On Wed, Jan 22, 2025 at 05:20:12AM -0800, Nikita Zhandarovich wrote: > Hi, > > On 1/22/25 04:43, Petko Manolov wrote: > > On 25-01-22 02:42:46, Nikita Zhandarovich wrote: > >> Syzkaller reports [1] encountering a common issue of utilizing a wrong usb > >> endpoint type during URB submitting stage. This, in turn, triggers a warning > >> shown below. > > > > If these endpoints were of the wrong type the driver simply wouldn't work. Better not to bind at all than to bind in a non-working way. Especially when we can tell by a simple check that the device isn't what the driver expects. > > The proposed change in the patch doesn't do much in terms of fixing the issue > > (pipe 3 != type 1) and if usb_check_bulk_endpoints() fails, the driver will just > > not probe successfully. I don't see how this is an improvement to the current > > situation. It fixes the issue by preventing the driver from submitting an interrupt URB to a bulk endpoint or vice versa. > > We should either spend some time fixing the "BOGUS urb xfer, pipe 3 != type 1" > > for real or not touch anything. > > > > > > Petko > > > > > > Thank you for your answer, I had a couple thoughts though. > > If I understand correctly (which may not be the case, of course), since > the driver currently does not have any sanity checks for endpoints and > URBs' pipes are initialized essentially by fixed constants (as is often > the case), once again without any testing, then a virtual, weirdly > constructed device, like the one made up by Syzkaller, could provide > endpoints with contents that may cause that exact warning. > > Real-life devices (with appropriate eps) would still work well and are > in no danger, with or without the patch. And even if that warning is > triggered, I am not certain the consequences are that severe, maybe on > kernels with 'panic_on_warn' set, and that's another conversation. > However, it seems that the change won't hurt either. Failing probe() in > such situations looks to be the standard. > > If my approach is flawed, I'd really appreciate some hints on how you > would address that issue and I'd like to tackle it. I'd also ask if > other recipients could provide some of their views on the issue, even if > just to prove me wrong. I agree with this approach; it seems like the best way to address this issue. Alan Stern
