* [PATCH AUTOSEL 6.16-6.15] HID: rate-limit hid_warn to prevent log flooding
[not found] <20250805130945.471732-1-sashal@kernel.org>
@ 2025-08-05 13:09 ` Sasha Levin
0 siblings, 0 replies; only message in thread
From: Sasha Levin @ 2025-08-05 13:09 UTC (permalink / raw)
To: patches, stable
Cc: Li Chen, Jiri Kosina, Sasha Levin, jikos, bentiss, linux-input
From: Li Chen <chenl311@chinatelecom.cn>
[ Upstream commit 4051ead99888f101be92c7ce90d2de09aac6fd1c ]
Syzkaller can create many uhid devices that trigger
repeated warnings like:
"hid-generic xxxx: unknown main item tag 0x0"
These messages can flood the system log, especially if a crash occurs
(e.g., with a slow UART console, leading to soft lockups). To mitigate
this, convert `hid_warn()` to use `dev_warn_ratelimited()`.
This helps reduce log noise and improves system stability under fuzzing
or faulty device scenarios.
Signed-off-by: Li Chen <chenl311@chinatelecom.cn>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit should be backported to stable kernel trees for the
following reasons:
## Bug Fix for System Stability Issue
This commit addresses a **real system stability problem** that can lead
to soft lockups under specific conditions. The code changes show that
when malformed HID devices (either intentionally via fuzzing tools like
syzkaller or faulty hardware) send invalid data, the kernel can generate
excessive warning messages that flood the system log.
## Specific Code Analysis:
1. **Location of the fix** (drivers/hid/hid-core.c:661-663): The
warnings are generated in the HID parser's main item processing
function when encountering unknown or reserved tags:
```c
hid_warn(parser->device, "reserved main item tag 0x%x\n", item->tag);
hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
```
2. **Simple and contained change**: The fix only:
- Adds a new `hid_warn_ratelimited` macro in include/linux/hid.h
- Replaces two `hid_warn` calls with `hid_warn_ratelimited` calls
- Total change is just 6 lines (4 insertions, 2 modifications)
3. **No architectural changes**: This is a straightforward substitution
that uses the existing kernel infrastructure (`dev_warn_ratelimited`)
which is already widely used throughout the kernel.
## Meets Stable Kernel Criteria:
1. **Fixes a real bug**: The commit explicitly mentions that excessive
logging can cause "soft lockups" especially with slow UART consoles -
this is a serious stability issue that affects real users.
2. **Security implications**: The commit mentions syzkaller (kernel
fuzzer) can trigger this, and uhid devices can be created by
unprivileged users in many configurations, making this a potential
DoS vector.
3. **Minimal risk**: Rate-limiting warnings has virtually no risk of
regression - it doesn't change any functional behavior, only reduces
log output frequency.
4. **Already proven pattern**: Similar rate-limiting fixes have been
applied in the HID subsystem before (e.g., commit e93363f716a2 for
Nintendo controller) and throughout the kernel for log flooding
issues.
5. **Clear reproducibility**: The issue is triggered by malformed HID
devices sending invalid item tags, which can happen with faulty
hardware or intentional fuzzing.
The commit follows the stable kernel rules perfectly: it's a small,
obvious fix for a real problem that improves system stability without
introducing new features or making risky changes.
drivers/hid/hid-core.c | 4 ++--
include/linux/hid.h | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index b31b8a2fd540..a110d1965447 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
@@ -659,9 +659,9 @@ static int hid_parser_main(struct hid_parser *parser, struct hid_item *item)
default:
if (item->tag >= HID_MAIN_ITEM_TAG_RESERVED_MIN &&
item->tag <= HID_MAIN_ITEM_TAG_RESERVED_MAX)
- hid_warn(parser->device, "reserved main item tag 0x%x\n", item->tag);
+ hid_warn_ratelimited(parser->device, "reserved main item tag 0x%x\n", item->tag);
else
- hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag);
+ hid_warn_ratelimited(parser->device, "unknown main item tag 0x%x\n", item->tag);
ret = 0;
}
diff --git a/include/linux/hid.h b/include/linux/hid.h
index 568a9d8c749b..7f260e0e2049 100644
--- a/include/linux/hid.h
+++ b/include/linux/hid.h
@@ -1239,6 +1239,8 @@ void hid_quirks_exit(__u16 bus);
dev_notice(&(hid)->dev, fmt, ##__VA_ARGS__)
#define hid_warn(hid, fmt, ...) \
dev_warn(&(hid)->dev, fmt, ##__VA_ARGS__)
+#define hid_warn_ratelimited(hid, fmt, ...) \
+ dev_warn_ratelimited(&(hid)->dev, fmt, ##__VA_ARGS__)
#define hid_info(hid, fmt, ...) \
dev_info(&(hid)->dev, fmt, ##__VA_ARGS__)
#define hid_dbg(hid, fmt, ...) \
--
2.39.5
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-05 13:10 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20250805130945.471732-1-sashal@kernel.org>
2025-08-05 13:09 ` [PATCH AUTOSEL 6.16-6.15] HID: rate-limit hid_warn to prevent log flooding Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).