On Mon, 16 Sep 2019, Greg Kroah-Hartman wrote: > On Mon, Sep 16, 2019 at 12:32:52PM -0400, Alan Stern wrote: > > Retry-limiting is not the sort of thing we want to add to each > > individual USB class driver. Maybe it can be handled in the USB core; > > I'll try to write some code for it. Under normal circumstances the > > issue just doesn't arise, because normal devices aren't malicious. > > I think this issue came up years ago when people realized they could > "abuse" this through usbfs, but maybe I am mistaken. > > The "do we retry or not" is an old discussion, and one I think we just > said, "if it errors out, we will not retry as something is wrong with > the device". Really? I bet there are plenty of drivers whose interrupt-URB (or whatever) completion handlers just log an error message and blindly resubmit when they get an unexpected kind of error. > Corrupted packets don't seem to be something that is even > noticable in the "real world". When lots of noise happens on a system > that might cause this, usually the hub just disconnects the device and > resets it. I recall hearing from someone (many years ago -- the technology has certainly improved since then) about a device that would start getting errors whenever a noisy fluorescent light near the computer was switched on. :-) But yes, this sort of thing is very uncommon. So do you recommend editing drivers to prevent them from resubmitting URBs whenever they get an unrecognized error, such as -EPROTO, -EILSEQ, or -ETIME? Then the driver would most likely stop working when one of these errors happens. Alternatively, the USB core could keep track of these three kinds of bus errors for all endpoints and fail submissions when the error count gets too high. That would end up having the same effect -- drivers would stop working -- but it might be a little more robust against noise and it wouldn't require editing lots of drivers. Alan Stern