From: "Du, Changbin" <changbin.du@intel.com>
To: Felipe Balbi <felipe.balbi@linux.intel.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"mina86@mina86.com" <mina86@mina86.com>,
"rui.silva@linaro.org" <rui.silva@linaro.org>,
"k.opasiak@samsung.com" <k.opasiak@samsung.com>,
"lars@metafoo.de" <lars@metafoo.de>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH] usb: gadget: f_fs: report error if excess data received
Date: Thu, 12 May 2016 08:16:35 +0000 [thread overview]
Message-ID: <0C18FE92A7765D4EB9EE5D38D86A563A05D2F183@SHSMSX103.ccr.corp.intel.com> (raw)
In-Reply-To: <874ma3g1lq.fsf@linux.intel.com>
> > The extra bytes can be anything(random), they just data from APP layer.
> > It doesn't make sense for you to check. So I will not dump them, sorry.
>
> interesting, so you claim to have found a bug, but when asked to provide
> more information your answer is "no" ? Thanks :-)
>
Do you really want a random hex string? I don't think it is useful.
> >> > The problem is device side app sometimes received incorrect data
> caused
> >> > by the dropping. Most times the error can be detected by APP itself, but
> >>
> >> why ? app did e.g. read(5), that caused driver to queue a usb_request
> >> with length set to 512. Host sent more data than the expected 5 bytes,
> >> why did host do that ? And if that data was needed, why didn't userspace
> >> read() more than 5 ?
> >>
> >
> > Well, first, there must be a protocol upon usb between host side and
> > device side.
>
> sorry, I don't know what mean here. USB does not *require* a protocol
> running on top of USB. There usually is one, but that's not a
> requirement.
>
Communication between two endpoints must has a protocol, even it may
very simple. Without protocol, they cannot exchange information.
> > Second device side didn't know how many bytes to receive, it need host
> > side tell it.
>
> well, many protocols work like this. See Mass Storage, for example.
>
> > But host could be buggy,
>
> if host is buggy, why should we fix host on the peripheral side ?
>
True it is bug of host, but is it a reason kernel can drop data then?
> > or the application is killed and restart.
>
> If application is killed (why was the application killed? Which
> application was killed?), then why are we still connected to host at
> all? It's clear that this gadget can't work without its userspace
> counterpart. If that userspace isn't available, we should drop data
> pullup and disconnect from host.
>
Usb no need disconnect if the application exit (host side). Seems you
only care about device side.
> > These all can lead host send more than device wanted bytes. For sure
> > it wrong at host side, but device side don't know.
>
> but none of this means we have a bug at device side. In fact, by
> allowing these extra bytes to reach userspace, we could be creating a
> possible attack vector.
>
> Your explanation is unsatisfactory, so I won't apply your patch, sorry.
>
> --
> balbi
It is fine. Then need userspace take care of all the data it received. Because
Kernel may drop some data for it. Kernel ffs driver is unauthentic sometimes.
Best Regards,
Du, Changbin
next prev parent reply other threads:[~2016-05-12 8:16 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-11 10:19 [PATCH] usb: gadget: f_fs: report error if excess data received changbin.du
2016-05-11 10:59 ` Felipe Balbi
2016-05-11 12:30 ` Michal Nazarewicz
2016-05-12 4:25 ` Du, Changbin
2016-05-12 4:21 ` Du, Changbin
2016-05-12 6:52 ` Felipe Balbi
2016-05-12 7:30 ` Du, Changbin
2016-05-12 7:46 ` Felipe Balbi
2016-05-12 8:16 ` Du, Changbin [this message]
2016-05-12 9:15 ` Felipe Balbi
2016-05-12 9:22 ` Felipe Balbi
2016-05-12 9:51 ` Du, Changbin
2016-05-12 9:39 ` Du, Changbin
2016-05-12 10:13 ` Felipe Balbi
2016-05-12 10:14 ` Felipe Balbi
2016-05-12 10:45 ` Du, Changbin
2016-05-12 11:22 ` Felipe Balbi
2016-05-13 5:52 ` Du, Changbin
2016-05-13 6:36 ` Felipe Balbi
2016-05-13 10:32 ` Du, Changbin
2016-05-13 14:29 ` Alan Stern
2016-05-14 20:39 ` Michal Nazarewicz
2016-05-16 12:57 ` Felipe Balbi
2016-05-16 13:08 ` Michal Nazarewicz
2016-05-16 13:16 ` Felipe Balbi
2016-05-16 19:09 ` Michal Nazarewicz
2016-05-17 2:53 ` Du, Changbin
2016-05-18 9:45 ` Michal Nazarewicz
2016-05-18 10:15 ` Felipe Balbi
2016-05-18 13:39 ` Michal Nazarewicz
2016-05-19 2:54 ` Du, Changbin
2016-05-19 7:34 ` Michal Nazarewicz
2016-05-19 8:49 ` Du, Changbin
2016-05-19 2:31 ` Du, Changbin
2016-05-16 16:05 ` Michal Nazarewicz
2016-05-16 16:27 ` Lars-Peter Clausen
2016-05-16 16:48 ` Michal Nazarewicz
2016-05-16 16:35 ` Krzysztof Opasiak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0C18FE92A7765D4EB9EE5D38D86A563A05D2F183@SHSMSX103.ccr.corp.intel.com \
--to=changbin.du@intel.com \
--cc=felipe.balbi@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=k.opasiak@samsung.com \
--cc=lars@metafoo.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mina86@mina86.com \
--cc=rui.silva@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).