Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1287509pxv; Fri, 9 Jul 2021 23:46:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx9quVZBYlzprGiPD73/WznB0Mj87l5P7G4U1jszc9JJFK9klk2Hw2vAZ7zvyBzF9IOA6Eb X-Received: by 2002:aa7:db95:: with SMTP id u21mr51817569edt.152.1625899590938; Fri, 09 Jul 2021 23:46:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625899590; cv=none; d=google.com; s=arc-20160816; b=wStTCxiNWk2TahYcSV1w3Nl6B6r+aa155iPgEWwt2/7IhP5aJlKb125xLza3FjvU8G ohpbR4/0AFq4sMENtuf0u5WhSzKVEqev2Mo9ei0qFWiRI/U9gy5OETFsNzzptX8G3FUJ nKr7YVNclqwo3IvIVnGMuvND8ZcVRwWdHUQR8Qphyq/PFepGr8jOfvcQJor9v4o42cfb en3+LY6xzrmkpiUYf9oZgnFeXwbTCiRpmXRQn/Z3tsufSTCmi9an19L6aF3tWU/Fahwz EbNAixY2h3GLtoBWZEmoVXwoV5vwZDqR+wuznfxBsvK5hebzHT/Rgr/U3nPb1G9FHB84 sqbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=c1+DICcvx+R/BnWYwW5zSbVp4thuLTrKRElBtD59y8k=; b=QZ+rZaN7BEOu2NQFTS64fEkzOp6Fk4q1KYKlopFW8H+bHoy7N6T+mQOuHh92KNCZMP zJV5QAIrieZjb+hOayOm3xZv898piNw0Mek7FFliqpxi0Gk21CeTGvy+3TwkAB3wACPw AE9eOTHP0BMLm3MuBKmcCYpMhC6d5KWHk2jjIVtkp3q0ZgptTSSWjmWtDcHApLRG2cA/ +u4JDvIm2Da0muz+uREJQMbQQg4JyUN7eNsZX2EkqItHgxnGK7gKs198j3DCfpghiDTz FS1dOVA52B04ygHBcQhXpObuMrrSJwi6DiWCu81leSXzo/AWJX/6yrzTveTGqZ7F4JTp TAvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="jTakte/q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g16si10052976edv.472.2021.07.09.23.46.07; Fri, 09 Jul 2021 23:46:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="jTakte/q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231873AbhGJG0k (ORCPT + 99 others); Sat, 10 Jul 2021 02:26:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:50384 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229690AbhGJG0j (ORCPT ); Sat, 10 Jul 2021 02:26:39 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4856B6135E; Sat, 10 Jul 2021 06:23:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1625898233; bh=um1mjck2OpH0dlbxwBVsj3YOXSr1yh5jhoDQmozzXs0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=jTakte/qWz55fN3YJjEFur1kfnRc8U2b/y6n3jrXj+9wcNNjDpSJHTJmf8wiU/dmA myZo59fjwT+HEvWww9rZZHHOjX8BsLVoiCk9qjwscDwYC2vmVaQ0T98kO72lOiWzRI +iU8i20nBKfMokDYKTd0czVucwdBclLk02E/9T80= Date: Sat, 10 Jul 2021 08:23:50 +0200 From: Greg Kroah-Hartman To: Sasha Levin Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Alan Stern , Johan Hovold , syzbot+7dbcd9ff34dc4ed45240@syzkaller.appspotmail.com, linux-usb@vger.kernel.org Subject: Re: [PATCH AUTOSEL 5.13 062/114] USB: core: Avoid WARNings for 0-length descriptor requests Message-ID: References: <20210710021748.3167666-1-sashal@kernel.org> <20210710021748.3167666-62-sashal@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210710021748.3167666-62-sashal@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 09, 2021 at 10:16:56PM -0400, Sasha Levin wrote: > From: Alan Stern > > [ Upstream commit 60dfe484cef45293e631b3a6e8995f1689818172 ] > > The USB core has utility routines to retrieve various types of > descriptors. These routines will now provoke a WARN if they are asked > to retrieve 0 bytes (USB "receive" requests must not have zero > length), so avert this by checking the size argument at the start. > > CC: Johan Hovold > Reported-and-tested-by: syzbot+7dbcd9ff34dc4ed45240@syzkaller.appspotmail.com > Reviewed-by: Johan Hovold > Signed-off-by: Alan Stern > Link: https://lore.kernel.org/r/20210607152307.GD1768031@rowland.harvard.edu > Signed-off-by: Greg Kroah-Hartman > Signed-off-by: Sasha Levin > --- > drivers/usb/core/message.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c > index 30e9e680c74c..4d59d927ae3e 100644 > --- a/drivers/usb/core/message.c > +++ b/drivers/usb/core/message.c > @@ -783,6 +783,9 @@ int usb_get_descriptor(struct usb_device *dev, unsigned char type, > int i; > int result; > > + if (size <= 0) /* No point in asking for no data */ > + return -EINVAL; > + > memset(buf, 0, size); /* Make sure we parse really received data */ > > for (i = 0; i < 3; ++i) { > @@ -832,6 +835,9 @@ static int usb_get_string(struct usb_device *dev, unsigned short langid, > int i; > int result; > > + if (size <= 0) /* No point in asking for no data */ > + return -EINVAL; > + > for (i = 0; i < 3; ++i) { > /* retry on length 0 or stall; some devices are flakey */ > result = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), > -- > 2.30.2 > This patch should be dropped from all of the autosel branches it was picked to, as I do not think the USB core has been fixed up, along with all of the different drivers that we noticed doing this, in the stable trees. So please drop from everywhere at this time. thanks, greg k-h