Crash on connecting Xbox One S gamepad to Chrome OS device |
|||||||||||||
Issue descriptionChrome Version: 67.0.3396.99 OS: Chrome Device: Asus Chromebook Model C302C What steps will reproduce the problem? 1. Connect Xbox One S gamepad over USB What is the expected result? Gamepad is connected and usable. What happens instead? Kernel panic when the gamepad is connected. The gamepad ID is "Microsoft Controller (STANDARD GAMEPAD Vendor: 045e Product: 02ea)" which matches the Xbox One S controller when connected over USB.
,
Sep 14
Marking this Bug-Security since this bug describes a kernel panic caused by connecting a USB device.
,
Sep 14
A panic isn't automatically a security bug. Is it panicking on an invalid memory access or just on a failed assertion?
,
Sep 14
I don't have a suitable ChromeOS device to repro this with so I don't know. Looking at the "fix oops" kernel change, it is likely accessing an invalid (null?) memory address. > Xbox One controllers have multiple interfaces which all have the same class, subclass, and protocol. One of the these interfaces has only a single endpoint. When Xpad attempts to bind to this interface, it causes an oops when trying initialize the output URB by trying to access the second endpoint's descriptor.
,
Sep 14
Sorry I'm confused. You're the original reporter, right? So where did you witness this bug?
,
Sep 14
This was reported by a dogfooder in a dogfood mailing list, I filed the bug on their behalf. I can try to track down the dogfooder or find a suitable device if we need more info to triage this. I don't think we need a "cave" device since any Chrome OS device on 3.18 should have this bug (if it's in fact the same bug as the xpad kernel oops).
,
Sep 14
Without a crash report we can't triage this and certainly can't say that this is a security bug.
,
Sep 14
Okay, I'll try to get a repro and upload a crash report.
,
Sep 26
I can reproduce this with my HP Chromebook 14 (chell). The crash ID is 6c9a6f2ba2df7a7e.
,
Sep 26
Issue 803722 has been merged into this issue.
,
Sep 26
Marking this as ready for triage now that we have a crash log for this issue.
,
Sep 27
We don't normally consider crashes security bugs.
,
Sep 27
Reilly, who's a good owner for this?
,
Oct 3
Maybe adlr@ or dtor@? I don't know who owns the gamepad side of input on the Chrome OS kernel team or if there is a specific team that handles backporting drivers.
,
Oct 4
Alright let's send to Andrew for triaging.
,
Oct 10
Removing Blink>GamepadAPI component to get this out of our triage queue. Next action is on the kernel side.
,
Oct 11
,
Oct 14
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/kernel/+/2079cc08eae2eb726860208155cbbedb4e6bf066 commit 2079cc08eae2eb726860208155cbbedb4e6bf066 Author: Cameron Gutman <aicommander@gmail.com> Date: Sun Oct 14 08:09:42 2018 BACKPORT: Input: xpad - fix oops when attaching an unknown Xbox One gamepad Xbox One controllers have multiple interfaces which all have the same class, subclass, and protocol. One of the these interfaces has only a single endpoint. When Xpad attempts to bind to this interface, it causes an oops when trying initialize the output URB by trying to access the second endpoint's descriptor. This situation was avoided for known Xbox One devices by checking the XTYPE constant associated with the VID and PID tuple. However, this breaks when new or previously unknown Xbox One controllers are attached to the system. This change addresses the problem by deriving the XTYPE for Xbox One controllers based on the interface protocol before checking the interface number. Fixes: 1a48ff81b391 ("Input: xpad - add support for Xbox One controllers") Signed-off-by: Cameron Gutman <aicommander@gmail.com> Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Conflicts: drivers/input/joystick/xpad.c - context changes. BUG= chromium:876128 TEST=Build and boot (cherry picked from commit c7f1429389ec1aa25e042bb13451385fbb596f8c) Signed-off-by: Dmitry Torokhov <dtor@chromium.org> Change-Id: Id780efd3d7bb392d4b00d37dbcf48f4f7afe5954 Reviewed-on: https://chromium-review.googlesource.com/1279332 Reviewed-by: Guenter Roeck <groeck@chromium.org> [modify] https://crrev.com/2079cc08eae2eb726860208155cbbedb4e6bf066/drivers/input/joystick/xpad.c
,
Oct 15
Kernels 3.14 and older are unaffected and 4.4+ got the fix through stable merges.
,
Nov 30
|
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by mattreynolds@chromium.org
, Aug 20