From: Alan Stern <stern@rowland.harvard.edu>
To: Oliver Neukum <oneukum@suse.com>
Cc: Hayes Wang <hayeswang@realtek.com>,
syzbot <syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"kuba@kernel.org" <kuba@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"syzkaller-bugs@googlegroups.com"
<syzkaller-bugs@googlegroups.com>,
nic_swsd <nic_swsd@realtek.com>
Subject: Re: [syzbot] WARNING in rtl8152_probe
Date: Mon, 17 May 2021 09:47:18 -0400 [thread overview]
Message-ID: <20210517134718.GC1083813@rowland.harvard.edu> (raw)
In-Reply-To: <93a10a341eccd8b680cdcc422947e4a1b83099db.camel@suse.com>
On Mon, May 17, 2021 at 12:00:19PM +0200, Oliver Neukum wrote:
> Am Montag, den 17.05.2021, 01:01 +0000 schrieb Hayes Wang:
> > Alan Stern <stern@rowland.harvard.edu>
> > > Sent: Friday, May 14, 2021 11:33 PM
>
> > > So if a peculiar emulated device created by syzbot is capable of
> > > crashing the driver, then somewhere there is a bug which needs to
> > > be
> > > fixed. It's true that fixing all these bugs might not protect
> > > against a
> > > malicious device which deliberately behaves in an apparently
> > > reasonable
> > > manner. But it does reduce the attack surface.
> >
> > Thanks for your response.
> > I will add some checks.
>
> Hi,
>
> the problem in this particular case is in
> static bool rtl_vendor_mode(struct usb_interface *intf)
> which accepts any config number. It needs to bail out
> if you find config #0 to be what the descriptors say,
> treating that as an unrecoverable error.
No, the problem is that the routine calls WARN_ON_ONCE when it doesn't
find an appropriate configuration. WARN_ON_ONCE means there is a bug or
problem in the kernel. That's not the issue here; the issue is that the
device doesn't have the expected descriptors.
The line should be dev_warn(), not WARN_ON_ONCE.
Alan Stern
prev parent reply other threads:[~2021-05-17 13:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 9:40 [syzbot] WARNING in rtl8152_probe syzbot
2021-05-13 3:13 ` Hayes Wang
2021-05-13 14:25 ` Alan Stern
2021-05-14 2:58 ` Hayes Wang
2021-05-14 6:41 ` Dan Carpenter
2021-05-14 7:49 ` Hayes Wang
2021-05-14 6:48 ` Greg KH
2021-05-14 7:50 ` Hayes Wang
2021-05-14 8:26 ` Greg KH
2021-05-14 10:32 ` Hayes Wang
2021-05-14 15:32 ` Alan Stern
2021-05-17 1:01 ` Hayes Wang
2021-05-17 10:00 ` Oliver Neukum
2021-05-17 13:47 ` Alan Stern [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517134718.GC1083813@rowland.harvard.edu \
--to=stern@rowland.harvard.edu \
--cc=davem@davemloft.net \
--cc=hayeswang@realtek.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nic_swsd@realtek.com \
--cc=oneukum@suse.com \
--cc=syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).