From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6B265334685 for ; Sat, 18 Apr 2026 19:09:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776539394; cv=none; b=UqcOmpVh0RjU2X/m/aVnb6ImX8GrM2Q5NS4YeC6rwSzgR0soFUOEOftK52DvTy0J6jXYdYrSlBWqbAkvdS2F8znROH0oV45h6P26QV6PD8LMt8caMjAUUDCYjdt1KLumuy/72FqVbw1FM+Im0QhO5RHKdpDi0bAHdNMUVTK3IVE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1776539394; c=relaxed/simple; bh=6phJpfo1/TgeG8CqA+xEvmPHdhxQxxft5quGLReGZHE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=CSy2dNn+FcaA26I+IYlJhNX3TpMtO7EC3uJbzQh6idO24QzvIfW87UI7jTmqSHZ4eDz1z9RbXh6yqtEfhxulqAx9mcAT/HPXMXprDO1K7ryfrg5ps5gwlEgJxdNix6LNXdSNN5fh698wmb6vsNNyW+0S5ks66iuEQ0WJU144vWc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=exponent.digital; spf=pass smtp.mailfrom=exponent.digital; dkim=pass (2048-bit key) header.d=exponent-digital.20251104.gappssmtp.com header.i=@exponent-digital.20251104.gappssmtp.com header.b=XkLxoPOY; arc=none smtp.client-ip=209.85.216.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=exponent.digital Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=exponent.digital Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=exponent-digital.20251104.gappssmtp.com header.i=@exponent-digital.20251104.gappssmtp.com header.b="XkLxoPOY" Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-356337f058aso1118846a91.2 for ; Sat, 18 Apr 2026 12:09:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=exponent-digital.20251104.gappssmtp.com; s=20251104; t=1776539393; x=1777144193; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Re1Tn3EYlmJfQ0pcPCyVC6b+63SUz0TaqbSl7xgqkiY=; b=XkLxoPOYYMkbgFHcqqze0SaVjE04qGPrjTqyx0pHXeGY+BGlpuyNi+12ANIfxovjXk HFMPgf6MWMRvHR7OqToaVkdlCkRt9w8CWt4e3nIencN5ND3VvGDiID3kZ9N+ycx5CSWW V8s5fElOV6IsyVamRPsbtC0BeUVUIoyOdb0ApbZknuT/E9LKkfTLAApOBLBCMVDcs/Uj RCbt2ATm1KoF7seP2594DEfd2VfctXMu0tAykEh/wlkvtAAArZ+mifkQ6SvkhqECaRXz 3b0XBxdVcBkxe15u4g5xfDFp3twtJUcYEnvyH0vIPfYVcAefz8nQk7C90UfqXMqDRaQW VKTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776539393; x=1777144193; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Re1Tn3EYlmJfQ0pcPCyVC6b+63SUz0TaqbSl7xgqkiY=; b=AB5yg1lBW315d4VRvsWV6A1pGK9y/f5eSPEqr7HqIBhNhAg0COwdLniOA0+Xux0vBG mdsuO7X2RWtmEkiwQEq6m0Be4yMPhgqt2YzMFgn4vXwkZGGJgzFFi3fW3btfqSL1b4i1 1JLnAb3K6BUjl2rG7hNwx+iKQSAT5YRK+1cJmPnXVTdVXX5XQHtQWKCDUZ9cpC/MBBjB Ki88Ji+HqckOPaXIGNI0+P1Cq7YNcyk5N6vY2S/My8/7HRgnRT1Mrl9mGMBRMworn08D ivDJxBqTz8SRqtiWNAWwH4v7XBsrG6L0uDhNyTXyuh654bP+AD+4ftPjlKUnZAXjDVYC JK+g== X-Forwarded-Encrypted: i=1; AFNElJ9jsGQDOJQTJeKnnYGFXYjEjCPf+FFewp/c1JFTJ3Eg+Kfeo649lIaRSrRF7D2pLQiFv2DDWH1XmartROk=@vger.kernel.org X-Gm-Message-State: AOJu0YzsghoaYxrPbpg9sBU8+KiysllFi5g1A4xGcs78zg8aE13B4lRW 9cnyRvpA+uQ4RAsaBSo2X+G0HN/0a0E7iyMt1eIaCC79kcKZan20fn9ui4NS741mpyukE3DeafY pj8pXNuw= X-Gm-Gg: AeBDietaYfcVXslf0E9EXsK/gsMBUEJjaD6GHlF31+0mcilVIgm7pVHRiK14xesmvzt oHjXGj8K9gImtqm/d4aww76XWc9EnthTHfQYr9eDw1ztyvBkzmDh3S5VqhkJB8fa/0bqJhf2Ttn HyFajC0wXsAr0cHmHjqx0gVN1UFACivyGwKUwV7bPAzelrYg0/cOdDE679cfEIuG4H3ymxx1hJB DALTqxU0XwFQF9q8rJzSSu1iGN76cq3oHYmUH4PLmM3XNT2E0+01qSyNU8k7VSRw3DWnpqDhy/k rQLzeXfnEnwGixVBkzholUcMva/jzh32GeDwTLg9tkPMwUAawypvfJB8kz/OdJCJdBuad29yv47 kG88GJufSwUz7o5AhvcWIbNAt/SnNV1XAJ+eOL9yZo3pUNNdeWZLgcN3/6k97YSK+CuwEy5Kmk/ U16nDZr/1Iad0m5U2tuGs7GQSihQu2skWDURm/Shu8Su84FA1/ X-Received: by 2002:a17:90a:d09:b0:361:45df:102 with SMTP id 98e67ed59e1d1-36145df0c75mr3987589a91.17.1776539392671; Sat, 18 Apr 2026 12:09:52 -0700 (PDT) Received: from yohji.localdomain ([101.100.136.235]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-36145fe05f4sm2043031a91.0.2026.04.18.12.09.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Apr 2026 12:09:52 -0700 (PDT) From: Taylor Hewetson To: Greg Kroah-Hartman , Jiri Kosina , Benjamin Tissoires Cc: linux-usb@vger.kernel.org, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, Taylor Hewetson Subject: USB: core: sanitize string descriptors against C0 control characters Date: Sun, 19 Apr 2026 07:08:58 +1200 Message-ID: <20260418190858.19865-1-taylor@exponent.digital> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260418025823.21767-1-taylor@exponent.digital> References: <20260418025823.21767-1-taylor@exponent.digital> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Some USB devices report string descriptors with a declared length greater than the actual string, leaving uninitialized firmware memory - often including C0 control characters such as 0x18 - appended to the returned string. This has been observed on the ASUS ROG Azoth 2.4GHz dongle (USB ID 0b05:1a85), where the trailing bytes make their way into hid->uniq and then /sys/class/input/inputN/uniq. Downstream userspace components then reject the device. systemd's sd-device property_is_valid() treats any string property containing control characters as invalid and refuses to set ID_SERIAL_SHORT, which in turn prevents the device from being tagged with seat. On GNOME Wayland, mutter silently declines to open input devices that are missing this tagging, leaving the keyboard visible and producing keycodes at the kernel layer but dead to the user in a graphical session. Truncate the returned UTF-8 string at the first C0 control character (0x00..0x1F) or DEL (0x7F). Printable Unicode beyond ASCII is left intact, so legitimate non-ASCII serials (e.g. European manufacturers) continue to work. Callers that previously received a string with trailing garbage now receive the clean leading portion, which is well-formed UTF-8 and safe for all downstream consumers. Signed-off-by: Taylor Hewetson --- Changes since v1: - Move the sanitization from drivers/hid/usbhid/hid-core.c to drivers/usb/core/message.c so that all usb_string() callers benefit, not just usbhid. (Greg KH) - Broaden the scope from "ASUS Azoth workaround" to "well-formed string guarantee for usb_string()"; update commit message accordingly. v1: https://lore.kernel.org/all/20260418025823.21767-1-taylor@exponent.digital/ --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -1052,6 +1052,25 @@ UTF16_LITTLE_ENDIAN, buf, size); buf[err] = 0; + /* + * Some devices report string descriptors with a declared length + * greater than the actual serial, leaving uninitialized firmware + * memory (often including C0 control characters) appended to the + * returned string. Truncate at the first control character so + * callers get a clean, well-formed string. + */ + { + int i; + for (i = 0; i < err; i++) { + unsigned char c = buf[i]; + if (c < 0x20 || c == 0x7f) { + buf[i] = 0; + err = i; + break; + } + } + } + if (tbuf[1] != USB_DT_STRING) dev_dbg(&dev->dev, "wrong descriptor type %02x for string %d (\"%s\")\n",