From: Kalle Valo <kvalo@kernel.org>
To: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Cc: Wu Yunchuan <yunchuan@nfschina.com>,
Johannes Berg <johannes.berg@intel.com>,
"Breno Leitao" <leitao@debian.org>,
<linux-wireless@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<lvc-project@linuxtesting.org>,
<syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com>
Subject: Re: [PATCH v2] wifi: ar5523: enable proper endpoint verification
Date: Thu, 25 Apr 2024 18:58:19 +0300 [thread overview]
Message-ID: <87a5lhh1t0.fsf@kernel.org> (raw)
In-Reply-To: <171406032921.2967849.6111681305541795423.kvalo@kernel.org> (Kalle Valo's message of "Thu, 25 Apr 2024 15:52:23 +0000 (UTC)")
Kalle Valo <kvalo@kernel.org> writes:
> Nikita Zhandarovich <n.zhandarovich@fintech.ru> wrote:
>
>> Syzkaller reports [1] hitting a warning about an endpoint in use
>> not having an expected type to it.
>>
>> Fix the issue by checking for the existence of all proper
>> endpoints with their according types intact.
>>
>> Sadly, this patch has not been tested on real hardware.
>>
>> [1] Syzkaller report:
>> ------------[ cut here ]------------
>> usb 1-1: BOGUS urb xfer, pipe 3 != type 1
>> WARNING: CPU: 0 PID: 3643 at drivers/usb/core/urb.c:504
>> usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
>> ...
>> Call Trace:
>> <TASK>
>> ar5523_cmd+0x41b/0x780 drivers/net/wireless/ath/ar5523/ar5523.c:275
>> ar5523_cmd_read drivers/net/wireless/ath/ar5523/ar5523.c:302 [inline]
>> ar5523_host_available drivers/net/wireless/ath/ar5523/ar5523.c:1376 [inline]
>> ar5523_probe+0x14b0/0x1d10 drivers/net/wireless/ath/ar5523/ar5523.c:1655
>> usb_probe_interface+0x30f/0x7f0 drivers/usb/core/driver.c:396
>> call_driver_probe drivers/base/dd.c:560 [inline]
>> really_probe+0x249/0xb90 drivers/base/dd.c:639
>> __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>> driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>> __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>> bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>> __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>> bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>> device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>> usb_set_configuration+0x101d/0x1900 drivers/usb/core/message.c:2170
>> usb_generic_driver_probe+0xbe/0x100 drivers/usb/core/generic.c:238
>> usb_probe_device+0xd8/0x2c0 drivers/usb/core/driver.c:293
>> call_driver_probe drivers/base/dd.c:560 [inline]
>> really_probe+0x249/0xb90 drivers/base/dd.c:639
>> __driver_probe_device+0x1df/0x4d0 drivers/base/dd.c:778
>> driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:808
>> __device_attach_driver+0x1d4/0x2e0 drivers/base/dd.c:936
>> bus_for_each_drv+0x163/0x1e0 drivers/base/bus.c:427
>> __device_attach+0x1e4/0x530 drivers/base/dd.c:1008
>> bus_probe_device+0x1e8/0x2a0 drivers/base/bus.c:487
>> device_add+0xbd9/0x1e90 drivers/base/core.c:3517
>> usb_new_device.cold+0x685/0x10ad drivers/usb/core/hub.c:2573
>> hub_port_connect drivers/usb/core/hub.c:5353 [inline]
>> hub_port_connect_change drivers/usb/core/hub.c:5497 [inline]
>> port_event drivers/usb/core/hub.c:5653 [inline]
>> hub_event+0x26cb/0x45d0 drivers/usb/core/hub.c:5735
>> process_one_work+0x9bf/0x1710 kernel/workqueue.c:2289
>> worker_thread+0x669/0x1090 kernel/workqueue.c:2436
>> kthread+0x2e8/0x3a0 kernel/kthread.c:376
>> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306
>> </TASK>
>>
>> Reported-and-tested-by: syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com
>> Fixes: b7d572e1871d ("ar5523: Add new driver")
>> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
>
> Does anyone have a real device to test this? I have had so much problems with
> syzbot fixes in the past that I'm hesitant to take such patches without
> testing.
Actually should we just remove ar5523 driver? Has anyone heard anyone
using this driver still?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
next prev parent reply other threads:[~2024-04-25 16:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-08 12:14 [PATCH v2] wifi: ar5523: enable proper endpoint verification Nikita Zhandarovich
2024-04-25 15:52 ` Kalle Valo
2024-04-25 15:58 ` Kalle Valo [this message]
2024-04-28 7:04 ` Stefan Lippers-Hollmann
2024-04-28 7:49 ` Stefan Lippers-Hollmann
2024-04-29 12:21 ` Kalle Valo
2024-04-30 13:37 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5lhh1t0.fsf@kernel.org \
--to=kvalo@kernel.org \
--cc=johannes.berg@intel.com \
--cc=leitao@debian.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=n.zhandarovich@fintech.ru \
--cc=syzbot+1bc2c2afd44f820a669f@syzkaller.appspotmail.com \
--cc=yunchuan@nfschina.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.