On Wed, 26 Jan 2011, Micah Elizabeth Scott wrote: > Hello, > > I just filed a bug on kernel.org, and Greg K-H suggested I also > mention it directly here. It's bug 27612 on kernel.org: > > https://bugzilla.kernel.org/show_bug.cgi?id=27612 > > This is a fairly minor bug, since as far as I know the only way to > trigger it is via a buggy or malicious USB hub device. However, in the > event of a malicious USB device, this bug could be used as a DoS to > the hub thread, making the USB subsystem somewhat unusable until > reboot. A similar problem will occur if you connect your faulty hub to an EHCI controller. In my opinion, the best way to deal with this is simply to reject high-speed hubs that don't have any TTs. Presumably there aren't many devices like that floating around. Do you agree? The following patch implements this policy. It should eliminate your bug. Alan Stern Index: usb-2.6/drivers/usb/core/hub.c =================================================================== --- usb-2.6.orig/drivers/usb/core/hub.c +++ usb-2.6/drivers/usb/core/hub.c @@ -1037,6 +1037,11 @@ static int hub_configure(struct usb_hub hdev->descriptor.bDeviceProtocol); break; } + if (hdev->speed == USB_SPEED_HIGH && !hub->tt.hub) { + dev_err(hub_dev, "High-speed hub has no TT\n"); + ret = -EINVAL; + goto fail; + } /* Note 8 FS bit times == (8 bits / 12000000 bps) ~= 666ns */ switch (wHubCharacteristics & HUB_CHAR_TTTT) { -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
