Re: [PATCH 4.14 REGRESSION fix] USB: devio: Revert "USB: devio: Don't corrupt user memory"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 16, 2017 at 03:12:07PM -0400, Alan Stern wrote:
> On Mon, 16 Oct 2017, Hans de Goede wrote:
> 
> > Taking the uurb->buffer_length userspace passes in as a maximum for the
> > actual urbs transfer_buffer_length causes 2 serious issues:
> > 
> > 1) It breaks isochronous support for all userspace apps using libusb,
> >    as existing libusb versions pass in 0 for uurb->buffer_length,
> >    relying on the kernel using the lenghts of the usbdevfs_iso_packet_desc
> >    descriptors passed in added together as buffer length.
> > 
> >    This for example causes redirection of USB audio and Webcam's into
> >    virtual machines using qemu-kvm to no longer work. This is a userspace
> >    ABI break and as such must be reverted.
> > 
> >    Note that the original commit does not protect other users / the
> >    kernels memory, it only stops the userspace process making the call
> >    from shooting itself in the foot.
> 
> Okay, breaking userspace is reason enough all by itself to revert this
> change.  I didn't realize that libusb sets the buffer_length to 0 for
> isochronous URBs.
> 

Yeah...  I should have seen how this worked just from reading the code.
:/

regards,
dan carpenter





[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]