lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87o6zo5wco.wl-tiwai@suse.de>
Date: Thu, 30 Jan 2025 13:17:59 +0100
From: Takashi Iwai <tiwai@...e.de>
To: John Keeping <jkeeping@...usicbrands.com>
Cc: Takashi Iwai <tiwai@...e.de>,
	linux-usb@...r.kernel.org,
	stable@...r.kernel.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Kees Cook <kees@...nel.org>,
	Abdul Rahim <abdul.rahim@...ahoo.com>,
	Michael Grzeschik <m.grzeschik@...gutronix.de>,
	Jeff Johnson <quic_jjohnson@...cinc.com>,
	Felipe Balbi <balbi@...com>,
	Daniel Mack <zonque@...il.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] usb: gadget: f_midi: fix MIDI Streaming descriptor lengths

On Thu, 30 Jan 2025 11:59:05 +0100,
John Keeping wrote:
> 
> On Thu, Jan 30, 2025 at 11:50:07AM +0100, Takashi Iwai wrote:
> > On Wed, 29 Jan 2025 18:31:35 +0100,
> > John Keeping wrote:
> > > 
> > > On Wed, Jan 29, 2025 at 05:40:04PM +0100, Takashi Iwai wrote:
> > > > On Wed, 29 Jan 2025 17:05:19 +0100,
> > > > John Keeping wrote:
> > > > > 
> > > > > In the two loops before setting the MIDIStreaming descriptors,
> > > > > ms_in_desc.baAssocJackID[] has entries written for "in_ports" values and
> > > > > ms_out_desc.baAssocJackID[] has entries written for "out_ports" values.
> > > > > But the counts and lengths are set the other way round in the
> > > > > descriptors.
> > > > > 
> > > > > Fix the descriptors so that the bNumEmbMIDIJack values and the
> > > > > descriptor lengths match the number of entries populated in the trailing
> > > > > arrays.
> > > > 
> > > > Are you sure that it's a correct change?
> > > > 
> > > > IIUC, the in_ports and out_ports parameters are for external IN and
> > > > OUT jacks, where an external OUT jack is connected to an embedded IN
> > > > jack, and an external IN jack is connected to an embedded OUT jack.
> > > 
> > > I think it depends how the in_ports and out_ports values in configfs are
> > > interpreted.  However, the case where in_ports != out_ports has been
> > > broken since these files were added!
> > > 
> > > Without this change, setting in_ports=4 out_ports=2 we end up with:
> > > 
> > >       Endpoint Descriptor:
> > >         [...]
> > >         bEndpointAddress     0x01  EP 1 OUT
> > >         [...]
> > >         MIDIStreaming Endpoint Descriptor:
> > >           bLength                 8
> > >           bDescriptorType        37
> > >           bDescriptorSubtype      1 (Invalid)
> > >           bNumEmbMIDIJack         4
> > >           baAssocJackID( 0)       9
> > >           baAssocJackID( 1)      11
> > >           baAssocJackID( 2)       9
> > >           baAssocJackID( 3)       0
> > >       Endpoint Descriptor:
> > >         [...]
> > >         bEndpointAddress     0x81  EP 1 IN
> > >         [...]
> > >         MIDIStreaming Endpoint Descriptor:
> > >           bLength                 6
> > >           bDescriptorType        37
> > >           bDescriptorSubtype      1 (Invalid)
> > >           bNumEmbMIDIJack         2
> > >           baAssocJackID( 0)       2
> > >           baAssocJackID( 1)       4
> > > 
> > > Note that baAssocJackID values 2 and 3 on the OUT endpoint are wrong.
> > > 
> > > From the same config, the jack definitions are:
> > > 
> > > 	1:  IN  External
> > > 	2:  OUT Embedded, source 1
> > > 	3:  IN  External
> > > 	4:  OUT Embedded, source 3
> > > 	5:  IN  External
> > > 	6:  OUT Embedded, source 5
> > > 	7:  IN  External
> > > 	8:  OUT Embedded, source 7
> > > 
> > > 	9:  IN  Embedded
> > > 	10: OUT External, source 9
> > > 	11: IN  Embedded
> > > 	12: OUT External, source 11
> > > 
> > > So it seems that the first 2 entries in each endpoint list are correct.
> > > For the OUT endpoint, jacks 9 and 11 are embedded IN jacks and for the
> > > IN endpoint, jacks 2 and 4 are embedded OUT jacks.
> > > 
> > > The problem is that the OUT endpoint lists two extra invalid jack IDs
> > > and the IN endpoint should list jacks 6 and 8 but does not.
> > > 
> > > After applying this patch, the endpoint descriptors for the same config
> > > are:
> > > 
> > >       Endpoint Descriptor:
> > >         [...]
> > >         bEndpointAddress     0x01  EP 1 OUT
> > >         [...]
> > >         MIDIStreaming Endpoint Descriptor:
> > >           bLength                 6
> > >           bDescriptorType        37
> > >           bDescriptorSubtype      1 (Invalid)
> > >           bNumEmbMIDIJack         2
> > >           baAssocJackID( 0)       9
> > >           baAssocJackID( 1)      11
> > >       Endpoint Descriptor:
> > >         [...]
> > >         bEndpointAddress     0x81  EP 1 IN
> > >         [...]
> > >         MIDIStreaming Endpoint Descriptor:
> > >           bLength                 8
> > >           bDescriptorType        37
> > >           bDescriptorSubtype      1 (Invalid)
> > >           bNumEmbMIDIJack         4
> > >           baAssocJackID( 0)       2
> > >           baAssocJackID( 1)       4
> > >           baAssocJackID( 2)       6
> > >           baAssocJackID( 3)       8
> > > 
> > > Which lists all the jack IDs where they should be.
> > 
> > Hmm, I don't get your point.  The embedded IN is paired with the
> > external OUT.  That's the intended behavior, no?
> 
> Yes, all the endpoint assignments are correct - when they appear in the
> lists!
> 
> The issue is setting bNumEmbMIDIJack and bLength in the MIDIStreaming
> Endpoint Descriptors.  Without this patch these are set the wrong way
> round so either some ports do not appear or there are bogus entries
> containing uninitialized stack memory.

OK, now point taken.  The main problem here is the definition of
in_port and out_ports aren't really clear.  If in_ports really
corresponds to external IN jacks, then we may correct rather like:

--- a/drivers/usb/gadget/function/f_midi.c
+++ b/drivers/usb/gadget/function/f_midi.c
@@ -968,7 +968,7 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f)
 		midi_function[i++] = (struct usb_descriptor_header *) out_emb;
 
 		/* link it to the endpoint */
-		ms_in_desc.baAssocJackID[n] = out_emb->bJackID;
+		ms_out_desc.baAssocJackID[n] = out_emb->bJackID;
 	}
 
 	/* configure the external OUT jacks, each linked to an embedded IN jack */
@@ -996,7 +996,7 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f)
 		midi_function[i++] = (struct usb_descriptor_header *) out_ext;
 
 		/* link it to the endpoint */
-		ms_out_desc.baAssocJackID[n] = in_emb->bJackID;
+		ms_in_desc.baAssocJackID[n] = in_emb->bJackID;
 	}
 
 	/* configure the endpoint descriptors ... */

OTOH, the current code will make the actual appearance other way
round, likely more confusing.  So I believe your fix makes sense.

But it'd be helpful to extend the description a bit more to clarify
this confusion.  I guess this confusion came from the association
between the embedded and external jacks, and the patch corrects it.


thanks,

Takashi

> 
> 
> 
> Regards,
> John
> 
> > > > > Cc: stable@...r.kernel.org
> > > > > Fixes: c8933c3f79568 ("USB: gadget: f_midi: allow a dynamic number of input and output ports")
> > > > > Signed-off-by: John Keeping <jkeeping@...usicbrands.com>
> > > > > ---
> > > > >  drivers/usb/gadget/function/f_midi.c | 8 ++++----
> > > > >  1 file changed, 4 insertions(+), 4 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/usb/gadget/function/f_midi.c b/drivers/usb/gadget/function/f_midi.c
> > > > > index 837fcdfa3840f..6cc3d86cb4774 100644
> > > > > --- a/drivers/usb/gadget/function/f_midi.c
> > > > > +++ b/drivers/usb/gadget/function/f_midi.c
> > > > > @@ -1000,11 +1000,11 @@ static int f_midi_bind(struct usb_configuration *c, struct usb_function *f)
> > > > >  	}
> > > > >  
> > > > >  	/* configure the endpoint descriptors ... */
> > > > > -	ms_out_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->in_ports);
> > > > > -	ms_out_desc.bNumEmbMIDIJack = midi->in_ports;
> > > > > +	ms_out_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->out_ports);
> > > > > +	ms_out_desc.bNumEmbMIDIJack = midi->out_ports;
> > > > >  
> > > > > -	ms_in_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->out_ports);
> > > > > -	ms_in_desc.bNumEmbMIDIJack = midi->out_ports;
> > > > > +	ms_in_desc.bLength = USB_DT_MS_ENDPOINT_SIZE(midi->in_ports);
> > > > > +	ms_in_desc.bNumEmbMIDIJack = midi->in_ports;
> > > > >  
> > > > >  	/* ... and add them to the list */
> > > > >  	endpoint_descriptor_index = i;
> > > > > -- 
> > > > > 2.48.1
> > > > > 
> > > > > 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ