Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp4627722rwl; Mon, 3 Apr 2023 07:34:16 -0700 (PDT) X-Google-Smtp-Source: AKy350b2s81S+Z7NFxm2YTG3tT9BwT1cm8X0hM24zwVjnTtd65Zi8p6anPxkK+RaogA3eqC3fJqX X-Received: by 2002:a05:6402:68e:b0:500:3a14:82c1 with SMTP id f14-20020a056402068e00b005003a1482c1mr31232514edy.41.1680532455727; Mon, 03 Apr 2023 07:34:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680532455; cv=none; d=google.com; s=arc-20160816; b=veYXylhePkCf48NfXWtP/7F/sdHF6uYLuHuPWNq3OQUOjC4as+Rh36a71yjNyvmjD9 jWxKUKEdFYo26WVe1KTiinNa4d41yGn17aewpLY+RiRjKOSaQfc7yEX4vtRSJwXLfpN2 eOYCtEPY1+svNyxeCtKd0L4QFefEVK/w0kjogLpK7I+Ii9DImlgKsj86rwZCdtq+wyu6 Xj/8VZpeZer1w5q9KvywmlCGNLXmUc164tW9/ta8zNaQw63rFzmhZWUzfran+Co3Id7j GhvQM5yKyViIvwNcrl7XbVXh89w9g17a7FMFI6bdl69CxwxBwQHC6i1DKq97QXKtiYdk a5Gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=Gd9LT0lCxyhqtqpQIU3qkVJX5fcbqYvmnINxzn7zPgg=; b=mSW5fN0XNUE0M59rGxm7PUkRWqTZ/9xQmsMriL/ONu2HPZhK/mTvEMKORFd10d8qTa X5mimjQf2iVJ+K0ZGUbNLF/51BIQwXtkWnjGqhZaMRv1zNm8WW1geXx/BJFxI21UQjxe bqRqryLTdVQYu5QoWZkOg9JTN1B+c0Fk4tu7n23+gjunpwk7+dfYRpLKssvaaklUfccy tZy6xwfrb+VG3a5sLRSdj3U35TrL98OfRXzKhHX0v7vilbBpTWFSrEUjCTISIG9EWj4B cRXqe6hPfxmL/A3E9nlRhTri4Pd/IasAROV1wYAwFtEmgQdPpnflFe/MJVI9QA7OTB34 EC5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t3-20020a170906178300b0091e46d7329bsi6390205eje.416.2023.04.03.07.33.46; Mon, 03 Apr 2023 07:34:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233540AbjDCOdW (ORCPT + 99 others); Mon, 3 Apr 2023 10:33:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233543AbjDCOdM (ORCPT ); Mon, 3 Apr 2023 10:33:12 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id 02F45D4F83 for ; Mon, 3 Apr 2023 07:33:03 -0700 (PDT) Received: (qmail 326274 invoked by uid 1000); 3 Apr 2023 10:33:03 -0400 Date: Mon, 3 Apr 2023 10:33:03 -0400 From: Alan Stern To: Oliver Neukum Cc: syzbot , Thomas Winischhofer , linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: [syzbot] WARNING in sisusb_send_bulk_msg/usb_submit_urb Message-ID: References: <00000000000096e4f905f81b2702@google.com> <7b1f757b-b626-5d49-354e-343e040b8762@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7b1f757b-b626-5d49-354e-343e040b8762@suse.com> X-Spam-Status: No, score=0.2 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 03, 2023 at 10:54:05AM +0200, Oliver Neukum wrote: > > > On 30.03.23 17:34, Alan Stern wrote: > > Reference: https://syzkaller.appspot.com/bug?extid=23be03b56c5259385d79 > > > > The sisusbvga driver just assumes that the endpoints it uses will be > > present, without checking. I don't know anything about this driver, so > > the fix below may not be entirely correct. > > Hi, > > this patch by itself looks good to me. > > But the need for it is problematic. Do we have any vendor specific driver > that could get away without an equivalent to this patch without showing > an equivalent bug? Probably not. Which is why adding this checking infrastructure to the USB core seems like a good idea, even though implementing it in each of the vendor-specific drivers may take quite a while. > If so, why do we have a generic matching code, although > it is always insufficient? (I assume you're referring to usb_match_device() and related routines.) Not sufficient, perhaps, but necessary. That is, in addition to checking the available endpoints, we also have to make sure the device has the right vendor ID, product ID, and so on to match the driver. > What is the purpose of a generic binding interface in sysfs if every probe() > method blocks it? Allowing a generic probe looks like a misdesign under these > circumstances. You'd really want to add IDs to drivers. I really don't understand what you're asking. If you're talking about the "bind" and "unbind" files in /sys/bus/*/drivers/*/, they are there to allow manual binding and unbinding of devices. Even though only one driver is likely to bind to any particular device. (Furthermore, all this was true even before we started being careful about checking endpoints numbers and types.) And we _do_ have IDs in drivers; that's what the .id_table member of struct usb_driver is for. Alan Stern