All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Alan Stern <stern@rowland.harvard.edu>,
	Andrey Konovalov <andreyknvl@google.com>,
	USB list <linux-usb@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Kostya Serebryany <kcc@google.com>,
	syzkaller <syzkaller@googlegroups.com>
Subject: Re: usb/core: warning in usb_create_ep_devs/sysfs_create_dir_ns
Date: Mon, 12 Dec 2016 22:49:52 +0100	[thread overview]
Message-ID: <20161212214952.GA25298@kroah.com> (raw)
In-Reply-To: <CACT4Y+bodrFawmKJVGa5bzXZ=VmCL-MF5=ewjBADieByTaqTbQ@mail.gmail.com>

On Mon, Dec 12, 2016 at 10:16:50PM +0100, Dmitry Vyukov wrote:
> On Mon, Dec 12, 2016 at 10:05 PM, Alan Stern <stern@rowland.harvard.edu> wrote:
> > On Mon, 12 Dec 2016, Andrey Konovalov wrote:
> >
> >> Hi!
> >>
> >> While running the syzkaller fuzzer I've got the following error report.
> >>
> >> On commit 3c49de52d5647cda8b42c4255cf8a29d1e22eff5 (Dev 2).
> >>
> >> WARNING: CPU: 2 PID: 865 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x8a/0xa0
> >> gadgetfs: disconnected
> >> sysfs: cannot create duplicate filename
> >> '/devices/platform/dummy_hcd.0/usb2/2-1/2-1:64.0/ep_05'
> >> Kernel panic - not syncing: panic_on_warn set ...
> >
> > I suppose we could check for USB devices that claim to have two
> > endpoints with the same address.  But is it really worthwhile?  A
> > kernel warning isn't so bad when you're dealing with buggy device
> > firmware.
> 
> We need a clear distinction between what is a bug in kernel source
> code and what is incorrect user-space code. Otherwise no automated
> testing is possible. WARNING means bug in kernel source code. If it is
> not a bug in kernel source code, then it must not produce a WARNING.
> If it's a condition that we absolutely need to make user-space aware
> of, then we can print a single line with an explanation to console
> (but not prefixed with "WARNING:" nor "BUG:").

Ok, this is a "bug" in kernel code so the core is telling the higher
layer that something went really wrong in that a duplicate sysfs file
was created.  So this code is working properly.

And yes, this is a totally bogus "fake hardware" being fuzzed on the
kernel.  It complained that something was really wrong, which is fine,
it didn't crash or do anything else bad, correct?  If so, all is good,
as this is not something you will ever see with a "real" device.  And
even if you make a malicious device, all you will do is have the kernel
spit out some ugly messages, which I do not think is any form of attack
vector, correct?

thanks,

greg k-h

  parent reply	other threads:[~2016-12-12 21:49 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-12 20:48 usb/core: warning in usb_create_ep_devs/sysfs_create_dir_ns Andrey Konovalov
2016-12-12 21:05 ` Alan Stern
2016-12-12 21:16   ` Dmitry Vyukov
2016-12-12 21:48     ` Alan Stern
2016-12-12 22:04       ` Alan Stern
2016-12-13 15:07         ` Dmitry Vyukov
2016-12-13 15:52           ` Alan Stern
2016-12-13 16:23             ` Dmitry Vyukov
2016-12-13 18:38               ` Alan Stern
2016-12-13 18:44                 ` Dmitry Vyukov
2016-12-13 20:09                   ` Alan Stern
2016-12-13 20:32                     ` Dmitry Vyukov
2016-12-12 21:49     ` Greg Kroah-Hartman [this message]
2016-12-16 18:01 ` Alan Stern
2016-12-17 17:12   ` Andrey Konovalov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161212214952.GA25298@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=andreyknvl@google.com \
    --cc=dvyukov@google.com \
    --cc=kcc@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=stern@rowland.harvard.edu \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.