From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: netdev@vger.kernel.org, linux-usb@vger.kernel.org,
linux-kernel@vger.kernel.org,
Petko Manolov <petkan@nucleusys.com>, stable <stable@kernel.org>
Subject: Re: [PATCH net] net: usb: pegasus: validate USB endpoints
Date: Mon, 23 Feb 2026 15:54:30 +0100 [thread overview]
Message-ID: <2026022352-dried-sputter-eba9@gregkh> (raw)
In-Reply-To: <acc166b4-9ce7-4e95-8f2f-4300ee6dd27e@rowland.harvard.edu>
On Mon, Feb 23, 2026 at 09:39:52AM -0500, Alan Stern wrote:
> On Mon, Feb 23, 2026 at 01:58:48PM +0100, Greg Kroah-Hartman wrote:
> > The pegasus driver should validate that the device it is probing has the
> > proper number and types of USB endpoints it is expecting before it binds
> > to it. If a malicious device were to not have the same urbs the driver
> > will crash later on when it blindly accesses these endpoints.
> >
> > Cc: Petko Manolov <petkan@nucleusys.com>
> > Cc: stable <stable@kernel.org>
> > Assisted-by: gkh_clanker_2000
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
>
> This does much the same thing as
>
> https://lore.kernel.org/linux-usb/20260222050633.410165-1-n7l8m4@u.northwestern.edu/T/#u
>
> and that patch also removes some magic numbers.
Yes it does, that's a much nicer patch than mine.
> BTW, what is gkh_clanker_2000?
A hacked up system of tools/scripts I'm running here to find stuff like
"take this previously applied commit that fixed a problem, does the same
pattern need to be also done anywhere else in the tree"? It finds a lot
of stuff and then I sift through it and see if anything is actually real
or not and if so, make up a patch for it. It was my "merge window is
giving me a respite from reviewing patches" hobby project this past
week.
Now if I was really good, I could turn the output into a coccinelle
script, as this is just simple patterns.
Also it seems that we aren't running the coccinelle scripts anymore, as
many things it has found are already covered by that, I wonder why that
is...
thanks,
greg k-h
next prev parent reply other threads:[~2026-02-23 14:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-23 12:58 [PATCH net] net: usb: pegasus: validate USB endpoints Greg Kroah-Hartman
2026-02-23 14:39 ` Alan Stern
2026-02-23 14:54 ` Greg Kroah-Hartman [this message]
2026-02-23 15:02 ` Alan Stern
2026-02-26 3:00 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026022352-dried-sputter-eba9@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=petkan@nucleusys.com \
--cc=stable@kernel.org \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.