| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Aug 2022 14:58:31 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Rondreis <linhaoguo86@...il.com>
Cc: balbi@...nel.org, linux-usb@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: linux version v5.18 warn in alloc_ep_req
On Wed, Aug 10, 2022 at 08:53:43PM +0800, Rondreis wrote:
> Hello,
>
> When fuzzing the Linux kernel driver v5.18.0, the following crash was triggered.
Your report below says 5.19-rc4, not 5.18.0.
> HEAD commit: 4b0986a3613c92f4ec1bdc7f60ec66fea135991f (HEAD, tag: v5.18)
> git tree: upstream
>
> kernel config: https://pastebin.com/KecL2gaG
> C reproducer: https://pastebin.com/sh8uUVpV
> console output: https://pastebin.com/yV0hwZSi
>
> Basically, in the c reproducer, we use the gadget module to emulate
> the process of attaching a usb device (vendor id: 0x13d3, product
> id:0x3333, with function: midi).
> To reproduce this crash, we utilize a third-party library to emulate
> the attaching process: https://github.com/linux-usb-gadgets/libusbgx.
> Just clone this repository, make install it, and compile the c
> reproducer with ``` gcc crash.c -lusbgx -o crash ``` will do the
> trick.
>
> It seems that when calling a pre-allocate write usb requests to use on
> f_midi_transmit, kernel will eventually call alloc_ep_req function,
> and a failed kmalloc allocation on the buffer filed within use_request
> struct will cause this error happen.
Great, now that you have a reproducer and a way to trigger it, can you
send a patch to fix the issue as well?
thanks,
greg k-h
Powered by blists - more mailing lists