From: Li Chen chenl311@chinatelecom.cn
[ Upstream commit 4051ead99888f101be92c7ce90d2de09aac6fd1c ]
Syzkaller can create many uhid devices that trigger repeated warnings like:
"hid-generic xxxx: unknown main item tag 0x0"
These messages can flood the system log, especially if a crash occurs (e.g., with a slow UART console, leading to soft lockups). To mitigate this, convert `hid_warn()` to use `dev_warn_ratelimited()`.
This helps reduce log noise and improves system stability under fuzzing or faulty device scenarios.
Signed-off-by: Li Chen chenl311@chinatelecom.cn Signed-off-by: Jiri Kosina jkosina@suse.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit should be backported to stable kernel trees for the following reasons:
## Bug Fix for System Stability Issue
This commit addresses a **real system stability problem** that can lead to soft lockups under specific conditions. The code changes show that when malformed HID devices (either intentionally via fuzzing tools like syzkaller or faulty hardware) send invalid data, the kernel can generate excessive warning messages that flood the system log.
## Specific Code Analysis:
1. **Location of the fix** (drivers/hid/hid-core.c:661-663): The warnings are generated in the HID parser's main item processing function when encountering unknown or reserved tags: ```c hid_warn(parser->device, "reserved main item tag 0x%x\n", item->tag); hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag); ```
2. **Simple and contained change**: The fix only: - Adds a new `hid_warn_ratelimited` macro in include/linux/hid.h - Replaces two `hid_warn` calls with `hid_warn_ratelimited` calls - Total change is just 6 lines (4 insertions, 2 modifications)
3. **No architectural changes**: This is a straightforward substitution that uses the existing kernel infrastructure (`dev_warn_ratelimited`) which is already widely used throughout the kernel.
## Meets Stable Kernel Criteria:
1. **Fixes a real bug**: The commit explicitly mentions that excessive logging can cause "soft lockups" especially with slow UART consoles - this is a serious stability issue that affects real users.
2. **Security implications**: The commit mentions syzkaller (kernel fuzzer) can trigger this, and uhid devices can be created by unprivileged users in many configurations, making this a potential DoS vector.
3. **Minimal risk**: Rate-limiting warnings has virtually no risk of regression - it doesn't change any functional behavior, only reduces log output frequency.
4. **Already proven pattern**: Similar rate-limiting fixes have been applied in the HID subsystem before (e.g., commit e93363f716a2 for Nintendo controller) and throughout the kernel for log flooding issues.
5. **Clear reproducibility**: The issue is triggered by malformed HID devices sending invalid item tags, which can happen with faulty hardware or intentional fuzzing.
The commit follows the stable kernel rules perfectly: it's a small, obvious fix for a real problem that improves system stability without introducing new features or making risky changes.
drivers/hid/hid-core.c | 4 ++-- include/linux/hid.h | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index b31b8a2fd540..a110d1965447 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -659,9 +659,9 @@ static int hid_parser_main(struct hid_parser *parser, struct hid_item *item) default: if (item->tag >= HID_MAIN_ITEM_TAG_RESERVED_MIN && item->tag <= HID_MAIN_ITEM_TAG_RESERVED_MAX) - hid_warn(parser->device, "reserved main item tag 0x%x\n", item->tag); + hid_warn_ratelimited(parser->device, "reserved main item tag 0x%x\n", item->tag); else - hid_warn(parser->device, "unknown main item tag 0x%x\n", item->tag); + hid_warn_ratelimited(parser->device, "unknown main item tag 0x%x\n", item->tag); ret = 0; }
diff --git a/include/linux/hid.h b/include/linux/hid.h index 568a9d8c749b..7f260e0e2049 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -1239,6 +1239,8 @@ void hid_quirks_exit(__u16 bus); dev_notice(&(hid)->dev, fmt, ##__VA_ARGS__) #define hid_warn(hid, fmt, ...) \ dev_warn(&(hid)->dev, fmt, ##__VA_ARGS__) +#define hid_warn_ratelimited(hid, fmt, ...) \ + dev_warn_ratelimited(&(hid)->dev, fmt, ##__VA_ARGS__) #define hid_info(hid, fmt, ...) \ dev_info(&(hid)->dev, fmt, ##__VA_ARGS__) #define hid_dbg(hid, fmt, ...) \