Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp5610315rwb; Wed, 21 Sep 2022 09:59:38 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6MNS0+acQh0BzHJ+hfKxsMmyjS4xXy1R8SY+vk+FWT0NgGvNp8x3hb88AovP9AKai/+NgZ X-Received: by 2002:a17:902:8214:b0:178:95c9:bd5d with SMTP id x20-20020a170902821400b0017895c9bd5dmr5911385pln.106.1663779578342; Wed, 21 Sep 2022 09:59:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663779578; cv=none; d=google.com; s=arc-20160816; b=c2qVwrEzKdpE7UWgX5pGUxpaXvCKpgaZ0gTUp0/uUM1/C5M757/cHpHAc1bJW9EX1R IM1MPIxT2ekTIBimGXYPHwbaAeKqWzjiBgONx/4TEukmMNM1UIjSnDOwQjivyh3qra55 AAstb6xqjeRnkhAFCVCWaKHL6wyWRDeZq9cfUZ6w/wXtN9D+VjbSHb2dylnKODqMqP7/ FeWeGOjJKaQgIpibjd++uvdxOblMUEuFBchbKPcl/eOTyUZ5ERZryUJikIBs09w37nUh BLG00FjIDz4OiZPnT0oIMMPT4qx6SfXRXQLls0bdavUMZzwg6ODn9381bt+AKl/Z5m2T h8kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=BGlo6ay9T/5m0qNzyNn7Ta7yrBuOkYbaACoZggjAvrE=; b=eWsCYF6jlFJed72nSAEJOTnZlb+2gzPqejk3F54j68TRgOacG5jdI5b3uYG71h7OJm BVc+zc9CMjjnR2EQipn+2DAb/VKpomGaHjzMpMLoEv2XcgcQRZCqEAGgo62mgH+xWC1m 4zP5u9GssQJF2JTsFemcrdfSroutpL/MFV5k3kGgjtD+j+ObkxyZ+RJWGcqgwt1XQc8b 7dilPeukea2Q1P7AhXJjXYcUFaDjSMWVa86MHGOawNeFBkkHIXR8mZlNveMVeVMMG7Fp vvuoApKmRRpkqEwKvpwJBp0WFbIgvVRnWmbrZUYT4TW58K3NtbWLst7AmO0lwy2bZ70L lnXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=AQCgqIT5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q22-20020a056a00089600b00535bb886d7fsi4037714pfj.213.2022.09.21.09.59.26; Wed, 21 Sep 2022 09:59:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=AQCgqIT5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229901AbiIUPpb (ORCPT + 99 others); Wed, 21 Sep 2022 11:45:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48244 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229709AbiIUPpa (ORCPT ); Wed, 21 Sep 2022 11:45:30 -0400 Received: from mail-vk1-xa2d.google.com (mail-vk1-xa2d.google.com [IPv6:2607:f8b0:4864:20::a2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62CF961130; Wed, 21 Sep 2022 08:45:29 -0700 (PDT) Received: by mail-vk1-xa2d.google.com with SMTP id k9so3408186vke.4; Wed, 21 Sep 2022 08:45:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date; bh=BGlo6ay9T/5m0qNzyNn7Ta7yrBuOkYbaACoZggjAvrE=; b=AQCgqIT5AXYbiCLzzlr4Y0jdkYglbGAALygN9T6mwxUzAXf5fKKvf95SQhvmr4MSF1 A7w2YIP3kgqvVpnHFY0KWYNKo/CekJvRx3dYgOjE9rMpvsAk6l/qbHW6Fe2ORSUA4Icl 8yF4gPIuvtFXPiYCLWGk5PDj9AY6SFSBEXvYk6mCQvCBVZRzf87/TGTDrm2o5vrW7j+1 vbk8KXXntpi/SeMVCg9IpzL3NoUgwyVIlfgWh9WrSDjblY/fJEcvMNP0+gL4jwpH81Dt 5MlR32tdTcI956Nw2P3hXrL+lSEeULE6MZLPgGeQWqVi6AgJZb+txR1oIaEcK/rNWDds HcWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=BGlo6ay9T/5m0qNzyNn7Ta7yrBuOkYbaACoZggjAvrE=; b=GszgaZlDLvbFxX/Okm+gdtLW//C86grQ4V3pzg1waBiukYhg/fHW9Cha3ztbMVLH1O AKtA4lFlNSCO6q7H7nzR58nSTChLahDm56FZrJrrkYdq2O9Wu0817vW+WGskxHXBK5Tp 1ZrsllFOSVnnrT3VKn3DaWKRqnbDLQBRMmcUiIeGnPX0+EUJBlvt74qNLWcyI+SKSLcK nwcGeEW6AI39bbu+8J3yKRCdnkdpvu7nAzSvLISd9sNUzMPQPyxXGhLWwq5qtv3POalG nzfGKbak4xkxwfzyTjAeAk/KLkR4CeP163pGGtKILycgmyKXFC8wuXAjC1EYgoFk/9TO wn0A== X-Gm-Message-State: ACrzQf1vvIDfX3Gm2j+4g5KEfg0lyH5kM4YA11yIlH61cc+aWubLvxFg 8cvIuRoNqumZm0TBVC2SswZxTeJlV0iNRJj09DvA1zfcYT+TvmIDRjk= X-Received: by 2002:a1f:249:0:b0:3a1:e0fb:5402 with SMTP id 70-20020a1f0249000000b003a1e0fb5402mr10605185vkc.24.1663775128439; Wed, 21 Sep 2022 08:45:28 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Rondreis Date: Wed, 21 Sep 2022 23:45:17 +0800 Message-ID: Subject: Re: KASAN: use-after-free Write in keyspan_close To: Greg KH Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, johan@kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thank you for your reply! This is a =E2=80=9Cfake=E2=80=9D device. We emulated some functions with th= e built-in gadget module as a virtual device side for fuzzing. It can pass through the matching phase and, to some extent the probing phase. As you said, the configuration options are correct. After a successful attachment, we extracted the file_operations of the device files on both sides to find the corresponding system calls. Later, by fuzzing the dual-sided device with system calls, it is equivalent to considering data threats from both peripheral and user space. We are open to any suggestions and hope to submit a patch capable of fixing this bug in the near future. Best Regards, Rondreis