lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20201201145053.GA1005384@rowland.harvard.edu>
Date:   Tue, 1 Dec 2020 09:50:53 -0500
From:   Alan Stern <stern@...land.harvard.edu>
To:     Greg KH <gregkh@...uxfoundation.org>
Cc:     Hillf Danton <hdanton@...a.com>,
        syzbot <syzbot+dbec6695a6565a9c6bc0@...kaller.appspotmail.com>,
        eli.billauer@...il.com, gustavoars@...nel.org,
        ingrassia@...genesys.com, linux-kernel@...r.kernel.org,
        linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com,
        tiwai@...e.de
Subject: Re: WARNING in port100_send_frame_async/usb_submit_urb

On Tue, Dec 01, 2020 at 10:59:06AM +0100, Greg KH wrote:
> On Tue, Dec 01, 2020 at 05:47:02PM +0800, Hillf Danton wrote:
> > On Tue, 01 Dec 2020 01:21:27 -0800
> > > syzbot found the following issue on:
> > > 
> > > HEAD commit:    c84e1efa Merge tag 'asm-generic-fixes-5.10-2' of git://git..
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=14a98565500000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=7be70951fca93701
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=dbec6695a6565a9c6bc0
> > > compiler:       clang version 11.0.0 (https://github.com/llvm/llvm-project.git ca2dcbd030eadbf0aa9b660efe864ff08af6e18b)
> > > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=17c607f1500000
> > > 
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+dbec6695a6565a9c6bc0@...kaller.appspotmail.com
> > > 
> > > usb 1-1: string descriptor 0 read error: -32
> > > ------------[ cut here ]------------
> > > URB 000000005c26bc1e submitted while active

> > Clear urb before putting it in use.
> > 
> > --- a/drivers/nfc/port100.c
> > +++ b/drivers/nfc/port100.c
> > @@ -1525,7 +1525,7 @@ static int port100_probe(struct usb_inte
> >  	}
> >  
> >  	dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
> > -	dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
> > +	dev->out_urb = usb_alloc_urb(0, GFP_KERNEL | __GFP_ZERO);
> >  
> >  	if (!dev->in_urb || !dev->out_urb) {
> >  		nfc_err(&interface->dev, "Could not allocate USB URBs\n");
> 
> How does this solve a warning in the USB core about a string descriptor
> error?

Greg, you misread the bug report.  The problem wasn't the string 
descriptor read error; it was URB submitted while active.

More to the point, adding __GFP_ZERO to the usb_alloc_urb call won't fix 
anything, because usb_alloc_urb calls usb_init_urb, which already does a 
memset.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ