From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754754AbdKINaW (ORCPT ); Thu, 9 Nov 2017 08:30:22 -0500 Received: from mx2.suse.de ([195.135.220.15]:32898 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753676AbdKINaU (ORCPT ); Thu, 9 Nov 2017 08:30:20 -0500 Message-ID: <1510233974.2975.20.camel@suse.com> Subject: Re: WARNING in usb_submit_urb From: Oliver Neukum To: Andrey Konovalov , Alan Stern Cc: vskrishn@codeaurora.org, krinkin.m.u@gmail.com, syzkaller-bugs@googlegroups.com, Felipe Balbi , Greg KH , Takashi Iwai , syzbot , LKML , USB list Date: Thu, 09 Nov 2017 14:26:14 +0100 In-Reply-To: References: <20171107163556.GA13964@kroah.com> Content-Type: multipart/mixed; boundary="=-5eYYpRNQBno9xPA+Otvf" X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --=-5eYYpRNQBno9xPA+Otvf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Am Donnerstag, den 09.11.2017, 13:19 +0100 schrieb Andrey Konovalov: > > This isn't the "BOGUS urb xfer" warning, this is "BOGUS urb flags". So > 2 means the URB_ISO_ASAP flag, which is passed in urb->transfer_flags > but not allowed. And as far as I understand, it gets set because uurb > (which is passed from user space) has USBDEVFS_URB_ISO_ASAP flag set > when passed to proc_do_submiturb(). Hi, yes we should filter better. Could you test? Regards Oliver --=-5eYYpRNQBno9xPA+Otvf Content-Disposition: attachment; filename="0001-USB-usbfs-Filter-flags-passed-in-from-user-space.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-USB-usbfs-Filter-flags-passed-in-from-user-space.patch"; charset="UTF-8" RnJvbSA2MDI2NDM1OTcwZTBkMzRkZWYwYWJjNzE4NzliYmQ2ZmVhNmU4ZWMxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBPbGl2ZXIgTmV1a3VtIDxvbmV1a3VtQHN1c2UuY29tPgpEYXRl OiBUaHUsIDkgTm92IDIwMTcgMTQ6MTg6MzIgKzAxMDAKU3ViamVjdDogW1BBVENIXSBVU0I6IHVz YmZzOiBGaWx0ZXIgZmxhZ3MgcGFzc2VkIGluIGZyb20gdXNlciBzcGFjZQoKVVNCREVWRlNfVVJC X0lTT19BU0FQIG11c3QgYmUgYWNjZXB0ZWQgb25seSBmb3IgSVNPIGVuZHBvaW50cy4KSW1wcm92 ZSBzYW5pdHkgY2hlY2tpbmcuCgpTaWduZWQtb2ZmLWJ5OiBPbGl2ZXIgTmV1a3VtIDxvbmV1a3Vt QHN1c2UuY29tPgotLS0KIGRyaXZlcnMvdXNiL2NvcmUvZGV2aW8uYyB8IDQgKysrKwogMSBmaWxl IGNoYW5nZWQsIDQgaW5zZXJ0aW9ucygrKQoKZGlmZiAtLWdpdCBhL2RyaXZlcnMvdXNiL2NvcmUv ZGV2aW8uYyBiL2RyaXZlcnMvdXNiL2NvcmUvZGV2aW8uYwppbmRleCBjM2FhYWZjMjVhMDQuLmFi ZTY0NTc1MTZhMiAxMDA2NDQKLS0tIGEvZHJpdmVycy91c2IvY29yZS9kZXZpby5jCisrKyBiL2Ry aXZlcnMvdXNiL2NvcmUvZGV2aW8uYwpAQCAtMTQ3Myw2ICsxNDczLDggQEAgc3RhdGljIGludCBw cm9jX2RvX3N1Ym1pdHVyYihzdHJ1Y3QgdXNiX2Rldl9zdGF0ZSAqcHMsIHN0cnVjdCB1c2JkZXZm c191cmIgKnV1cmIKIAljYXNlIFVTQkRFVkZTX1VSQl9UWVBFX0NPTlRST0w6CiAJCWlmICghdXNi X2VuZHBvaW50X3hmZXJfY29udHJvbCgmZXAtPmRlc2MpKQogCQkJcmV0dXJuIC1FSU5WQUw7CisJ CWlmICh1dXJiLT5mbGFncyAmIFVTQkRFVkZTX1VSQl9JU09fQVNBUCkKKwkJCXJldHVybiAtRUlO VkFMOwogCQkvKiBtaW4gOCBieXRlIHNldHVwIHBhY2tldCAqLwogCQlpZiAodXVyYi0+YnVmZmVy X2xlbmd0aCA8IDgpCiAJCQlyZXR1cm4gLUVJTlZBTDsKQEAgLTE1MTEsNiArMTUxMyw4IEBAIHN0 YXRpYyBpbnQgcHJvY19kb19zdWJtaXR1cmIoc3RydWN0IHVzYl9kZXZfc3RhdGUgKnBzLCBzdHJ1 Y3QgdXNiZGV2ZnNfdXJiICp1dXJiCiAJCWJyZWFrOwogCiAJY2FzZSBVU0JERVZGU19VUkJfVFlQ RV9CVUxLOgorCQlpZiAodXVyYi0+ZmxhZ3MgJiBVU0JERVZGU19VUkJfSVNPX0FTQVApCisJCQly ZXR1cm4gLUVJTlZBTDsKIAkJc3dpdGNoICh1c2JfZW5kcG9pbnRfdHlwZSgmZXAtPmRlc2MpKSB7 CiAJCWNhc2UgVVNCX0VORFBPSU5UX1hGRVJfQ09OVFJPTDoKIAkJY2FzZSBVU0JfRU5EUE9JTlRf WEZFUl9JU09DOgotLSAKMi4xMy42Cgo= --=-5eYYpRNQBno9xPA+Otvf--