| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Apr 2024 19:02:19 +0200 From: Christian Lamparter <chunkeey@...il.com> To: Kalle Valo <kvalo@...nel.org> Cc: Nikita Zhandarovich <n.zhandarovich@...tech.ru>, linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, lvc-project@...uxtesting.org, syzbot+0ae4804973be759fa420@...kaller.appspotmail.com Subject: Re: [PATCH v2] wifi: carl9170: add a proper sanity check for endpoints On 4/26/24 6:58 AM, Kalle Valo wrote: > Christian Lamparter <chunkeey@...il.com> writes: > >> On 4/22/24 8:33 PM, Nikita Zhandarovich wrote: >>> Syzkaller reports [1] hitting a warning which is caused by presence >>> of a wrong endpoint type at the URB sumbitting stage. While there >>> was a check for a specific 4th endpoint, since it can switch types >>> between bulk and interrupt, other endpoints are trusted implicitly. >>> Similar warning is triggered in a couple of other syzbot issues [2]. >>> Fix the issue by doing a comprehensive check of all endpoints >>> taking into account difference between high- and full-speed >>> configuration. >>> This patch has not been tested on real hardware. >> >> Oh, I've tested the original patch on real hardware ;). You can remove that line. > > BTW I can remove that line, no need to resend because of this. > finished testing v2 - it works, no surprise. high-speed: | [ 188.470363] usb 3-14: new high-speed USB device number 4 using xhci_hcd | [ 188.661053] usb 3-14: New USB device found, idVendor=0846, idProduct=9010, bcdDevice= 1.06 | [ 188.661056] usb 3-14: New USB device strings: Mfr=16, Product=32, SerialNumber=48 | [ 188.661058] usb 3-14: Product: USB2.0 WLAN | [ 188.661059] usb 3-14: Manufacturer: ATHER | [ 188.661060] usb 3-14: SerialNumber: 12345 | [ 188.783843] usb 3-14: reset high-speed USB device number 4 using xhci_hcd | [ 188.963408] usb 3-14: driver API: 1.9.9 2016-02-15 [1-1] | [ 188.963412] usb 3-14: firmware API: 1.9.6 2012-07-07 | [ 189.298218] ath: EEPROM regdomain: 0x0 | [ 189.298221] ath: EEPROM indicates default country code should be used | [ 189.298222] ath: doing EEPROM country->regdmn map search | [ 189.298223] ath: country maps to regdmn code: 0x3a | [ 189.298224] ath: Country alpha2 being used: US | [ 189.298225] ath: Regpair used: 0x3a | [ 189.298290] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' | [ 189.301463] usb 3-14: Atheros AR9170 is registered as 'phy2' full-speed: | [ 205.743314] usb 4-2: new full-speed USB device number 3 using ohci-pci | [ 205.990614] usb 4-2: not running at top speed; connect to a high speed hub | [ 206.029618] usb 4-2: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.06 | [ 206.029621] usb 4-2: New USB device strings: Mfr=16, Product=32, SerialNumber=48 | [ 206.029622] usb 4-2: Product: USB2.0 WLAN | [ 206.029623] usb 4-2: Manufacturer: ATHER | [ 206.029624] usb 4-2: SerialNumber: 12345 | [ 206.209969] usb 4-2: reset full-speed USB device number 3 using ohci-pci | [ 206.471776] usb 4-2: driver API: 1.9.9 2016-02-15 [1-1] | [ 206.471779] usb 4-2: firmware API: 1.9.6 2012-07-07 | [ 206.885680] ath: EEPROM regdomain: 0x809c | [ 206.885684] ath: EEPROM indicates we should expect a country code | [ 206.885686] ath: doing EEPROM country->regdmn map search | [ 206.885687] ath: country maps to regdmn code: 0x52 | [ 206.885689] ath: Country alpha2 being used: CN | [ 206.885691] ath: Regpair used: 0x52 | [ 206.885794] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht' | [ 206.888834] input: phy3 WPS Button as /devices/pci0000:00/0000:00:1c.3/0000:05:00.0/0000:06:01.0/usb4/4-2/4-2:1.0/ieee80211/phy3/input17 | [ 206.892694] usb 4-2: Atheros AR9170 is registered as 'phy3' Tested-by: Christian Lamparter <chunkeey@...il.com>
Powered by blists - more mailing lists