lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 12 Dec 2016 22:49:52 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Dmitry Vyukov <dvyukov@...gle.com>
Cc:     Alan Stern <stern@...land.harvard.edu>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        USB list <linux-usb@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Kostya Serebryany <kcc@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: Re: usb/core: warning in usb_create_ep_devs/sysfs_create_dir_ns

On Mon, Dec 12, 2016 at 10:16:50PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 12, 2016 at 10:05 PM, Alan Stern <stern@...land.harvard.edu> wrote:
> > On Mon, 12 Dec 2016, Andrey Konovalov wrote:
> >
> >> Hi!
> >>
> >> While running the syzkaller fuzzer I've got the following error report.
> >>
> >> On commit 3c49de52d5647cda8b42c4255cf8a29d1e22eff5 (Dev 2).
> >>
> >> WARNING: CPU: 2 PID: 865 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x8a/0xa0
> >> gadgetfs: disconnected
> >> sysfs: cannot create duplicate filename
> >> '/devices/platform/dummy_hcd.0/usb2/2-1/2-1:64.0/ep_05'
> >> Kernel panic - not syncing: panic_on_warn set ...
> >
> > I suppose we could check for USB devices that claim to have two
> > endpoints with the same address.  But is it really worthwhile?  A
> > kernel warning isn't so bad when you're dealing with buggy device
> > firmware.
> 
> We need a clear distinction between what is a bug in kernel source
> code and what is incorrect user-space code. Otherwise no automated
> testing is possible. WARNING means bug in kernel source code. If it is
> not a bug in kernel source code, then it must not produce a WARNING.
> If it's a condition that we absolutely need to make user-space aware
> of, then we can print a single line with an explanation to console
> (but not prefixed with "WARNING:" nor "BUG:").

Ok, this is a "bug" in kernel code so the core is telling the higher
layer that something went really wrong in that a duplicate sysfs file
was created.  So this code is working properly.

And yes, this is a totally bogus "fake hardware" being fuzzed on the
kernel.  It complained that something was really wrong, which is fine,
it didn't crash or do anything else bad, correct?  If so, all is good,
as this is not something you will ever see with a "real" device.  And
even if you make a malicious device, all you will do is have the kernel
spit out some ugly messages, which I do not think is any form of attack
vector, correct?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ