lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2016 16:48:35 -0500 (EST)
From:   Alan Stern <stern@...land.harvard.edu>
To:     Dmitry Vyukov <dvyukov@...gle.com>
cc:     Andrey Konovalov <andreyknvl@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        USB list <linux-usb@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Kostya Serebryany <kcc@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: usb/core: warning in usb_create_ep_devs/sysfs_create_dir_ns

On Mon, 12 Dec 2016, Dmitry Vyukov wrote:

> On Mon, Dec 12, 2016 at 10:05 PM, Alan Stern <stern@...land.harvard.edu> wrote:
> > On Mon, 12 Dec 2016, Andrey Konovalov wrote:
> >
> >> Hi!
> >>
> >> While running the syzkaller fuzzer I've got the following error report.
> >>
> >> On commit 3c49de52d5647cda8b42c4255cf8a29d1e22eff5 (Dev 2).
> >>
> >> WARNING: CPU: 2 PID: 865 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x8a/0xa0
> >> gadgetfs: disconnected
> >> sysfs: cannot create duplicate filename
> >> '/devices/platform/dummy_hcd.0/usb2/2-1/2-1:64.0/ep_05'
> >> Kernel panic - not syncing: panic_on_warn set ...
> >
> > I suppose we could check for USB devices that claim to have two
> > endpoints with the same address.  But is it really worthwhile?  A
> > kernel warning isn't so bad when you're dealing with buggy device
> > firmware.
> 
> We need a clear distinction between what is a bug in kernel source
> code and what is incorrect user-space code. Otherwise no automated
> testing is possible. WARNING means bug in kernel source code.

I don't necessarily agree with that.  Is it documented anywhere?

>  If it is
> not a bug in kernel source code, then it must not produce a WARNING.

Granting this point for the sake of argument...

> If it's a condition that we absolutely need to make user-space aware
> of, then we can print a single line with an explanation to console
> (but not prefixed with "WARNING:" nor "BUG:").

Then does the warning message in sysfs_warn_dup() need to be changed to 
some other severity level?

Or is it truly a bug for the kernel to try to register two devices with 
the same name?  (In this case, two endpoints with the same address, 
where the addresses are specified by the firmware on the USB device.)

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ