lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Apr 2024 19:02:19 +0200
From: Christian Lamparter <chunkeey@...il.com>
To: Kalle Valo <kvalo@...nel.org>
Cc: Nikita Zhandarovich <n.zhandarovich@...tech.ru>,
 linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
 syzkaller-bugs@...glegroups.com, lvc-project@...uxtesting.org,
 syzbot+0ae4804973be759fa420@...kaller.appspotmail.com
Subject: Re: [PATCH v2] wifi: carl9170: add a proper sanity check for
 endpoints

On 4/26/24 6:58 AM, Kalle Valo wrote:
> Christian Lamparter <chunkeey@...il.com> writes:
> 
>> On 4/22/24 8:33 PM, Nikita Zhandarovich wrote:
>>> Syzkaller reports [1] hitting a warning which is caused by presence
>>> of a wrong endpoint type at the URB sumbitting stage. While there
>>> was a check for a specific 4th endpoint, since it can switch types
>>> between bulk and interrupt, other endpoints are trusted implicitly.
>>> Similar warning is triggered in a couple of other syzbot issues [2].
>>> Fix the issue by doing a comprehensive check of all endpoints
>>> taking into account difference between high- and full-speed
>>> configuration.
>>> This patch has not been tested on real hardware.
>>
>> Oh, I've tested the original patch on real hardware ;). You can remove that line.
> 
> BTW I can remove that line, no need to resend because of this.
> 

finished testing v2 - it works, no surprise.

high-speed:
| [  188.470363] usb 3-14: new high-speed USB device number 4 using xhci_hcd
| [  188.661053] usb 3-14: New USB device found, idVendor=0846, idProduct=9010, bcdDevice= 1.06
| [  188.661056] usb 3-14: New USB device strings: Mfr=16, Product=32, SerialNumber=48
| [  188.661058] usb 3-14: Product: USB2.0 WLAN
| [  188.661059] usb 3-14: Manufacturer: ATHER
| [  188.661060] usb 3-14: SerialNumber: 12345
| [  188.783843] usb 3-14: reset high-speed USB device number 4 using xhci_hcd
| [  188.963408] usb 3-14: driver   API: 1.9.9 2016-02-15 [1-1]
| [  188.963412] usb 3-14: firmware API: 1.9.6 2012-07-07
| [  189.298218] ath: EEPROM regdomain: 0x0
| [  189.298221] ath: EEPROM indicates default country code should be used
| [  189.298222] ath: doing EEPROM country->regdmn map search
| [  189.298223] ath: country maps to regdmn code: 0x3a
| [  189.298224] ath: Country alpha2 being used: US
| [  189.298225] ath: Regpair used: 0x3a
| [  189.298290] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht'
| [  189.301463] usb 3-14: Atheros AR9170 is registered as 'phy2'

full-speed:
| [  205.743314] usb 4-2: new full-speed USB device number 3 using ohci-pci
| [  205.990614] usb 4-2: not running at top speed; connect to a high speed hub
| [  206.029618] usb 4-2: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice= 1.06
| [  206.029621] usb 4-2: New USB device strings: Mfr=16, Product=32, SerialNumber=48
| [  206.029622] usb 4-2: Product: USB2.0 WLAN
| [  206.029623] usb 4-2: Manufacturer: ATHER
| [  206.029624] usb 4-2: SerialNumber: 12345
| [  206.209969] usb 4-2: reset full-speed USB device number 3 using ohci-pci
| [  206.471776] usb 4-2: driver   API: 1.9.9 2016-02-15 [1-1]
| [  206.471779] usb 4-2: firmware API: 1.9.6 2012-07-07
| [  206.885680] ath: EEPROM regdomain: 0x809c
| [  206.885684] ath: EEPROM indicates we should expect a country code
| [  206.885686] ath: doing EEPROM country->regdmn map search
| [  206.885687] ath: country maps to regdmn code: 0x52
| [  206.885689] ath: Country alpha2 being used: CN
| [  206.885691] ath: Regpair used: 0x52
| [  206.885794] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
| [  206.888834] input: phy3 WPS Button as /devices/pci0000:00/0000:00:1c.3/0000:05:00.0/0000:06:01.0/usb4/4-2/4-2:1.0/ieee80211/phy3/input17
| [  206.892694] usb 4-2: Atheros AR9170 is registered as 'phy3'


Tested-by: Christian Lamparter <chunkeey@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ