On Thu, Jul 17, 2025 at 08:49:03AM -0700, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any issue: > > Reported-by: syzbot+b63d677d63bcac06cf90@xxxxxxxxxxxxxxxxxxxxxxxxx > Tested-by: syzbot+b63d677d63bcac06cf90@xxxxxxxxxxxxxxxxxxxxxxxxx > > Tested on: > > commit: c2ca42f1 HID: core: do not bypass hid_hw_raw_request > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git > console output: https://syzkaller.appspot.com/x/log.txt?x=148b258c580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=ec692dfd475747ff > dashboard link: https://syzkaller.appspot.com/bug?extid=b63d677d63bcac06cf90 > compiler: Debian clang version 20.1.7 (++20250616065708+6146a88f6049-1~exp1~20250616065826.132), Debian LLD 20.1.7 > patch: https://syzkaller.appspot.com/x/patch.diff?x=14dd1382580000 > > Note: testing is done by a robot and is best-effort only. Let's try a different approach: hardening against invalid field attributes. As far as I can tell on a quick scan through the code, only one change is needed. Alan Stern #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid.git c2ca42f190b6 Index: usb-devel/drivers/hid/hid-core.c =================================================================== --- usb-devel.orig/drivers/hid/hid-core.c +++ usb-devel/drivers/hid/hid-core.c @@ -66,8 +66,12 @@ static s32 snto32(__u32 value, unsigned static u32 s32ton(__s32 value, unsigned int n) { - s32 a = value >> (n - 1); + s32 a; + if (!value || !n) + return 0; + + a = value >> (n - 1); if (a && a != -1) return value < 0 ? 1 << (n - 1) : (1 << (n - 1)) - 1; return value & ((1 << n) - 1);
