Hello. Thank you for the submission. Please see comments inline. On úterý 14. dubna 2026 23:41:43, středoevropský letní čas Anj Duvnjak wrote: > Commit 0a3fe972a7cb ("HID: core: Mitigate potential OOB by removing bogus > memset()") replaced the silent memset() with hid_warn_ratelimited(), which > causes dmesg flooding on devices that legitimately send short reports, > such as the APC UPS (051D:0002). > > Downgrade to dbg_hid() to restore the previous behaviour of only > reporting under HID_DEBUG, while preserving the security fix of > removing the bogus memset(). > > Reported-by: Anj Duvnjak > Closes: https://lore.kernel.org/linux-input/MW5PR84MB135613E7947113897DD9FDA4C7272@MW5PR84MB1356.NAMPRD84.PROD.OUTLOOK.COM/ > Reported-by: Oleksandr Natalenko > Closes: https://lore.kernel.org/linux-input/6256259.lOV4Wx5bFT@natalenko.name/ I think these Closes: should be Link: instead. And probably Fixes: should be added as follows: Fixes: 0a3fe972a7cb14 ("HID: core: Mitigate potential OOB by removing bogus memset()") > Signed-off-by: Anj Duvnjak > --- > drivers/hid/hid-core.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c > index 833df14ef68f..de8a179347ec 100644 > --- a/drivers/hid/hid-core.c > +++ b/drivers/hid/hid-core.c > @@ -2057,8 +2057,8 @@ int hid_report_raw_event(struct hid_device *hid, enum hid_report_type type, u8 * > rsize = max_buffer_size; > > if (csize < rsize) { > - hid_warn_ratelimited(hid, "Event data for report %d was too short (%d vs %d)\n", > - report->id, rsize, csize); > + dbg_hid("Event data for report %d was too short (%d vs %d)\n", > + report->id, rsize, csize); Ratelimiting is good to keep, IMO. There's a separate macro for that, hid_dbg_ratelimited(), which is surprisingly not used anywhere at the moment as far as I can grep, but it should do the job. > ret = -EINVAL; > goto out; > } > -- Oleksandr Natalenko, MSE