Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <greg@kroah.com>
To: Taylor Hewetson <taylor@exponent.digital>
Cc: Jiri Kosina <jikos@kernel.org>,
	Benjamin Tissoires <bentiss@kernel.org>,
	linux-usb@vger.kernel.org, linux-input@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes
Date: Sat, 18 Apr 2026 09:14:08 +0200	[thread overview]
Message-ID: <2026041845-approve-pelvis-9845@gregkh> (raw)
In-Reply-To: <20260418025823.21767-1-taylor@exponent.digital>

On Sat, Apr 18, 2026 at 02:58:23PM +1200, Taylor Hewetson wrote:
> Some USB HID devices (observed on ASUS ROG Azoth via its 2.4GHz
> dongle, USB ID 0b05:1a85) report an iSerialNumber string whose
> USB string descriptor declares a longer length than the actual
> serial, leaving uninitialized firmware memory - including control
> characters such as 0x18 - appended to the returned string.
> 
> These non-printable bytes propagate into hid->uniq, which in turn
> populates /sys/class/input/inputN/uniq. Downstream userspace
> components (systemd sd-device property_is_valid(), and by extension
> mutter input enumeration on GNOME Wayland sessions) reject devices
> with control characters in their uniq, rendering otherwise-
> functional input devices unusable in graphical sessions despite
> the kernel input layer correctly translating keypresses.
> 
> Truncate hid->uniq at the first byte outside the printable ASCII
> range (0x20..0x7e) after the serial is read.

Why aren't we doing this in the USB core instead of forcing all users of
this to do it instead?

thanks,

greg k-h

next prev parent reply	other threads:[~2026-04-18  7:14 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-18  2:58 [PATCH] HID: usbhid: sanitize hid->uniq against non-printable bytes Taylor Hewetson
2026-04-18  7:14 ` Greg KH [this message]
2026-04-18 19:08 ` USB: core: sanitize string descriptors against C0 control characters Taylor Hewetson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2026041845-approve-pelvis-9845@gregkh \
    --to=greg@kroah.com \
    --cc=bentiss@kernel.org \
    --cc=jikos@kernel.org \
    --cc=linux-input@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=taylor@exponent.digital \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox