* [PATCH] net:usb:r8152: remove WARN_ON_ONCE() in rtl_vendor_mode()
@ 2021-05-15 14:25 Du Cheng
2021-05-17 11:04 ` Hayes Wang
0 siblings, 1 reply; 2+ messages in thread
From: Du Cheng @ 2021-05-15 14:25 UTC (permalink / raw)
To: Hayes Wang
Cc: David S. Miller, linux-usb, skhan, gregkh, Du Cheng,
syzbot+95afd23673f5dd295c57
If from the userland, a dummy_udc (a virtual USB device for
debugging/device emulation) is configured to have a VENDOR_ID/PRODUCT_ID
combination that is supported by rtl8152 driver, and kernel tries to
match this dummy device with rtl8152 driver by probing, the
rtl8152_probe() function will cause WARN_ON_ONCE() in rtl_vendor_mode().
This causes kernel panic if panic_on_warn is set.
More specifically, this WARN_ON_ONCE() is triggered when the rtl8152
driver detects (and trys to switch on) the vendor specific USB
configuration, which is an expected behavior for supported USB devices.
Rtl8152 should also anticipate dummy_udc which can have arbitrary
configurations and interfaces.
Remove this WARN_ON_ONCE() so that rtl8152 is able to handle (or
gracefully refuse) an unsupported USB device during probing.
Bug reported by syzbot:
https://syzkaller.appspot.com/bug?id=912c9c373656996801b4de61f1e3cb326fe940aa
VENDOR_ID/PRODUCT_ID in question:
REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927)
Reported-by: syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com
Signed-off-by: Du Cheng <ducheng2@gmail.com>
---
This patch passed syzbot test.
drivers/net/usb/r8152.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
index 136ea06540ff..247ac4b1b34c 100644
--- a/drivers/net/usb/r8152.c
+++ b/drivers/net/usb/r8152.c
@@ -8135,8 +8135,6 @@ static bool rtl_vendor_mode(struct usb_interface *intf)
}
}
- WARN_ON_ONCE(i == num_configs);
-
return false;
}
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [PATCH] net:usb:r8152: remove WARN_ON_ONCE() in rtl_vendor_mode()
2021-05-15 14:25 [PATCH] net:usb:r8152: remove WARN_ON_ONCE() in rtl_vendor_mode() Du Cheng
@ 2021-05-17 11:04 ` Hayes Wang
0 siblings, 0 replies; 2+ messages in thread
From: Hayes Wang @ 2021-05-17 11:04 UTC (permalink / raw)
To: Du Cheng
Cc: David S. Miller, linux-usb, skhan, gregkh, syzbot+95afd23673f5dd295c57
Du Cheng <ducheng2@gmail.com>
> Sent: Saturday, May 15, 2021 10:25 PM
[...]
> If from the userland, a dummy_udc (a virtual USB device for
> debugging/device emulation) is configured to have a
> VENDOR_ID/PRODUCT_ID
> combination that is supported by rtl8152 driver, and kernel tries to
> match this dummy device with rtl8152 driver by probing, the
> rtl8152_probe() function will cause WARN_ON_ONCE() in rtl_vendor_mode().
> This causes kernel panic if panic_on_warn is set.
>
> More specifically, this WARN_ON_ONCE() is triggered when the rtl8152
> driver detects (and trys to switch on) the vendor specific USB
> configuration, which is an expected behavior for supported USB devices.
> Rtl8152 should also anticipate dummy_udc which can have arbitrary
> configurations and interfaces.
>
> Remove this WARN_ON_ONCE() so that rtl8152 is able to handle (or
> gracefully refuse) an unsupported USB device during probing.
>
> Bug reported by syzbot:
> https://syzkaller.appspot.com/bug?id=912c9c373656996801b4de61f1e3cb326f
> e940aa
>
> VENDOR_ID/PRODUCT_ID in question:
> REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927)
>
> Reported-by: syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com
> Signed-off-by: Du Cheng <ducheng2@gmail.com>
Acked-by: Hayes Wang <hayeswang@realtek.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-17 11:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-15 14:25 [PATCH] net:usb:r8152: remove WARN_ON_ONCE() in rtl_vendor_mode() Du Cheng
2021-05-17 11:04 ` Hayes Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).