On 08/16/2016 05:51 PM, Greg KH wrote: > On Tue, Aug 16, 2016 at 04:40:43PM +0300, Binyamin Sharet wrote: >> Hi, >> >> We are using Umap2 to scan USB hosts for vendor-specific device support. >> e.g. whether appropriate drivers are loaded when a device with a specific >> VID/PID is inserted. >> >> In our configuration, we connect multiple times to the host, each time >> providing different VID/PID in the device descriptor, and then we provide >> a single configuration with a single interface that has multiple (10) >> endpoints of different types. >> >> Umap2 can be downloaded from https://github.com/nccgroup/umap2, >> and requires either a Facedancer board or a beaglebone black with a >> modified gadgetfs module (source and instructions in umap2 repository) to >> be used. >> >> During this scan we have found multiple issues in the kernel. >> Some issues cause the the USB stack to hang, while others cause an oops. >> Some of the issues seem similar and might originate from the same source, >> however, due to my lack of knowledge in the Linux USB subsystem, I did not >> perform an in-depth analysis of the root causes. >> >> In total, there are 11 issues: 2 hangs, 8 NULL pointer dereference and >> 1 oops caused by kernel unable to handle paging address. >> >> To keep some order, I will send a separate mail for each issue, titled >> '[Umap2][x/11][$VID:$PID] $result'. > Another minor nit, try a leading 0 on your 1-9 emails so they sort > properly :) > > greg k-h Below are the descriptors sent to the host during the scan. It is always the same (for all 11 issues) except for VID/PID. in the device descriptor, XXXX is a placeholder for VID (little endian) and YYYY is a placeholder for PID. Device descriptor: 12010200ff010140XXXXYYYY010001020301 1st Configuration descriptor: 09025800010104c032 2nd Configuration descriptor (3 next lines are a single descriptor): 09025800010104c032090400000aff0101000705810340000107050103400001070582 0200020107050202000201070583014000010705030140000107058402000201070504 020002010705850110000107050502000201 Binyamin Sharet Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
