From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A23D92566E9; Mon, 23 Feb 2026 14:55:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771858521; cv=none; b=PaYW3SAuoyxN9YO8OoI5yIP3pXGY4WsMyc2CROAIq7v2yx5I/aUmuyrtzvk6prvWL3RAFk3BJI3wWjmpNQ6pAy97BVcQaY19z3XLDI+GIsD1c4QvLD1PNu/iNzYNYLfoOJPD+CvP1uwyonP5keerrsAPuoKU4zfsPmlGQn1F97s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1771858521; c=relaxed/simple; bh=5jq3lFicRtvgdrdrx4nTVDUTSi21O3Z2bTVIiBTF/CM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=jWC0vsRFi2FqHV1ie4zRa3cLAlSr26Y0O+Cj0f7b6ZjUGxAmKoijuA4pe0+0j4SZW0xyaUF3OF6b/uvPvY+mA9ts0f8TSM4zw132JGbifZcaiHrpOeV/evwcKCIsar2mN1OcifU5iBdiagy5ICO1/W3gtW3Ol+MYSL8Zoa3pyfY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ZtEg2LQn; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ZtEg2LQn" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5C71CC19423; Mon, 23 Feb 2026 14:55:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1771858521; bh=5jq3lFicRtvgdrdrx4nTVDUTSi21O3Z2bTVIiBTF/CM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZtEg2LQn3jV5g6whRG6RhF48foeAFWPPnaMNef55e9us6a10Bi4IReEV+1jL8hWWC 1w85kbUizcNRln1Q5JJRYm4bmKyL2wbsJKxi6VReNAjwAoIlAaClGgWH6iP8xaZdgs tuHJZidS45heLQMhKbbfPfUY5SA+nulCCNoZDXds= Date: Mon, 23 Feb 2026 15:54:30 +0100 From: Greg Kroah-Hartman To: Alan Stern Cc: netdev@vger.kernel.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, Petko Manolov , stable Subject: Re: [PATCH net] net: usb: pegasus: validate USB endpoints Message-ID: <2026022352-dried-sputter-eba9@gregkh> References: <2026022347-legibly-attest-cc5c@gregkh> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Feb 23, 2026 at 09:39:52AM -0500, Alan Stern wrote: > On Mon, Feb 23, 2026 at 01:58:48PM +0100, Greg Kroah-Hartman wrote: > > The pegasus driver should validate that the device it is probing has the > > proper number and types of USB endpoints it is expecting before it binds > > to it. If a malicious device were to not have the same urbs the driver > > will crash later on when it blindly accesses these endpoints. > > > > Cc: Petko Manolov > > Cc: stable > > Assisted-by: gkh_clanker_2000 > > Signed-off-by: Greg Kroah-Hartman > > --- > > This does much the same thing as > > https://lore.kernel.org/linux-usb/20260222050633.410165-1-n7l8m4@u.northwestern.edu/T/#u > > and that patch also removes some magic numbers. Yes it does, that's a much nicer patch than mine. > BTW, what is gkh_clanker_2000? A hacked up system of tools/scripts I'm running here to find stuff like "take this previously applied commit that fixed a problem, does the same pattern need to be also done anywhere else in the tree"? It finds a lot of stuff and then I sift through it and see if anything is actually real or not and if so, make up a patch for it. It was my "merge window is giving me a respite from reviewing patches" hobby project this past week. Now if I was really good, I could turn the output into a coccinelle script, as this is just simple patterns. Also it seems that we aren't running the coccinelle scripts anymore, as many things it has found are already covered by that, I wonder why that is... thanks, greg k-h