Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1508670pxb; Fri, 20 Aug 2021 07:11:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyf34JwnWhOHN+cKaU1qjCgqlo63iOSwHpjNmtapEvzdVuSQcypDKS7tmKfe4PwjlIIk8u/ X-Received: by 2002:a17:906:4346:: with SMTP id z6mr21406812ejm.403.1629468676381; Fri, 20 Aug 2021 07:11:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629468676; cv=none; d=google.com; s=arc-20160816; b=WxFlYAuFdhLms1FfHF84hWF2qsUzuIUpdPnEA17JlpqT5Vp3mtgHhFILP3bDxsxJg6 o9mYworJKgO6nWRrdCDjARXaHWl1pbUMWu8swhlHtkM6kwbXAZKhONhKAv36Alie1T9d uZ2f+QTnK7tWZojzaLi6/AN1qfb1+qktNeTWyjLyjRQdsIRCP3QvNLh7K1Viv9weiNpb qQfE8xxlkY7l+rlqSHuH4ODMgq0+6Cz1BbE37AVaSBpp1HutTOrB9gxektUDprIfciWv y0j27yDVNoCNvDIidkXHBJKru6dGUhiQa/RoKWnRSxoULz0B4rM8rnCd4ri/C52qZmLB Sbrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=8WiaaKx+G3L15RqKPRxfPJEgsO3u7bBOxn6Yqk2Um5E=; b=WRvXnMOHYJNINL2c+th/tJFwPRQvDCiV/tgzG+DzmnE8u5Ve9Gi0h1BRbQ4CooyRW8 lUqHOjq7ZXUd4qFWYiuFt6gDQvVTDFYKEZEo5DTfLL8GpVtsD1vUUIj1yVNWrLCxF0WS 6rhW37F/vYWLrjUHRUkPxfrIUlsoOx6d0Va8ZrNBfX15xMNTw59FeOQo1BoAK2kxj0vH Q4T1RnB42SD5tOyrJx9Q38ZglN4nTVoiG90o6j5j/I3qAcZRDYFhH/UVVmOvDVBfjc8o LlNTl8ZXHigNO1Iwwi4EQYPWqPAHl4V1II+XsYT9SPv9msJV6r7wwsKxpTkT0Sgb6ysI 7MqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y19si6583481edv.6.2021.08.20.07.10.44; Fri, 20 Aug 2021 07:11:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240721AbhHTOG7 (ORCPT + 99 others); Fri, 20 Aug 2021 10:06:59 -0400 Received: from netrider.rowland.org ([192.131.102.5]:34365 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S234189AbhHTOG6 (ORCPT ); Fri, 20 Aug 2021 10:06:58 -0400 Received: (qmail 36556 invoked by uid 1000); 20 Aug 2021 10:06:20 -0400 Date: Fri, 20 Aug 2021 10:06:20 -0400 From: Alan Stern To: syzbot Cc: benjamin.tissoires@redhat.com, jikos@kernel.org, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, mkubecek@suse.cz, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] WARNING in hid_submit_ctrl/usb_submit_urb Message-ID: <20210820140620.GA35867@rowland.harvard.edu> References: <20210819195300.GA8613@rowland.harvard.edu> <000000000000c322ab05c9f2e880@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000000000000c322ab05c9f2e880@google.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 19, 2021 at 05:40:07PM -0700, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any issue: That's good to know. Still, I suspect there's a better way of handling this condition. In particular, does it make sense to accept descriptors for input or feature reports with length zero? I can't imagine what good such reports would do. On the other hand, I'm not familiar enough with the code to know the right way to reject these descriptors and reports. It looks like the HID subsystem was not designed with this sort of check in mind. Benjamin and Jiri, what do you think? Is it okay to allow descriptors for zero-length reports and just pretend they have length 1 (as the patch tested by syzbot did), or should we instead reject them during probing? Alan Stern