lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 16 Sep 2019 15:48:23 -0400 (EDT)
From:   Alan Stern <stern@...land.harvard.edu>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc:     Andrey Konovalov <andreyknvl@...gle.com>,
        syzbot <syzbot+b24d736f18a1541ad550@...kaller.appspotmail.com>,
        Felipe Balbi <balbi@...nel.org>, <chunfeng.yun@...iatek.com>,
        LKML <linux-kernel@...r.kernel.org>,
        USB list <linux-usb@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: INFO: rcu detected stall in dummy_timer

On Mon, 16 Sep 2019, Greg Kroah-Hartman wrote:

> On Mon, Sep 16, 2019 at 12:32:52PM -0400, Alan Stern wrote:

> > Retry-limiting is not the sort of thing we want to add to each
> > individual USB class driver.  Maybe it can be handled in the USB core;  
> > I'll try to write some code for it.  Under normal circumstances the
> > issue just doesn't arise, because normal devices aren't malicious.
> 
> I think this issue came up years ago when people realized they could
> "abuse" this through usbfs, but maybe I am mistaken.
> 
> The "do we retry or not" is an old discussion, and one I think we just
> said, "if it errors out, we will not retry as something is wrong with
> the device".

Really?  I bet there are plenty of drivers whose interrupt-URB (or
whatever) completion handlers just log an error message and blindly
resubmit when they get an unexpected kind of error.

>  Corrupted packets don't seem to be something that is even
> noticable in the "real world".  When lots of noise happens on a system
> that might cause this, usually the hub just disconnects the device and
> resets it.

I recall hearing from someone (many years ago -- the technology has
certainly improved since then) about a device that would start getting
errors whenever a noisy fluorescent light near the computer was
switched on.  :-)  But yes, this sort of thing is very uncommon.

So do you recommend editing drivers to prevent them from resubmitting
URBs whenever they get an unrecognized error, such as -EPROTO, -EILSEQ,
or -ETIME?  Then the driver would most likely stop working when one 
of these errors happens.

Alternatively, the USB core could keep track of these three kinds of
bus errors for all endpoints and fail submissions when the error count
gets too high.  That would end up having the same effect -- drivers
would stop working -- but it might be a little more robust against
noise and it wouldn't require editing lots of drivers.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ