lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240819101358.77aea582@foz.lan>
Date: Mon, 19 Aug 2024 10:15:11 +0200
From: Mauro Carvalho Chehab <mchehab+huawei@...nel.org>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: Alan Stern <stern@...land.harvard.edu>, Mauro Carvalho Chehab
 <mchehab@...nel.org>, syzbot
 <syzbot+85e3ddbf0ddbfbc85f1e@...kaller.appspotmail.com>,
 linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
 linux-usb@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] media/usb/siano: Fix endpoint type checking in smsusb

Em Mon, 19 Aug 2024 05:11:47 +0200
Greg KH <gregkh@...uxfoundation.org> escreveu:

> On Sun, Aug 18, 2024 at 02:20:44PM -0400, Alan Stern wrote:
> > Greg and Mauro:
> > 
> > Was this patch ever applied?  It doesn't appear in the current -rc 
> > kernel.  Was there some confusion about which tree it should be merged 
> > through?
> > 
> > Here's a link to the original submission:
> > 
> > https://lore.kernel.org/all/51b854da-f031-4a25-a19f-dac442d7bee2@rowland.harvard.edu/  
> 
> I never took it as it was touching a file that I'm not the maintainer
> of.  But I will be glad to do so if Mauro doesn't want to take it
> through his tree, just let me know.

This patch is duplicated of this one:

https://patchwork.linuxtv.org/project/linux-media/patch/20240409143634.33230-1-n.zhandarovich@fintech.ru/

The part I didn't like with such approach is that it checks only for
bulk endpoints. Most media devices have also isoc. Now, I'm not sure
about Siano devices. There are 3 different major chipsets supported
by this driver (sm1000, sm11xx, sm2xxx). Among them, sm1000 has one
USB ID for cold boot, and, once firmware is loaded, it gains another
USB ID for a a warm boot.

Your patch and the previously submitted one are not only checking
for the direction, but it is also discarding isoc endpoints.
Applying a change like that without testing with real hardware of
those three types just to make fuzz testing happy, sounded a little 
bit risky to my taste.

I would be more willing to pick it if the check would either be
tested on real hardware or if the logic would be changed to
accept either bulk or isoc endpoints, just like the current code.

Thanks,
Mauro

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ