From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Roderick Colenbrander <roderick.colenbrander@sony.com>,
Jiri Kosina <jkosina@suse.cz>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.15 09/20] HID: playstation: sanity check DualSense calibration data.
Date: Fri, 3 Feb 2023 11:13:36 +0100 [thread overview]
Message-ID: <20230203101008.395104293@linuxfoundation.org> (raw)
In-Reply-To: <20230203101007.985835823@linuxfoundation.org>
From: Roderick Colenbrander <roderick@gaikai.com>
[ Upstream commit ccf1e1626d37745d0a697db67407beec9ae9d4b8 ]
Make sure calibration values are defined to prevent potential kernel
crashes. This fixes a hypothetical issue for virtual or clone devices
inspired by a similar fix for DS4.
Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hid/hid-playstation.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/drivers/hid/hid-playstation.c b/drivers/hid/hid-playstation.c
index bd0e0fe2f627..944e5e5ff134 100644
--- a/drivers/hid/hid-playstation.c
+++ b/drivers/hid/hid-playstation.c
@@ -626,6 +626,7 @@ static const struct attribute_group ps_device_attribute_group = {
static int dualsense_get_calibration_data(struct dualsense *ds)
{
+ struct hid_device *hdev = ds->base.hdev;
short gyro_pitch_bias, gyro_pitch_plus, gyro_pitch_minus;
short gyro_yaw_bias, gyro_yaw_plus, gyro_yaw_minus;
short gyro_roll_bias, gyro_roll_plus, gyro_roll_minus;
@@ -636,6 +637,7 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
int speed_2x;
int range_2g;
int ret = 0;
+ int i;
uint8_t *buf;
buf = kzalloc(DS_FEATURE_REPORT_CALIBRATION_SIZE, GFP_KERNEL);
@@ -687,6 +689,21 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
ds->gyro_calib_data[2].sens_numer = speed_2x*DS_GYRO_RES_PER_DEG_S;
ds->gyro_calib_data[2].sens_denom = gyro_roll_plus - gyro_roll_minus;
+ /*
+ * Sanity check gyro calibration data. This is needed to prevent crashes
+ * during report handling of virtual, clone or broken devices not implementing
+ * calibration data properly.
+ */
+ for (i = 0; i < ARRAY_SIZE(ds->gyro_calib_data); i++) {
+ if (ds->gyro_calib_data[i].sens_denom == 0) {
+ hid_warn(hdev, "Invalid gyro calibration data for axis (%d), disabling calibration.",
+ ds->gyro_calib_data[i].abs_code);
+ ds->gyro_calib_data[i].bias = 0;
+ ds->gyro_calib_data[i].sens_numer = DS_GYRO_RANGE;
+ ds->gyro_calib_data[i].sens_denom = S16_MAX;
+ }
+ }
+
/*
* Set accelerometer calibration and normalization parameters.
* Data values will be normalized to 1/DS_ACC_RES_PER_G g.
@@ -709,6 +726,21 @@ static int dualsense_get_calibration_data(struct dualsense *ds)
ds->accel_calib_data[2].sens_numer = 2*DS_ACC_RES_PER_G;
ds->accel_calib_data[2].sens_denom = range_2g;
+ /*
+ * Sanity check accelerometer calibration data. This is needed to prevent crashes
+ * during report handling of virtual, clone or broken devices not implementing calibration
+ * data properly.
+ */
+ for (i = 0; i < ARRAY_SIZE(ds->accel_calib_data); i++) {
+ if (ds->accel_calib_data[i].sens_denom == 0) {
+ hid_warn(hdev, "Invalid accelerometer calibration data for axis (%d), disabling calibration.",
+ ds->accel_calib_data[i].abs_code);
+ ds->accel_calib_data[i].bias = 0;
+ ds->accel_calib_data[i].sens_numer = DS_ACC_RANGE;
+ ds->accel_calib_data[i].sens_denom = S16_MAX;
+ }
+ }
+
err_free:
kfree(buf);
return ret;
--
2.39.0
next prev parent reply other threads:[~2023-02-03 10:24 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 10:13 [PATCH 5.15 00/20] 5.15.92-rc1 review Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 01/20] ARM: dts: imx: Fix pca9547 i2c-mux node name Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 02/20] ARM: dts: vf610: Fix pca9548 i2c-mux node names Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 03/20] arm64: dts: freescale: Fix pca954x " Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 04/20] arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 05/20] firmware: arm_scmi: Clear stale xfer->hdr.status Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 06/20] bpf: Skip task with pid=1 in send_signal_common() Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 07/20] erofs/zmap.c: Fix incorrect offset calculation Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 08/20] blk-cgroup: fix missing pd_online_fn() while activating policy Greg Kroah-Hartman
2023-02-03 10:13 ` Greg Kroah-Hartman [this message]
2023-02-03 10:13 ` [PATCH 5.15 10/20] dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 11/20] cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 12/20] ext4: fix bad checksum after online resize Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 13/20] extcon: usbc-tusb320: fix kernel-doc warning Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 14/20] ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 15/20] Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 16/20] tools: fix ARRAY_SIZE defines in tools and selftests hdrs Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 17/20] selftests/vm: remove ARRAY_SIZE define from individual tests Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 18/20] selftests: Provide local define of __cpuid_count() Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 19/20] net: fix NULL pointer in skb_segment_list Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 5.15 20/20] net: mctp: purge receive queues on sk destruction Greg Kroah-Hartman
2023-02-03 20:03 ` [PATCH 5.15 00/20] 5.15.92-rc1 review Florian Fainelli
2023-02-04 0:53 ` Shuah Khan
2023-02-04 1:50 ` Guenter Roeck
2023-02-04 2:03 ` Bagas Sanjaya
2023-02-04 8:31 ` Naresh Kamboju
2023-02-04 8:55 ` Ron Economos
2023-02-06 7:12 ` Greg Kroah-Hartman
2023-02-06 8:56 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230203101008.395104293@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jkosina@suse.cz \
--cc=patches@lists.linux.dev \
--cc=roderick.colenbrander@sony.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.