lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <66a886aa-4b3d-421d-a229-8bb400c6fc8b@rowland.harvard.edu>
Date:   Thu, 8 Jun 2023 11:27:08 -0400
From:   Alan Stern <stern@...land.harvard.edu>
To:     Badhri Jagan Sridharan <badhri@...gle.com>
Cc:     gregkh@...uxfoundation.org, colin.i.king@...il.com,
        xuetao09@...wei.com, quic_eserrao@...cinc.com,
        water.zhangjiantao@...wei.com, francesco@...cini.it,
        alistair@...stair23.me, stephan@...hold.net, bagasdotme@...il.com,
        luca@...tu.xyz, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v6 2/2] usb: gadget: udc: core: Prevent
 soft_connect_store() race

On Wed, Jun 07, 2023 at 10:17:04PM -0700, Badhri Jagan Sridharan wrote:
> On Wed, Jun 7, 2023 at 11:26 AM Alan Stern <stern@...land.harvard.edu>
> wrote:
> > > @@ -756,10 +772,12 @@ int usb_gadget_disconnect(struct usb_gadget
> > *gadget)
> > >       if (!gadget->connected)
> > >               goto out;
> > >
> > > -     if (gadget->deactivated) {
> > > +     if (gadget->deactivated || !gadget->udc->started) {
> >
> > Do you really need to add this extra test?  After all, if the gadget
> > isn't started then how could the previous test of gadget->connected
> > possibly succeed?
> >
> > In fact, I suspect this entire section of code was always useless, since
> > the gadget couldn't be connected now if it was already deactivated.
> >
> 
> Thanks Alan ! Will fix all other comments in v7 but not sure about this one.
> Although the ->pullup() function will not be called,
> -> connected flag could actually be set when the gadget is not started.
> 
> - if (gadget->deactivated || !gadget->udc->allow_connect) {
> + if (gadget->deactivated || !gadget->udc->allow_connect ||
> !gadget->udc->started) {
>   /*
>   * If gadget is deactivated we only save new state.
>   * Gadget will be connected automatically after activation.
> + *
> + * udc first needs to be started before gadget can be pulled up.
>   */
>   gadget->connected = true;
> 
> This could happen, for instance, when  usb_udc_vbus_handler()  is invoked
> after soft_connect_store() disconnects the gadget.
> Same applies to when usb_gadget_connect() is called after the gadget has
> been deactivated through usb_gadget_deactivate().
> 
> This implies that the checks should be there, right ?

Yes, you're right; the checks do need to be there.  I had forgotten
about these possible cases.  Ignore that comment.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ