On Thu, Jan 23, 2025 at 11:49:30AM +0200, Petko Manolov wrote: > On 25-01-22 10:59:33, Alan Stern wrote: > > On Wed, Jan 22, 2025 at 05:20:12AM -0800, Nikita Zhandarovich wrote: > > > Hi, > > > > > > On 1/22/25 04:43, Petko Manolov wrote: > > > > On 25-01-22 02:42:46, Nikita Zhandarovich wrote: > > > >> Syzkaller reports [1] encountering a common issue of utilizing a wrong usb > > > >> endpoint type during URB submitting stage. This, in turn, triggers a warning > > > >> shown below. > > > > > > > > If these endpoints were of the wrong type the driver simply wouldn't work. > > > > Better not to bind at all than to bind in a non-working way. Especially when > > we can tell by a simple check that the device isn't what the driver expects. > > > > > > The proposed change in the patch doesn't do much in terms of fixing the > > > > issue (pipe 3 != type 1) and if usb_check_bulk_endpoints() fails, the > > > > driver will just not probe successfully. I don't see how this is an > > > > improvement to the current situation. > > > > It fixes the issue by preventing the driver from submitting an interrupt URB > > to a bulk endpoint or vice versa. > > I always thought that once DID/VID is verified, there's no much room for that to > happen. Unfortunately that's not so, for two reasons. First, the vendor may change the device's design without updating the Product or Device ID, and second, a malicious device may spoof the VID, PID, and DID values. (Or, as in this case, a fuzzer may try to fool the driver.) > Alright then. I'd recommend following Fedor Pchelkin's advise about moving > those declarations to the beginning of probe(), though. Agreed. Alan Stern
