Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp3234629rwe; Mon, 29 Aug 2022 08:03:49 -0700 (PDT) X-Google-Smtp-Source: AA6agR79jD+0zmw3rr36PipPqsN6NZGIsKf1vJwI6jWcyCeN3vbjOX+NKZSQkWC8UA4BIjMhl+Jz X-Received: by 2002:a17:906:9c82:b0:6df:c5f0:d456 with SMTP id fj2-20020a1709069c8200b006dfc5f0d456mr14389724ejc.287.1661785428997; Mon, 29 Aug 2022 08:03:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661785428; cv=none; d=google.com; s=arc-20160816; b=tiZ0lbJsx94G8RjiwyNu7WRv6rfYysZc6D94X7Ts0DuhpXILG49JN1pCw0oZaeC/G4 uMsstjzVnAuvDU82PkGeo8a1jKMoK1Lr2/d7rnsXKIKFonuDiFQTRtqoKI//BNpwAma5 F7HP6iLU60VCapMPqRDG2LEm/WfMPUcFEyO+tzi51LuDXU3wpTQgloOaY3W44hYP18L/ JCjU8tD3CJs7aG2+IopT8MTwl/e9ZpuTAs58PMp4Zt4P/bcwuvU/ETeG7KA2w1mOy4Yp IMS/vXhJMyUkczV/pY1PQ3FgCO6W8AVK/HEN4qzfdmDaz3gWbMbQbtV4u97BR0HOhpfP IX+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qjI27003/4KkyLxWdpIaDsqr/eziWqJOtPZZWOxTPK8=; b=VNnH7TWmhDNUdlSRb0zgQrA/6AZxu/+mEJIe0+rN7mJ/+TvyHnA9SQDeFupvmRNTrH Vw6JesC2L/1klt3pQvdielFEgMyoWyy4OdEBETuCdAfRySwbI8q+8oPlxFewFaxU8BqL 040JYHeRDkXNO5wXqOwnc6dM3/YhLOpdl1QIJK9othqPHbFxZmAThWTeWuyDEGaKgcW5 TqwpWXEohTJIJ7lpc+EqNB8OdT96ZijzWKeL2w5djEwogP8h/Q2sFZ7Tih94D4ZOz19d ApAN8Xtb/gyjOAUOy7wMcaJ6sOy1NpyPeThgeZ4t6Edb0Xxr1B8ZJ2oaKtjo5zn0NRUU +v3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eQxSi2De; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dm21-20020a170907949500b00730a23e9326si7643872ejc.614.2022.08.29.08.03.08; Mon, 29 Aug 2022 08:03:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=eQxSi2De; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230410AbiH2Ovj (ORCPT + 99 others); Mon, 29 Aug 2022 10:51:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229486AbiH2Ova (ORCPT ); Mon, 29 Aug 2022 10:51:30 -0400 Received: from sin.source.kernel.org (sin.source.kernel.org [IPv6:2604:1380:40e1:4800::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC6452A27E; Mon, 29 Aug 2022 07:51:28 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sin.source.kernel.org (Postfix) with ESMTPS id 0766CCE12A4; Mon, 29 Aug 2022 14:51:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EF870C433B5; Mon, 29 Aug 2022 14:51:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1661784685; bh=1D0W+JUuTCSdI7AzrUhn/hlZUpEEwVpbMnzddha3JUA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=eQxSi2DeR2phw3xh3HceJX/KJGEAg8XqaNihdtr9RdIvSmSxvdhiVGbaCKcVJSTw3 vQrazrLaQvkaShQZre7DNIMhsyfNWQT9IeVpDb4Z84L1ln3C3a8Ph2zilbCLrPI6/r hz58KOeq+9LbAAWUrVXbqECfqFBBaBz0jzwyYdgI= Date: Mon, 29 Aug 2022 16:51:22 +0200 From: Greg KH To: Soumya Negi Cc: Dmitry Torokhov , Shuah Khan , linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-input@vger.kernel.org Subject: Re: [PATCH] Input: Check sanity of endpoint in pegasus_open() Message-ID: References: <20220829123959.21298-1-soumya.negi97@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220829123959.21298-1-soumya.negi97@gmail.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 29, 2022 at 05:39:59AM -0700, Soumya Negi wrote: > Fix WARNING in pegasus_open/usb_submit_urb > Syzbot bug: https://syzkaller.appspot.com/bug?id=bbc107584dcf3262253ce93183e51f3612aaeb13 > > Add sanity check of endpoint for Pegasus URB in pegasus_open() so that > transfer requests for bogus URBs are not submitted. If the URB is bogus > pegasus_open() will fail. > > Reported-by: syzbot+04ee0cb4caccaed12d78@syzkaller.appspotmail.com > Signed-off-by: Soumya Negi > --- > drivers/input/tablet/pegasus_notetaker.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c > index c608ac505d1b..5e47882ee4c0 100644 > --- a/drivers/input/tablet/pegasus_notetaker.c > +++ b/drivers/input/tablet/pegasus_notetaker.c > @@ -225,6 +225,15 @@ static int pegasus_open(struct input_dev *dev) > > mutex_lock(&pegasus->pm_mutex); > pegasus->irq->dev = pegasus->usbdev; > + > + /* Sanity check of endpoint in Pegasus URB */ > + error = usb_urb_ep_type_check(pegasus->irq); That is not checking for the type of the endpoint, so are you sure this works? And this should happen at probe time, not when the device is opened. thanks, greg k-h