Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4619733yba; Tue, 7 May 2019 23:12:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqwQo6BGnvjIEJ5YIldHP1C/j/3vUHngbFox09pjTTLtxJ+Ll1DKtyb+HCcKTv7VrBwxaBV8 X-Received: by 2002:a17:902:8483:: with SMTP id c3mr43849944plo.19.1557295927854; Tue, 07 May 2019 23:12:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557295927; cv=none; d=google.com; s=arc-20160816; b=TwUIeLKIMJmGELJtQt3pSdXjdDkb8JMX/yv0jEOYdLuPpxENBeJ+cOoex5XRiDExpY dGrSGZ52W3T4o+50f2Y0qtAxHYtSeku6048IzQkpZeyOdAdvjfL0n+GqEF/PLHYfXlmz i82c5LWjZw2xnOGp5Y7+zLzb6yoASozd5C1Z12HDw8VvANCQpRBI8NOwDZMpZ1PgTV1O M+9tlqvC2wj5k6rZcZCuCNyXobINXj+BsC27biAkPhwHDo1OLBd67HwrUeaRzF8xOJLX 7pYO3nZUq69S629MQJQbWdgxSNZEyEQQ1Lz3u5S9lGAepnRFc0izjBO5+nkhcFzcPDC/ UR5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=sYD9+E/4/XoUDaRkYMUADiIJQQKhTQMiegLZBQCWdeQ=; b=SidsunBlKMkExnWOPop9ANGx/RzE2Mf+Ad+hiu97B6gHi0H+ZmOdCYO/ot+qy3vPHQ Q5ff+QBnye+/JYoHUvUay0iUQnbZF0/GoeJ9AMxwMJyNama7DmaBMxaSznG1jmgPOxRH 3JPms+FPeiRnW8DrJWrmttiFeaQIrO1C/kAHa+yoiNotG2BBcUexo9WONZstMMHoQYRo vre5EiPVoRQNPqbgNzLLFfqX/VfaF+uZVJRjt2phfZxyGyDUW8cRTXmAr5Gxtv8rOlQi qDkc5QQGc8yBpk8PiTnFlxps8bEv0GJ22Gj9COmpHXhkyrVDCr20lnjjoqTqi2YnyML4 Gd2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l7si11113565pgh.79.2019.05.07.23.11.51; Tue, 07 May 2019 23:12:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727016AbfEHGBL (ORCPT + 99 others); Wed, 8 May 2019 02:01:11 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:37910 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726832AbfEHGBL (ORCPT ); Wed, 8 May 2019 02:01:11 -0400 Received: by mail-lj1-f195.google.com with SMTP id u21so7247431lja.5; Tue, 07 May 2019 23:01:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=sYD9+E/4/XoUDaRkYMUADiIJQQKhTQMiegLZBQCWdeQ=; b=hxY9fMHp5/rO6PgFm+bLLhTEJOZlhH1uCpxVDBas08tJaNItd4/1FPBKSKnUS/FBO8 rYnpART9cui/8qLC2osCdKiAoSQNUCC0FoUjgqDwWxljnwNDKag3nkJ4PsTkaTxEaW7U 9Pna8VtvTdaQXWo4ori8YpSrCafUSasXaVCqeVqUb+a4V1x65bqh13DjKIW0b491zihI UYMP+F7LQmiicUObYe6LSdCmo8DcnzIqeGwUZyfHqyMfZ9DWlcuYXfXOj9Ku982S+328 9bHUtOMcnXyMc1bKrqtL2pytaV2LMOQeoCiUdcmv57Lo1Pd/iEjyoivToQyg/LbaY36E LJTQ== X-Gm-Message-State: APjAAAWuPwkRUlh5gZp0n800tNC0GUNiQ4NxoX/VG/jh0cUx8EcmuwFj 4muNXwxpp9VDKpxcQFl/XJ0= X-Received: by 2002:a2e:8583:: with SMTP id b3mr15414491lji.136.1557295269233; Tue, 07 May 2019 23:01:09 -0700 (PDT) Received: from xi.terra (c-74bee655.07-184-6d6c6d4.bbcust.telenor.se. [85.230.190.116]) by smtp.gmail.com with ESMTPSA id f12sm3783105lfk.6.2019.05.07.23.01.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 May 2019 23:01:08 -0700 (PDT) Received: from johan by xi.terra with local (Exim 4.91) (envelope-from ) id 1hOFdc-0004Ox-3H; Wed, 08 May 2019 08:01:08 +0200 Date: Wed, 8 May 2019 08:01:08 +0200 From: Johan Hovold To: Alan Stern Cc: mchehab@kernel.org, andreyknvl@google.com, Kernel development list , linux-media@vger.kernel.org, USB list , syzkaller-bugs@googlegroups.com, wen.yang99@zte.com.cn Subject: Re: [PATCH] media: usb: siano: Fix general protection fault in smsusb Message-ID: <20190508060108.GC29016@localhost> References: <0000000000004a08f805883ead54@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.11.4 (2019-03-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 07, 2019 at 12:39:47PM -0400, Alan Stern wrote: > The syzkaller USB fuzzer found a general-protection-fault bug in the > smsusb part of the Siano DVB driver. The fault occurs during probe > because the driver assumes without checking that the device has both > IN and OUT endpoints and the IN endpoint is ep1. > > By slightly rearranging the driver's initialization code, we can make > the appropriate checks early on and thus avoid the problem. If the > expected endpoints aren't present, the new code safely returns -ENODEV > from the probe routine. > > Signed-off-by: Alan Stern > Reported-and-tested-by: syzbot+53f029db71c19a47325a@syzkaller.appspotmail.com > CC: Reviewed-by: Johan Hovold