On 15.12.21 15:57, Greg KH wrote: > On Wed, Dec 15, 2021 at 03:47:55PM +0100, Oliver Neukum wrote: >> On 09.12.21 16:47, Greg KH wrote: >>> Why not use usb_find_common_endpoints() and/or the other helper >>> functions instead? that's what they were created for. >> Hi, >> >> which one would I use? In this case I already know the endpoints >> to be verified. > I have no context here so I have no idea, sorry. usbnet has three ways to match the endpoints 1) the subdriver provides a method 2) a heuristic to find the endpoints is used (that should be converted to the new API) 3) they are given nummerically by the subdriver It turns out that #3 needs to verify the endpoints against malicious devices. So the following questions a) should that verification go into usbcore b) what possible ways for a malicious device to spoof us can you come up with Regards Oliver
