| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YJ4dU3yCwd2wMq5f@kroah.com>
Date: Fri, 14 May 2021 08:48:51 +0200
From: Greg KH <greg@...ah.com>
To: Hayes Wang <hayeswang@...ltek.com>
Cc: Alan Stern <stern@...land.harvard.edu>,
syzbot <syzbot+95afd23673f5dd295c57@...kaller.appspotmail.com>,
"davem@...emloft.net" <davem@...emloft.net>,
"kuba@...nel.org" <kuba@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"syzkaller-bugs@...glegroups.com" <syzkaller-bugs@...glegroups.com>,
nic_swsd <nic_swsd@...ltek.com>
Subject: Re: [syzbot] WARNING in rtl8152_probe
On Fri, May 14, 2021 at 02:58:00AM +0000, Hayes Wang wrote:
> Alan Stern <stern@...land.harvard.edu>
> > Sent: Thursday, May 13, 2021 10:26 PM
> [...]
> > Syzbot doesn't test real devices. It tests emulations, and the emulated
> > devices usually behave very strangely and in very peculiar and
> > unexpected ways, so as to trigger bugs in the kernel. That's why the
> > USB devices you see in syzbot logs usually have bizarre descriptors.
>
> Do you mean I have to debug for a device which doesn't exist?
> I don't understand why I must consider a fake device
> which provide unexpected USB descriptor deliberately?
Because people can create "bad" devices and plug them into a system
which causes the driver to load and then potentially crash the system or
do other bad things.
USB drivers now need to be able to handle "malicious" devices, it's been
that way for many years now.
thanks,
greg k-h
Powered by blists - more mailing lists