sens_numer = speed_2x*DS_GYRO_RES_PER_DEG_S;
ds->gyro_calib_data[2].sens_denom = gyro_roll_plus - gyro_roll_minus;
+ /*
+ * Sanity check gyro calibration data. This is needed to prevent crashes
+ * during report handling of virtual, clone or broken devices not implementing
+ * calibration data properly.
+ */
+ for (i = 0; i < ARRAY_SIZE(ds->gyro_calib_data); i++) {
+ if (ds->gyro_calib_data[i].sens_denom == 0) {
+ hid_warn(hdev, "Invalid gyro calibration data for axis (%d), disabling calibration.",
+ ds->gyro_calib_data[i].abs_code);
+ ds->gyro_calib_data[i].bias = 0;
+ ds->gyro_calib_data[i].sens_numer = DS_GYRO_RANGE;
+ ds->gyro_calib_data[i].sens_denom = S16_MAX;
+ }
+ }
+
/*
* Set accelerometer calibration and normalization parameters.
* Data values will be normalized to 1/DS_ACC_RES_PER_G g.
@@ -795,6 +812,21 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
ds->accel_calib_data[2].sens_numer = 2*DS_ACC_RES_PER_G;
ds->accel_calib_data[2].sens_denom = range_2g;
+ /*
+ * Sanity check accelerometer calibration data. This is needed to prevent crashes
+ * during report handling of virtual, clone or broken devices not implementing calibration
+ * data properly.
+ */
+ for (i = 0; i < ARRAY_SIZE(ds->accel_calib_data); i++) {
+ if (ds->accel_calib_data[i].sens_denom == 0) {
+ hid_warn(hdev, "Invalid accelerometer calibration data for axis (%d), disabling calibration.",
+ ds->accel_calib_data[i].abs_code);
+ ds->accel_calib_data[i].bias = 0;
+ ds->accel_calib_data[i].sens_numer = DS_ACC_RANGE;
+ ds->accel_calib_data[i].sens_denom = S16_MAX;
+ }
+ }
+
err_free:
kfree(buf);
return ret;
--
2.39.0
next prev parent reply other threads:[~2023-01-24 13:44 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-24 13:40 [PATCH AUTOSEL 6.1 01/35] ARM: dts: imx: Fix pca9547 i2c-mux node name Sasha Levin
2023-01-24 13:40 ` Sasha Levin
2023-01-24 13:40 ` [PATCH AUTOSEL 6.1 02/35] ARM: dts: vf610: Fix pca9548 i2c-mux node names Sasha Levin
2023-01-24 13:40 ` Sasha Levin
2023-01-24 13:40 ` [PATCH AUTOSEL 6.1 03/35] arm64: dts: freescale: Fix pca954x " Sasha Levin
2023-01-24 13:40 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 04/35] arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 05/35] firmware: arm_scmi: Clear stale xfer->hdr.status Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 06/35] bpf: Skip task with pid=1 in send_signal_common() Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 07/35] erofs/zmap.c: Fix incorrect offset calculation Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 08/35] mac80211: Fix MLO address translation for multiple bss case Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 09/35] arm64: dts: msm8994-angler: fix the memory map Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 10/35] ARM: omap1: fix building gpio15xx Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 11/35] init/Kconfig: fix LOCALVERSION_AUTO help text Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 12/35] kselftest: Fix error message for unconfigured LLVM builds Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 13/35] erofs: clean up parsing of fscache related options Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 14/35] btrfs: factor out scratching of one regular super block Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 15/35] btrfs: stop using write_one_page in btrfs_scratch_superblock Sasha Levin
2023-01-24 16:57 ` David Sterba
2023-02-01 15:21 ` Sasha Levin
[not found] ` <20230124134131.637036-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 16/35] blk-cgroup: fix missing pd_online_fn() while activating policy Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 17/35] LoongArch: Get frame info in unwind_start() when regs is not available Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 18/35] ACPI: video: Add backlight=native DMI quirk for Acer Aspire 4810T Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 19/35] block: fix hctx checks for batch allocation Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 20/35] s390: workaround invalid gcc-11 out of bounds read warning Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 21/35] HID: uclogic: Add support for XP-PEN Deco 01 V2 Sasha Levin
2023-01-24 13:41 ` Sasha Levin [this message]
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 23/35] dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 24/35] gpiolib: acpi: Allow ignoring wake capability on pins that aren't in _AEI Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 25/35] cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 26/35] nvme-apple: only reset the controller when RTKit is running Sasha Levin
2023-01-24 13:41 ` Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 27/35] octeontx2-af: recover CPT engine when it gets fault Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 28/35] octeontx2-af: add mbox for CPT LF reset Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 29/35] octeontx2-af: modify FLR sequence for CPT Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 30/35] octeontx2-af: optimize cpt pf identification Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 31/35] octeontx2-af: restore rxc conf after teardown sequence Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 32/35] octeontx2-af: update cpt lf alloc mailbox Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 33/35] octeontx2-af: add mbox to return CPT_AF_FLT_INT info Sasha Levin
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 34/35] prlimit: do_prlimit needs to have a speculation check Sasha Levin
2023-01-24 15:28 ` Greg Kroah-Hartman
2023-01-24 13:41 ` [PATCH AUTOSEL 6.1 35/35] ext4: deal with legacy signed xattr name hash values Sasha Levin
2023-01-24 16:50 ` Linus Torvalds
2023-01-24 17:23 ` Linus Torvalds
2023-01-25 16:01 ` Theodore Ts'o
2023-01-26 14:12 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230124134131.637036-22-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=jikos@kernel.org \
--cc=jkosina@suse.cz \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roderick.colenbrander@sony.com \
--cc=roderick@gaikai.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.