| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Feb 2020 14:39:23 -0500 (EST)
From: Alan Stern <stern@...land.harvard.edu>
To: Eugeniu Rosca <erosca@...adit-jv.com>
cc: linux-usb@...r.kernel.org, <linux-renesas-soc@...r.kernel.org>,
<linux-kernel@...r.kernel.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Thinh Nguyen <Thinh.Nguyen@...opsys.com>,
"Lee, Chiasheng" <chiasheng.lee@...el.com>,
Mathieu Malaterre <malat@...ian.org>,
Kai-Heng Feng <kai.heng.feng@...onical.com>,
Hardik Gajjar <hgajjar@...adit-jv.com>,
<scan-admin@...erity.com>, Eugeniu Rosca <roscaeugeniu@...il.com>
Subject: Re: [PATCH] usb: hub: Fix unhandled return value of usb_autopm_get_interface()
On Tue, 25 Feb 2020, Eugeniu Rosca wrote:
> Hi Alan,
>
> Many thanks for the prompt review.
>
> On Tue, Feb 25, 2020 at 10:32:32AM -0500, Alan Stern wrote:
> > On Tue, 25 Feb 2020, Eugeniu Rosca wrote:
> > > + int r = usb_autopm_get_interface(intf);
> > > +
> > > + if (!r)
> > > + hub->quirk_disable_autosuspend = 1;
> > > + else
> > > + dev_dbg(&intf->dev, "disable autosuspend err=%d\n", r);
> > > }
> > >
> > > if (hub_configure(hub, &desc->endpoint[0].desc) >= 0)
> >
> > This change is not necessary, because the resume operation cannot fail
> > at this point (interfaces are always powered-up during probe).
>
> Agreed to avoid unneeded complexity.
>
> > A better solution would be to call usb_autpm_get_interface_no_resume()
> > instead.
>
> Pushed to https://lore.kernel.org/lkml/20200225183057.31953-1-erosca@de.adit-jv.com
>
> >
> > On the other hand, the other places that call
> > usb_autopm_get_interface() without checking should be audited. Some of
> > them almost certainly need to be fixed.
>
> A quick 'git grep' outputs below list of auditable candidates [1].
>
> With no relevant devices at hand, I would avoid touching these drivers,
> since oftentimes even legitimate patches introduce regressions w/o
> testing.
>
> If anybody volunteers with testing, I guess it should be quick to
> either convert usb_autpm_get_interface to *_no_resume variant or
> handle the return value in place in below instances.
>
> [1] (v5.6-rc3) git grep -En "[^=]\s+usb_autopm_get_interface\("
> drivers/input/touchscreen/usbtouchscreen.c:1788: usb_autopm_get_interface(intf);
> drivers/media/usb/stkwebcam/stk-webcam.c:628: usb_autopm_get_interface(dev->interface);
> drivers/net/usb/hso.c:1308: usb_autopm_get_interface(serial->parent->interface);
> drivers/net/usb/r8152.c:5231: usb_autopm_get_interface(tp->intf);
> sound/usb/usx2y/us122l.c:192: usb_autopm_get_interface(iface);
Your regular expression isn't right because it doesn't match lines
where the usb_autopm_get_interface() is preceded only by one whitespace
character (i.e., a tab). It also will match lines where there are two
space characters between the = sign and the function name. I think
what you want is more like "(^|[^=[:space:]])\s*" at the start of the
RE.
A revised search finds line 997 in drivers/usb/core/hub.c and lines
216, 269 in drivers/usb/core/port.c. (I didn't try looking in any
other directories.) AFAICT all three of these should check the return
value, although a error message in the kernel log probably isn't
needed.
Do you want to fix those instances up also, maybe merging them in with
the existing patch?
Alan Stern
Powered by blists - more mailing lists