From: Greg KH <greg@kroah.com>
To: Eric Naim <dnaim@cachyos.org>
Cc: Taylor Hewetson <taylor@exponent.digital>,
Jiri Kosina <jikos@kernel.org>,
Benjamin Tissoires <bentiss@kernel.org>,
linux-usb@vger.kernel.org, linux-input@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes
Date: Thu, 23 Apr 2026 11:29:58 +0200 [thread overview]
Message-ID: <2026042330-underarm-reusable-effa@gregkh> (raw)
In-Reply-To: <81ef5ca0-b070-4afc-bda7-3e5a49677115@cachyos.org>
On Thu, Apr 23, 2026 at 05:55:00AM +0000, Eric Naim wrote:
> On 4/18/26 3:14 PM, Greg KH wrote:
> > On Sat, Apr 18, 2026 at 02:58:23PM +1200, Taylor Hewetson wrote:
> >> Some USB HID devices (observed on ASUS ROG Azoth via its 2.4GHz
> >> dongle, USB ID 0b05:1a85) report an iSerialNumber string whose
> >> USB string descriptor declares a longer length than the actual
> >> serial, leaving uninitialized firmware memory - including control
> >> characters such as 0x18 - appended to the returned string.
> >>
> >> These non-printable bytes propagate into hid->uniq, which in turn
> >> populates /sys/class/input/inputN/uniq. Downstream userspace
> >> components (systemd sd-device property_is_valid(), and by extension
> >> mutter input enumeration on GNOME Wayland sessions) reject devices
> >> with control characters in their uniq, rendering otherwise-
> >> functional input devices unusable in graphical sessions despite
> >> the kernel input layer correctly translating keypresses.
> >>
> >> Truncate hid->uniq at the first byte outside the printable ASCII
> >> range (0x20..0x7e) after the serial is read.
> >
> > Why aren't we doing this in the USB core instead of forcing all users of
> > this to do it instead?
>
> Should it be up to the kernel to do this as well? Currently this is only a
> problem with systemd because they added this check, and it looks like they
> have something in mind to fix it as well [1].
>
> [1] https://github.com/systemd/systemd/issues/41339#issuecomment-4266429563
It's either up to the kernel, or every single userspace program that
reads the strings from a device. Might as well do it in one place,
right?
thanks,
greg k-h
next prev parent reply other threads:[~2026-04-23 9:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-18 2:58 [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes Taylor Hewetson
2026-04-18 7:14 ` Greg KH
2026-04-23 5:55 ` Eric Naim
2026-04-23 9:29 ` Greg KH [this message]
2026-04-23 9:36 ` Eric Naim
2026-04-23 9:49 ` Oliver Neukum
2026-04-23 14:03 ` Alan Stern
2026-04-18 19:08 ` USB: core: sanitize string descriptors against C0 control characters Taylor Hewetson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026042330-underarm-reusable-effa@gregkh \
--to=greg@kroah.com \
--cc=bentiss@kernel.org \
--cc=dnaim@cachyos.org \
--cc=jikos@kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=taylor@exponent.digital \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.