Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp517871pxb; Thu, 12 Nov 2020 09:16:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJxnEs52zRObqNfVJPxKCD1LaawYMHjT7Kku+n+UV+0wDXATYHAyGbtnFNefwzNhuFyPfi5j X-Received: by 2002:a17:906:1e45:: with SMTP id i5mr260473ejj.203.1605201402092; Thu, 12 Nov 2020 09:16:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605201402; cv=none; d=google.com; s=arc-20160816; b=UuK9gUxgsvfrpa8sMi4TV/zyqc2nkTasuzY9CdX6jgEkGxm5UopxMyJVeyTQL9jxNo KNFA/HRYlOVo1CALgJHAi6Sj1wJmKz8nz3pOqTV8ExDlRdNqqn00iqLyAzlGUhvPbzEU O1Ks3ZMX+D8kP2T4Vysd1cL8qlepsTQ3/Mmrffxw2ogpNHNagy3/F5SM6KvU+jCEUtVd xy4kln/QM+lkV8ZRLVqBc+j85s9fpvATldIep49HL5vkd2qI5HrR9WmWeBy3F/heQfJA DUze5YhU2vGRMwtvtIlv1Af592o22Mrcx3tXlMY7yRqPZFkgDAr/VtZgHV4nP6R47iw/ YcAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=nceTjB9+ZybzYeoCmmubZXLqq+8RSUIB59xSAFOqQqU=; b=tZ0pMilzujLIOViGfBrTouZGcHOX1+Um5X7EzbZQUkx8PDyxnRM3ppONHW6EcrA8p0 n7cRv4ETjIvPF57DG3wC2h3Atil22UPL+FjyN93PDiVIiLOMkfEyBJoep/jWTF9+CYsI vR57ieziZHEstKcEfu6gbbiI99aTMABMuM7haJdvHVk49r6EpImB/nWcVfOneOZpVbNh Eey04/1XrBE/FxqrztidHLt60XwhHs6FUFFFrTeKqDl+pwm+Zh9fiyeL4rXLbnVbKlxA i/zO4iSQfaATEGj5xbqxd4xPvE7RFqU1lkLorz8w1ILxdsaIStKhS9l0hnSOXI4qNHWg ozMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=V4gj33hg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i12si3931845edj.263.2020.11.12.09.16.16; Thu, 12 Nov 2020 09:16:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=V4gj33hg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726274AbgKLRNp (ORCPT + 99 others); Thu, 12 Nov 2020 12:13:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726037AbgKLRNn (ORCPT ); Thu, 12 Nov 2020 12:13:43 -0500 Received: from mail-oi1-x242.google.com (mail-oi1-x242.google.com [IPv6:2607:f8b0:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AC811C0613D1; Thu, 12 Nov 2020 09:13:43 -0800 (PST) Received: by mail-oi1-x242.google.com with SMTP id o25so7198663oie.5; Thu, 12 Nov 2020 09:13:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nceTjB9+ZybzYeoCmmubZXLqq+8RSUIB59xSAFOqQqU=; b=V4gj33hg83VX0YYEMazVv7L1RojdjsIDX2AQTSe1t4xhYtYWOJw6k4KFmxN2PdwN8g jZd45ZqOJDP3pyrsxe2KPsp1+vPLsolSo/C20ews5rTwjknmxnufBVLU+AVZEPDqvPKU 6DFdOTD3PUcioxDZ1gD0bb6uUAvihIViDrBtEREeQjZxmKJiKAy7r3VLUX1XJJwdorFa 8Hlxoii7FQTkvGiY36GYEfDRK6xoqvzNTQ/r3YpaSYJyvws3p/BZM/7Ufb64+IVv4T+r ac99QBpdHRMjqYz9lKjLUZYkwZEHmsx/bpkbiCCXimdugNwU7e3yHUmFf8I/sdUSkuR2 WieQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nceTjB9+ZybzYeoCmmubZXLqq+8RSUIB59xSAFOqQqU=; b=qvpw67i4lnS3TP2fKTFPRejqSdvdN1udwnANnnV4zLQGciBFlqnAnfkK3sWi1VHWQU BF0BSRrG3Pgxjl9AyTPnT/gS6GUKE+3+B6ALqbudxwo0c0kcDlOEn+tPxKXTLbpPNPrA AIcKAnsc3vbS2klIXXIO93SpbrPv8kZR/kqsHUS3cnKquykdLamDp1P0+MJC+Xj0SDD7 D0yK0msIfQhfK1hs1HScr23Z+DdhXBpKNirzP7FhF0ZEoRJ2jIPwowSTxwi3t6y9IavB Z5ksRL+9nZWSPASGMTcGr3o6k0GtVrGSECrIugcTJpX4K0CVuW/U/DdB9QXVBqAs95KA q8qw== X-Gm-Message-State: AOAM530THrpQ1+spQpigVUVZ7srz4qaEG67cGcD5sXL5ioPF76wC4Pem SEHWgbsETliPRyKp6/BGGSMs9gZHx5BzmnZ54+M= X-Received: by 2002:aca:ad07:: with SMTP id w7mr444554oie.122.1605201222906; Thu, 12 Nov 2020 09:13:42 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: John Boero Date: Thu, 12 Nov 2020 17:13:30 +0000 Message-ID: Subject: Re: [PATCH] usb: core: Null deref in kernel with USB webcams. To: Greg Kroah-Hartman Cc: Felipe Balbi , linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sorry header was generated by git email and I should have paid closer attention to it before sending. Long time listener, first time caller. Yes the patch is backwards sorry. Testing alt proposal from stern@rowland.harvard.edu. It may be a buggy driver but it would be nice if a buggy driver couldn't bring down the entire usb core. lsusb hangs until reboot or reset of usb. It seems to behave fine on first use. Run Zoom or cheese works fine first time. Subsequent runs, no device found and usb is crashed with trace in dmesg. Thanks John On Thu, Nov 12, 2020 at 5:04 PM Greg Kroah-Hartman wrote: > > On Thu, Nov 12, 2020 at 03:52:02PM +0000, John Boero wrote: > > >From 54f9886454e9a28e8d943c1cef15df9c11555df7 Mon Sep 17 00:00:00 2001 > > From: JohnnyB > > Why all this header here? > > And the from: line doesn't match your Signed-off-by: line :( > > > Date: Thu, 12 Nov 2020 15:28:29 +0000 > > Subject: [PATCH] usb: core: Null deref in kernel with USB webcams. > > > > Fixes: Ubuntu Launchpad bug 1827452 > > > > This is my first attempt at a kernel contribution so sorry if sloppy. > > No need to put this in the changelog text and have it be in the kernel > for foever :) > > > > > There is some kind of race condition affecting Logitech > > webcams that crash USB with a null dereference. > > Affects raspberry pi devices as well as x86. > > No check on dev before dereference. > > Simple fix for issue experienced for months in > > both x86 and arm/rpi environments. > > > > Signed-off-by: John Boero > > > > --- > > drivers/usb/core/usb.c | 6 +----- > > 1 file changed, 1 insertion(+), 5 deletions(-) > > > > diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c > > index d8756ffe513a..9b4ac4415f1a 100644 > > --- a/drivers/usb/core/usb.c > > +++ b/drivers/usb/core/usb.c > > @@ -272,13 +272,9 @@ EXPORT_SYMBOL_GPL(usb_find_alt_setting); > > struct usb_interface *usb_ifnum_to_if(const struct usb_device *dev, > > unsigned ifnum) > > { > > - struct usb_host_config *config = NULL; > > + struct usb_host_config *config = dev->actconfig; > > int i; > > > > - if (!dev) > > - return NULL; > > - > > - config = dev->actconfig; > > if (!config) > > return NULL; > > for (i = 0; i < config->desc.bNumInterfaces; i++) > > This patch is corrupted and can not be applied, but also, it looks > backwards, right? > > And how about we find the race condition and fix that instead of trying > to paper over it here? > > thanks, > > greg k-h