lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20171110183408.4fc19913.john@metanate.com>
Date:   Fri, 10 Nov 2017 18:34:08 +0000
From:   John Keeping <john@...anate.com>
To:     Felipe Balbi <balbi@...nel.org>
Cc:     linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Vincent Pelletier <plr.vincent@...il.com>,
        Jim Lin <jilin@...dia.com>,
        Janusz Dziedzic <januszx.dziedzic@...ux.intel.com>,
        stable@...r.kernel.org
Subject: Re: [PATCH] usb: f_fs: Drop check on Reserved1 field on
 OS_DESC_EXT_COMPAT

On Fri, 10 Nov 2017 12:40:39 +0200, Felipe Balbi wrote:

> John Keeping <john@...anate.com> writes:
> > This check has gone through several incompatible variations in commits
> > 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of
> > OS_DESC_EXT_COMPAT"), 354bc45bf329 ("usb: gadget: f_fs: Fix ExtCompat
> > descriptor validation") and 3ba534df815f ("Revert "usb: gadget: f_fs:
> > Fix ExtCompat descriptor validation"") after initially being introduced
> > in commit f0175ab51993 ("usb: gadget: f_fs: OS descriptors support").
> >
> > The various changes make it impossible for a single userspace
> > implementation to work with different kernel versions, so let's just
> > drop the condition to avoid breaking userspace.
> >
> > Fixes: 53642399aa71 ("usb: gadget: f_fs: Fix wrong check on reserved1 of OS_DESC_EXT_COMPAT")
> > Cc: stable@...r.kernel.org # v4.7+
> > Signed-off-by: John Keeping <john@...anate.com>
> > ---
> >  drivers/usb/gadget/function/f_fs.c | 3 +--
> >  1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
> > index 652397eda6d6..0d9962834345 100644
> > --- a/drivers/usb/gadget/function/f_fs.c
> > +++ b/drivers/usb/gadget/function/f_fs.c
> > @@ -2282,8 +2282,7 @@ static int __ffs_data_do_os_desc(enum ffs_os_desc_type type,
> >  		int i;
> >  
> >  		if (len < sizeof(*d) ||
> > -		    d->bFirstInterfaceNumber >= ffs->interfaces_count ||
> > -		    !d->Reserved1)
> > +		    d->bFirstInterfaceNumber >= ffs->interfaces_count)
> >  			return -EINVAL;
> >  		for (i = 0; i < ARRAY_SIZE(d->Reserved2); ++i)
> >  			if (d->Reserved2[i])  
> 
> Sorry, but no. We want to be compliant with the specification. If there
> are older still-maintained stable trees which are not working, we need
> to backport a fix to them, but we're not allowing uncompliant
> implementations.

Aren't we allowing non-compliant implementations now?  The spec says the
value must be 1 but since v4.7 this code has allowed all non-zero
values.

At this point I don't think the kernel can disallow any values of
Reserved1 without breaking someone's userspace.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ