From: Andrey Konovalov <andreyknvl-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
To: Takashi Iwai <tiwai-l3A5Bk7waGM@public.gmane.org>
Cc: alsa-devel-K7yf7f+aM1XWsZ/bQMPhNw@public.gmane.org,
USB list <linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH 2/9] ALSA: bcd2000: Add a sanity check for invalid EPs
Date: Tue, 10 Oct 2017 16:00:25 +0200 [thread overview]
Message-ID: <CAAeHK+wM6JtoNFsaXWUWmrFgcRQj9b8RaH-+1VF4mO=YiijH1g@mail.gmail.com> (raw)
In-Reply-To: <20171010133819.10567-3-tiwai-l3A5Bk7waGM@public.gmane.org>
On Tue, Oct 10, 2017 at 3:38 PM, Takashi Iwai <tiwai-l3A5Bk7waGM@public.gmane.org> wrote:
> As syzkaller spotted, currently bcd2000 driver submits a URB with the
> fixed EP without checking whether it's actually available, which may
> result in a kernel warning like:
> usb 1-1: BOGUS urb xfer, pipe 1 != type 3
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 1846 at drivers/usb/core/urb.c:449
> usb_submit_urb+0xf8a/0x11d0
> Modules linked in:
> CPU: 0 PID: 1846 Comm: kworker/0:2 Not tainted
> 4.14.0-rc2-42613-g1488251d1a98 #238
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
> Workqueue: usb_hub_wq hub_event
> Call Trace:
> bcd2000_init_device sound/usb/bcd2000/bcd2000.c:289
> bcd2000_init_midi sound/usb/bcd2000/bcd2000.c:345
> bcd2000_probe+0xe64/0x19e0 sound/usb/bcd2000/bcd2000.c:406
> usb_probe_interface+0x35d/0x8e0 drivers/usb/core/driver.c:361
> ....
>
> This patch adds a sanity check of validity of EPs at the device
> initialization phase for avoiding the call with an invalid EP.
>
> Reported-by: Andrey Konovalov <andreyknvl-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
> Signed-off-by: Takashi Iwai <tiwai-l3A5Bk7waGM@public.gmane.org>
Hi Takashi,
I've applied patches #1 and #2 and for some reason get this when I try
to build the kernel:
LD vmlinux.o
MODPOST vmlinux.o
sound/usb/bcd2000/bcd2000.o: In function `bcd2000_init_midi':
.../sound/usb/bcd2000/bcd2000.c:346: undefined reference to
`usb_urb_ep_type_check'
.../sound/usb/bcd2000/bcd2000.c:347: undefined reference to
`usb_urb_ep_type_check'
make: *** [vmlinux] Error 1
What could be wrong?
Thanks!
> ---
> sound/usb/bcd2000/bcd2000.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/sound/usb/bcd2000/bcd2000.c b/sound/usb/bcd2000/bcd2000.c
> index 7371e5b06035..a6408209d7f1 100644
> --- a/sound/usb/bcd2000/bcd2000.c
> +++ b/sound/usb/bcd2000/bcd2000.c
> @@ -342,6 +342,13 @@ static int bcd2000_init_midi(struct bcd2000 *bcd2k)
> bcd2k->midi_out_buf, BUFSIZE,
> bcd2000_output_complete, bcd2k, 1);
>
> + /* sanity checks of EPs before actually submitting */
> + if (usb_urb_ep_type_check(bcd2k->midi_in_urb) ||
> + usb_urb_ep_type_check(bcd2k->midi_out_urb)) {
> + dev_err(&bcd2k->dev->dev, "invalid MIDI EP\n");
> + return -EINVAL;
> + }
> +
> bcd2000_init_device(bcd2k);
>
> return 0;
> --
> 2.14.2
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-10-10 14:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-10 13:38 [PATCH 0/9] sound: Add sanity checks for invalid EPs Takashi Iwai
[not found] ` <20171010133819.10567-1-tiwai-l3A5Bk7waGM@public.gmane.org>
2017-10-10 13:38 ` [PATCH 1/9] usb: core: Add a helper function to check the validity of EP type in URB Takashi Iwai
[not found] ` <20171010133819.10567-2-tiwai-l3A5Bk7waGM@public.gmane.org>
2017-10-10 13:53 ` Greg KH
2017-10-10 13:55 ` Takashi Iwai
2017-10-10 13:38 ` [PATCH 2/9] ALSA: bcd2000: Add a sanity check for invalid EPs Takashi Iwai
[not found] ` <20171010133819.10567-3-tiwai-l3A5Bk7waGM@public.gmane.org>
2017-10-10 14:00 ` Andrey Konovalov [this message]
2017-10-10 14:33 ` Takashi Iwai
2017-10-10 18:20 ` Andrey Konovalov
2017-10-10 13:38 ` [PATCH 3/9] ALSA: caiaq: " Takashi Iwai
2017-10-10 13:38 ` [PATCH 4/9] ALSA: line6: " Takashi Iwai
2017-10-10 13:38 ` [PATCH 6/9] ALSA: usx2y: Add sanity checks " Takashi Iwai
2017-10-10 13:38 ` [PATCH 8/9] ALSA: caiaq: Add yet more " Takashi Iwai
2017-10-10 13:38 ` [PATCH 9/9] ALSA: line6: " Takashi Iwai
2017-10-10 13:38 ` [PATCH 5/9] ALSA: usb-audio: Add " Takashi Iwai
2017-10-10 13:38 ` [PATCH 7/9] ALSA: hiface: " Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAeHK+wM6JtoNFsaXWUWmrFgcRQj9b8RaH-+1VF4mO=YiijH1g@mail.gmail.com' \
--to=andreyknvl-hpiqsd4aklfqt0dzr+alfa@public.gmane.org \
--cc=alsa-devel-K7yf7f+aM1XWsZ/bQMPhNw@public.gmane.org \
--cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tiwai-l3A5Bk7waGM@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.