From: Greg KH <gregkh@linuxfoundation.org>
To: Oliver Neukum <oneukum@suse.com>
Cc: linux-usb@vger.kernel.org
Subject: Re: [RFC]How else could a malicious device sabotage endpoints for usbnet
Date: Tue, 21 Dec 2021 08:54:28 +0100 [thread overview]
Message-ID: <YcGINEZn1NyYbtbD@kroah.com> (raw)
In-Reply-To: <4739899e-54c9-c28a-502c-e3a85118c301@suse.com>
On Thu, Dec 16, 2021 at 11:16:26AM +0100, Oliver Neukum wrote:
>
> On 15.12.21 15:57, Greg KH wrote:
> > On Wed, Dec 15, 2021 at 03:47:55PM +0100, Oliver Neukum wrote:
> >> On 09.12.21 16:47, Greg KH wrote:
> >>> Why not use usb_find_common_endpoints() and/or the other helper
> >>> functions instead? that's what they were created for.
> >> Hi,
> >>
> >> which one would I use? In this case I already know the endpoints
> >> to be verified.
> > I have no context here so I have no idea, sorry.
>
> usbnet has three ways to match the endpoints
>
> 1) the subdriver provides a method
>
> 2) a heuristic to find the endpoints is used (that should be converted
> to the new API)
>
> 3) they are given nummerically by the subdriver
>
> It turns out that #3 needs to verify the endpoints against malicious
> devices.
> So the following questions
>
> a) should that verification go into usbcore
the usb_find_common_endpoints() functions are in the usbcore for drivers
to use for this type of problem.
> b) what possible ways for a malicious device to spoof us can you come
> up with
Start with:
- invalid endpoint sizes and types
- invalid data being sent on valid endpoint types
and you will catch almost all possible errors.
thanks,
greg k-h
next prev parent reply other threads:[~2021-12-21 7:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-09 15:33 [RFC]How else could a malicious device sabotage endpoints for usbnet Oliver Neukum
2021-12-09 15:47 ` Greg KH
2021-12-15 14:47 ` Oliver Neukum
2021-12-15 14:57 ` Greg KH
2021-12-16 10:16 ` Oliver Neukum
2021-12-21 7:54 ` Greg KH [this message]
2021-12-21 8:36 ` Oliver Neukum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YcGINEZn1NyYbtbD@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=linux-usb@vger.kernel.org \
--cc=oneukum@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox