Received: by 2002:a05:7412:31a9:b0:e2:908c:2ebd with SMTP id et41csp4282960rdb; Thu, 14 Sep 2023 18:48:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IF+hFn53SzNjrwPsEgrGDW07c1bz2Ep+yQIH+EhVrayuDaLDjgmy0EfyLmsx5nch3QjveDP X-Received: by 2002:a17:902:d2cd:b0:1c0:a5c9:e05a with SMTP id n13-20020a170902d2cd00b001c0a5c9e05amr324124plc.43.1694742493973; Thu, 14 Sep 2023 18:48:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1694742493; cv=none; d=google.com; s=arc-20160816; b=JJi0muY0TAtPkozJjCzV9l7cVnqHHJBSSVQO4vAIxSkruHzLPXgUeeuvtYjPTTgZMS v18EeW2BfSaeczoVNTNHg7fY0JMYu+kawu/uGHymCjoxe0XroWPGiJuVvL40KoSFk2qU Wn/cr2dy4eyPwxHTbbDPgxqWq/r1247+8tfFr6jB8FFkhXFST3YVcyxMjrhfdo5sPVMw GvlCacC/W8p8ZPqt9czucqtpSJhGB4Q4MX4puHiP8ch4hsYEdvz013KdDLUgrhpk4RMi RiyaB6Gs1d9txmOosEbd07++UPKOSN9cVBFTZkYWl18DIYKKo4AjEpFrwtBVULHBRZiM 4HcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=ceyqYPMsBK+wPcFaX3zefPhRKsYIL7nS/TeSI00U/Ok=; fh=LEMc8YT96DyVscXoLA558ighDraSm0AeH4IzOfIxzz0=; b=gGoV+mFT9TiJga7QlLuyQCsK5Xt4GlSBCPwNWuZCrHSfVUcbgjiZq23LLxLWeQp481 QymixqbMFBLnLMMsIRnB7wlrLQYi7ykA+0SlkqL2yWonceLUpgmAH4syDho1F6b2nr4V F/qhA4fR2PA1J+0majeEtK9k5HIEHPXoYnd0rwiY7cLbp0zZEcFy47Nl9oJrPdsq1v+4 7nthFneybESTlndDkrW6nYhYyMtZhRSiYIcg+n8fLL79xizme5YM9B0/bZ0FKQ5dmO+v kv2si0K0eARSjxOx5HFFGBK4bYAY6PQ3HPiKe1M9CcWWyWy+JPVIRJLJc/NKZw0yJiTW 54vg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Return-Path: Received: from morse.vger.email (morse.vger.email. [23.128.96.31]) by mx.google.com with ESMTPS id m18-20020a170902f65200b001c3411c9b83si2561333plg.454.2023.09.14.18.48.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Sep 2023 18:48:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.31 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=harvard.edu Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 37EB68026944; Thu, 14 Sep 2023 18:46:34 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231139AbjIOBm4 (ORCPT + 99 others); Thu, 14 Sep 2023 21:42:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230519AbjIOBmz (ORCPT ); Thu, 14 Sep 2023 21:42:55 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id C6A662708 for ; Thu, 14 Sep 2023 18:42:50 -0700 (PDT) Received: (qmail 1019415 invoked by uid 1000); 14 Sep 2023 21:42:49 -0400 Date: Thu, 14 Sep 2023 21:42:48 -0400 From: Alan Stern To: Yuran Pereira Cc: Andy Shevchenko , "gregkh@linuxfoundation.org" , "royluo@google.com" , "christophe.jaillet@wanadoo.fr" , "raychi@google.com" , "linux-usb@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "syzbot+c063a4e176681d2e0380@syzkaller.appspotmail.com" Subject: Re: [PATCH] USB: core: Fix a NULL pointer dereference Message-ID: <530c4be4-ccaa-4e6e-b0ac-68c896060766@rowland.harvard.edu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 14 Sep 2023 18:46:34 -0700 (PDT) X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email On Fri, Sep 15, 2023 at 12:57:58AM +0000, Yuran Pereira wrote: > Hello Alan, > > Thank you for the detailed explanation. > > Apologies for the delay replying. > Please, feel free to submit the patch. No need; Andy Shevchenko already submitted the same patch some time ago and it has been merged. Alan Stern > ________________________________ > De: Alan Stern > Enviado: 9 de setembro de 2023 14:36 > Para: Yuran Pereira ; Andy Shevchenko > Cc: gregkh@linuxfoundation.org ; royluo@google.com ; christophe.jaillet@wanadoo.fr ; raychi@google.com ; linux-usb@vger.kernel.org ; linux-kernel@vger.kernel.org ; syzbot+c063a4e176681d2e0380@syzkaller.appspotmail.com > Assunto: Re: [PATCH] USB: core: Fix a NULL pointer dereference > > On Sat, Sep 09, 2023 at 06:28:12AM +0000, Yuran Pereira wrote: > > Hello Alan, > > > > Thank you for elucidating that. > > > > So, this bug is present on the mainline tree which is where syzkaller > > found it. My patch was also based on the mainline tree. > > > > I just ran the same reproducer against a kernel compiled from the usb > > tree, and, as you suggested, the test you mentioned does in fact, > > prevent the bug from occurring. > > > > Please forgive my ignorance; I am a new contributor to the community. > > But in this situation how should I proceed? Is there even a need to > > submit a patch, or will the code currently present in the usb tree > > eventually be reflected in the mainline? > > The first step is to find the difference between the mainline and USB > trees that is responsible for this change in behavior. A quick check of > the Git logs shows that the change was caused by commit d21fdd07cea4 > ("driver core: Return proper error code when dev_set_name() fails"), > written by Andy Shevchenko. As a result of this commit, the code in > device_add() now says: > > if (dev_name(dev)) > error = 0; > /* subsystems can specify simple device enumeration */ > else if (dev->bus && dev->bus->dev_name) > error = dev_set_name(dev, "%s%u", dev->bus->dev_name, dev->id); > if (error) > goto name_error; > > This obviously omits a final "else" clause; it should say: > > if (dev_name(dev)) > error = 0; > /* subsystems can specify simple device enumeration */ > else if (dev->bus && dev->bus->dev_name) > error = dev_set_name(dev, "%s%u", dev->bus->dev_name, dev->id); > + else > + error = -EINVAL; > if (error) > goto name_error; > > So to answer your questions: No, the code in the USB tree will not find > its way into mainline. The opposite will happen: The mainline code will > land in the USB tree. Which means that yes, there is a need to submit a > patch. You can go ahead and write this up for submission, or I can > submit it for you. Or you can check with Andy and see if he wants to > fix the problem in a different way. > > Alan Stern