lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <s5h8ssfvj20.wl-tiwai@suse.de>
Date:   Tue, 30 Jul 2019 13:49:27 +0200
From:   Takashi Iwai <tiwai@...e.de>
To:     Hillf Danton <hdanton@...a.com>
Cc:     "alsa-devel@...a-project.org" <alsa-devel@...a-project.org>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
        "syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        syzbot <syzbot+d59c4387bfb6eced94e2@...kaller.appspotmail.com>
Subject: Re: [alsa-devel] [PATCH] ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check

On Tue, 30 Jul 2019 13:28:56 +0200,
Hillf Danton wrote:
> 
> 
> On Tue, 30 Jul 2019 18:08:02 +0800 Takashi Iwai wrote:
> >
> > You don't have to copy the whole these texts at all.
> > In general, it'd suffice to point out the dashboard URL, and if the
> > stack trace is mandatory, drop the useless hex numbers and just show
> > the significant part of the stack trace.
> >
> I am used to give readers as much info as appropriate, and learning that
> an URL is enough in cases like this one. I will send you the pruned
> version next time.

That's fine, I already edited the commit message in my side.

> > > It was introduced in commit 801ebf1043ae for checking pipe and endpoint
> > > types. It is fixed by adding a check of the ep pointer in question.
> > >
> > > Reported-by: syzbot <syzbot+d59c4387bfb6eced94e2@...kaller.appspotmail.com>
> > > Fixes: commit 801ebf1043ae ("ALSA: usb-audio: Sanity checks for each pipe and EP types")
> >
> > Drop "commit" word.
> >
> Yes, Sir.
> 
> > > Cc: Andrey Konovalov <andreyknvl@...gle.com>
> > > Signed-off-by: Hillf Danton <dhanton@...a.com>
> > > ---
> There is a typo, s/dhanton/hdanton/, as you pointed out in another mail.

Good, also corrected.

> > > This is to make syzbot happy for now and in long run we can make
> > > snd_usb_pipe_sanity_check() available outside sound/usb by making
> > > usb_urb_ep_type_check() a wrapper of the former. We will revisit
> > > sound/usb once when things in the usb/core get in place.
> >
> > Actually I expected to apply the "long-term" fix now.
> 
> There is change in usb/core included in that fix as you see, and
> according to the rule, one fix a patch, it is better and simpler
> IMO to fix the sound part first.

Yeah, that's a right approach, too.

What I expected was a patch series, containing two changes: one to
add/modify the USB core helper and another to apply it for usb-audio.
But it's fine to move that direction after addressing the usb-audio
problem quickly, of course.

> > The same kind
> > of fix was already submitted from me (<s5hlfwn376e.wl-tiwai@...e.de>),
> > but I didn't merge it because working on the usb core helper would be
> > a saner solution.
> >
> Feel free to merge that, Sir.

Heh, you did it right, so let's merge yours now.

Thanks!


Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ