* [PATCH net] net: usb: pegasus: validate USB endpoints
@ 2026-02-23 12:58 Greg Kroah-Hartman
2026-02-23 14:39 ` Alan Stern
2026-02-26 3:00 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 5+ messages in thread
From: Greg Kroah-Hartman @ 2026-02-23 12:58 UTC (permalink / raw)
To: netdev; +Cc: linux-usb, linux-kernel, Greg Kroah-Hartman, Petko Manolov,
stable
The pegasus driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it. If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.
Cc: Petko Manolov <petkan@nucleusys.com>
Cc: stable <stable@kernel.org>
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/usb/pegasus.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
index 4f539b5d509a..94c17fed0bd4 100644
--- a/drivers/net/usb/pegasus.c
+++ b/drivers/net/usb/pegasus.c
@@ -801,8 +801,19 @@ static void unlink_all_urbs(pegasus_t *pegasus)
static int alloc_urbs(pegasus_t *pegasus)
{
+ static const u8 bulk_ep_addr[] = {
+ 1 | USB_DIR_IN,
+ 2 | USB_DIR_OUT,
+ 0};
+ static const u8 int_ep_addr[] = {
+ 3 | USB_DIR_IN,
+ 0};
int res = -ENOMEM;
+ if (!usb_check_bulk_endpoints(pegasus->intf, bulk_ep_addr) ||
+ !usb_check_int_endpoints(pegasus->intf, int_ep_addr))
+ return -ENODEV;
+
pegasus->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
if (!pegasus->rx_urb) {
return res;
@@ -1143,6 +1154,7 @@ static int pegasus_probe(struct usb_interface *intf,
pegasus = netdev_priv(net);
pegasus->dev_index = dev_index;
+ pegasus->intf = intf;
res = alloc_urbs(pegasus);
if (res < 0) {
@@ -1154,7 +1166,6 @@ static int pegasus_probe(struct usb_interface *intf,
INIT_DELAYED_WORK(&pegasus->carrier_check, check_carrier);
- pegasus->intf = intf;
pegasus->usb = dev;
pegasus->net = net;
--
2.53.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH net] net: usb: pegasus: validate USB endpoints
2026-02-23 12:58 [PATCH net] net: usb: pegasus: validate USB endpoints Greg Kroah-Hartman
@ 2026-02-23 14:39 ` Alan Stern
2026-02-23 14:54 ` Greg Kroah-Hartman
2026-02-26 3:00 ` patchwork-bot+netdevbpf
1 sibling, 1 reply; 5+ messages in thread
From: Alan Stern @ 2026-02-23 14:39 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: netdev, linux-usb, linux-kernel, Petko Manolov, stable
On Mon, Feb 23, 2026 at 01:58:48PM +0100, Greg Kroah-Hartman wrote:
> The pegasus driver should validate that the device it is probing has the
> proper number and types of USB endpoints it is expecting before it binds
> to it. If a malicious device were to not have the same urbs the driver
> will crash later on when it blindly accesses these endpoints.
>
> Cc: Petko Manolov <petkan@nucleusys.com>
> Cc: stable <stable@kernel.org>
> Assisted-by: gkh_clanker_2000
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
This does much the same thing as
https://lore.kernel.org/linux-usb/20260222050633.410165-1-n7l8m4@u.northwestern.edu/T/#u
and that patch also removes some magic numbers.
BTW, what is gkh_clanker_2000?
Alan Stern
> drivers/net/usb/pegasus.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
> index 4f539b5d509a..94c17fed0bd4 100644
> --- a/drivers/net/usb/pegasus.c
> +++ b/drivers/net/usb/pegasus.c
> @@ -801,8 +801,19 @@ static void unlink_all_urbs(pegasus_t *pegasus)
>
> static int alloc_urbs(pegasus_t *pegasus)
> {
> + static const u8 bulk_ep_addr[] = {
> + 1 | USB_DIR_IN,
> + 2 | USB_DIR_OUT,
> + 0};
> + static const u8 int_ep_addr[] = {
> + 3 | USB_DIR_IN,
> + 0};
> int res = -ENOMEM;
>
> + if (!usb_check_bulk_endpoints(pegasus->intf, bulk_ep_addr) ||
> + !usb_check_int_endpoints(pegasus->intf, int_ep_addr))
> + return -ENODEV;
> +
> pegasus->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
> if (!pegasus->rx_urb) {
> return res;
> @@ -1143,6 +1154,7 @@ static int pegasus_probe(struct usb_interface *intf,
>
> pegasus = netdev_priv(net);
> pegasus->dev_index = dev_index;
> + pegasus->intf = intf;
>
> res = alloc_urbs(pegasus);
> if (res < 0) {
> @@ -1154,7 +1166,6 @@ static int pegasus_probe(struct usb_interface *intf,
>
> INIT_DELAYED_WORK(&pegasus->carrier_check, check_carrier);
>
> - pegasus->intf = intf;
> pegasus->usb = dev;
> pegasus->net = net;
>
> --
> 2.53.0
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH net] net: usb: pegasus: validate USB endpoints
2026-02-23 14:39 ` Alan Stern
@ 2026-02-23 14:54 ` Greg Kroah-Hartman
2026-02-23 15:02 ` Alan Stern
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2026-02-23 14:54 UTC (permalink / raw)
To: Alan Stern; +Cc: netdev, linux-usb, linux-kernel, Petko Manolov, stable
On Mon, Feb 23, 2026 at 09:39:52AM -0500, Alan Stern wrote:
> On Mon, Feb 23, 2026 at 01:58:48PM +0100, Greg Kroah-Hartman wrote:
> > The pegasus driver should validate that the device it is probing has the
> > proper number and types of USB endpoints it is expecting before it binds
> > to it. If a malicious device were to not have the same urbs the driver
> > will crash later on when it blindly accesses these endpoints.
> >
> > Cc: Petko Manolov <petkan@nucleusys.com>
> > Cc: stable <stable@kernel.org>
> > Assisted-by: gkh_clanker_2000
> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> > ---
>
> This does much the same thing as
>
> https://lore.kernel.org/linux-usb/20260222050633.410165-1-n7l8m4@u.northwestern.edu/T/#u
>
> and that patch also removes some magic numbers.
Yes it does, that's a much nicer patch than mine.
> BTW, what is gkh_clanker_2000?
A hacked up system of tools/scripts I'm running here to find stuff like
"take this previously applied commit that fixed a problem, does the same
pattern need to be also done anywhere else in the tree"? It finds a lot
of stuff and then I sift through it and see if anything is actually real
or not and if so, make up a patch for it. It was my "merge window is
giving me a respite from reviewing patches" hobby project this past
week.
Now if I was really good, I could turn the output into a coccinelle
script, as this is just simple patterns.
Also it seems that we aren't running the coccinelle scripts anymore, as
many things it has found are already covered by that, I wonder why that
is...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] net: usb: pegasus: validate USB endpoints
2026-02-23 14:54 ` Greg Kroah-Hartman
@ 2026-02-23 15:02 ` Alan Stern
0 siblings, 0 replies; 5+ messages in thread
From: Alan Stern @ 2026-02-23 15:02 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: netdev, linux-usb, linux-kernel, Petko Manolov, stable
On Mon, Feb 23, 2026 at 03:54:30PM +0100, Greg Kroah-Hartman wrote:
> On Mon, Feb 23, 2026 at 09:39:52AM -0500, Alan Stern wrote:
> > BTW, what is gkh_clanker_2000?
>
> A hacked up system of tools/scripts I'm running here to find stuff like
> "take this previously applied commit that fixed a problem, does the same
> pattern need to be also done anywhere else in the tree"? It finds a lot
> of stuff and then I sift through it and see if anything is actually real
> or not and if so, make up a patch for it. It was my "merge window is
> giving me a respite from reviewing patches" hobby project this past
> week.
>
> Now if I was really good, I could turn the output into a coccinelle
> script, as this is just simple patterns.
It's a little surprising that nobody has asked an AI to do this sort of
thing yet (as far as I know). It's hard to say whether the results
would be better than you get with your hacked-up system of
tools/scripts, but it might be.
Alan Stern
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net] net: usb: pegasus: validate USB endpoints
2026-02-23 12:58 [PATCH net] net: usb: pegasus: validate USB endpoints Greg Kroah-Hartman
2026-02-23 14:39 ` Alan Stern
@ 2026-02-26 3:00 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2026-02-26 3:00 UTC (permalink / raw)
To: Greg KH; +Cc: netdev, linux-usb, linux-kernel, petkan, stable
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Mon, 23 Feb 2026 13:58:48 +0100 you wrote:
> The pegasus driver should validate that the device it is probing has the
> proper number and types of USB endpoints it is expecting before it binds
> to it. If a malicious device were to not have the same urbs the driver
> will crash later on when it blindly accesses these endpoints.
>
> Cc: Petko Manolov <petkan@nucleusys.com>
> Cc: stable <stable@kernel.org>
> Assisted-by: gkh_clanker_2000
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>
> [...]
Here is the summary with links:
- [net] net: usb: pegasus: validate USB endpoints
https://git.kernel.org/netdev/net/c/11de1d3ae556
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-02-26 3:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-23 12:58 [PATCH net] net: usb: pegasus: validate USB endpoints Greg Kroah-Hartman
2026-02-23 14:39 ` Alan Stern
2026-02-23 14:54 ` Greg Kroah-Hartman
2026-02-23 15:02 ` Alan Stern
2026-02-26 3:00 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox