From: sashiko-bot@kernel.org
To: "Ruoyu Wang" <ruoyuw560@gmail.com>
Cc: dmitry.torokhov@gmail.com, linux-input@vger.kernel.org
Subject: Re: [PATCH v2] HID: wacom: avoid copying Bluetooth input reports
Date: Wed, 17 Jun 2026 07:31:22 +0000 [thread overview]
Message-ID: <20260617073123.5ADFE1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260617072035.3373487-1-ruoyuw560@gmail.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Unaligned memory access when parsing Bluetooth input reports.
--
commit 3d01afcf428b29530738d10b1c36a61efcc9ab57
Author: Ruoyu Wang <ruoyuw560@gmail.com>
HID: wacom: avoid copying Bluetooth input reports
This commit avoids duplicating the Bluetooth report with kmemdup() by
temporarily pointing wacom->data at the 10-byte payload while the
common parser runs.
> diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
> index da1f0ea85625d..a29bf051ada7c 100644
> --- a/drivers/hid/wacom_wac.c
> +++ b/drivers/hid/wacom_wac.c
> @@ -1192,8 +1192,11 @@ static int int_dist(int x1, int y1, int x2, int y2)
> static void wacom_intuos_bt_process_data(struct wacom_wac *wacom,
> unsigned char *data)
> {
> - memcpy(wacom->data, data, 10);
> + u8 *saved_data = wacom->data;
> +
> + wacom->data = data;
[Severity: High]
Can this lead to unaligned memory accesses on strict-alignment architectures?
In wacom_intuos_bt_irq(), wacom_intuos_bt_process_data() is called with
data + 1 or data + 11. By pointing wacom->data directly to these unaligned
offsets, the common parsers will receive an odd-aligned base pointer.
When wacom_intuos_irq() then calls wacom_intuos_general() or
wacom_intuos_pad(), those functions assume wacom->data is aligned and cast
offsets from it to __be16 *:
drivers/hid/wacom_wac.c:wacom_intuos_general() {
...
x = (be16_to_cpup((__be16 *)&data[2]) << 1) | ((data[9] >> 1) & 1);
...
}
If data is odd-aligned, &data[2] will also be unaligned. Calling
be16_to_cpup() on an unaligned pointer will trigger alignment faults on
architectures that do not support hardware unaligned accesses.
> wacom_intuos_irq(wacom);
> + wacom->data = saved_data;
>
> input_sync(wacom->pen_input);
> if (wacom->pad_input)
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260617072035.3373487-1-ruoyuw560@gmail.com?part=1
next prev parent reply other threads:[~2026-06-17 7:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-06 4:03 [PATCH] HID: wacom: handle kmemdup failure in Bluetooth IRQ path Ruoyu Wang
2026-06-16 18:27 ` Jason Gerecke
2026-06-17 7:20 ` [PATCH v2] HID: wacom: avoid copying Bluetooth input reports Ruoyu Wang
2026-06-17 7:31 ` sashiko-bot [this message]
2026-06-17 16:55 ` Jason Gerecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617073123.5ADFE1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=dmitry.torokhov@gmail.com \
--cc=linux-input@vger.kernel.org \
--cc=ruoyuw560@gmail.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.