mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 23:27:06 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/staging
History
Nikita Zhandarovich f15370e315 comedi: vmk80xx: fix incomplete endpoint checking 
commit d1718530e3 upstream.

While vmk80xx does have endpoint checking implemented, some things
can fall through the cracks. Depending on the hardware model,
URBs can have either bulk or interrupt type, and current version
of vmk80xx_find_usb_endpoints() function does not take that fully
into account. While this warning does not seem to be too harmful,
at the very least it will crash systems with 'panic_on_warn' set on
them.

Fix the issue found by Syzkaller [1] by somewhat simplifying the
endpoint checking process with usb_find_common_endpoints() and
ensuring that only expected endpoint types are present.

This patch has not been tested on real hardware.

[1] Syzkaller report:
usb 1-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503
...
Call Trace:
 <TASK>
 usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59
 vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]
 vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818
 comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067
 usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399
...

Similar issue also found by Syzkaller:
Link: https://syzkaller.appspot.com/bug?extid=5205eb2f17de3e01946e

Reported-and-tested-by: syzbot+5f29dc6a889fc42bd896@syzkaller.appspotmail.com
Cc: stable <stable@kernel.org>
Fixes: 49253d542c ("staging: comedi: vmk80xx: factor out usb endpoint detection")
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Link: https://lore.kernel.org/r/20240408171633.31649-1-n.zhandarovich@fintech.ru
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-02 16:23:38 +02:00
..
android
axis-fifo
board
clocking-wizard
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-05-02 16:23:38 +02:00
emxx_udc
fbtft
fieldbus
fsl-dpaa2
fwserial
gasket
gdm724x
goldfish
greybus staging: greybus: fix get_channel_from_mode() failure path 2024-03-26 18:22:02 -04:00
gs_fpgaboot
hikey9xx
iio staging: iio: ad5933: fix type mismatch regression 2024-02-23 08:42:27 +01:00
kpc2000
ks7010
media media: staging: ipu3-imgu: Set fields before media_entity_pads_init() 2024-04-13 12:57:59 +02:00
most
mt7621-dma
mt7621-dts
mt7621-pci
mt7621-pci-phy
mt7621-pinctrl
netlogic
nvec
octeon
octeon-usb
olpc_dcon
pi433
qlge
ralink-gdma
rtl8188eu
rtl8192e
rtl8192u
rtl8712
rtl8723bs
rts5208
sm750fb
unisys
vc04_services staging: vc04_services: fix information leak in create_component() 2024-04-13 12:59:07 +02:00
vme
vt6655
vt6656
wfx
wlan-ng
Kconfig
Makefile