Hi Ben,
Thanks for the patch.
On 10/10/2018 11:30 PM, Ben Hutchings wrote:
> Commit 5b22f676118f "usbip: vhci_hcd: check rhport before using in
> vhci_hub_control()" added some validation of rhport, but left
> several problems:
>
> - If VHCI_HC_PORTS < 256, we can get rhport >= VHCI_HC_PORTS
On 07/26/2018 04:39 AM, Ben Hutchings wrote:
> On Tue, 2018-07-24 at 11:04 -0600, Shuah Khan wrote:
>> On 07/20/2018 08:12 PM, Ben Hutchings wrote:
>>> gcc 8 reports:
>>>
>>> usbip_device_driver.c: In function ‘read_usb_vudc_device’:
>>> usbip_devi
On 07/20/2018 08:12 PM, Ben Hutchings wrote:
> gcc 8 reports:
>
> usbip_device_driver.c: In function ‘read_usb_vudc_device’:
> usbip_device_driver.c:106:2: error: ‘strncpy’ specified bound 256 equals
> destination size [-Werror=stringop-truncation]
> strncpy(dev->path, path, SYSFS_PATH_MAX);
>
On 05/23/2018 03:22 AM, Michael Grzeschik wrote:
> As the amount of available ports varies by the kernels build
> configuration. To remove the limitation of the fixed 128 ports
> we allocate the amount of idevs by using the number we get
> from the kernel.
>
> Signed-off-by: Michael Grzeschik
On 05/22/2018 11:04 AM, Michael Grzeschik wrote:
> As the amount of available ports varies by the kernels build
> configuration. To remove the limitation of the fixed 128 ports
> we allocate the amount of idevs by using the number we get
> from the kernel.
>
> Signed-off-by: Michael Grzeschik
Hi Michael,
Thanks for the patch. Couple of comments below:
On 05/18/2018 08:39 AM, Michael Grzeschik wrote:
> As the amount of available ports varies by the kernels build
> configuration. To remove the limitation of the fixed 128 ports
> we allocate the amount of idevs by using the number we
v_nr, __u32 *rhport,
> + enum usb_device_speed speed)
> {
> if (!valid_port(pdev_nr, rhport)) {
> return 0;
> @@ -322,7 +330,7 @@ static ssize_t attach_store(struct device *dev, struct
> device_attribute *attr,
>
On 05/18/2018 07:47 AM, Greg Kroah-Hartman wrote:
> On Thu, May 17, 2018 at 03:16:28PM -0500, Gustavo A. R. Silva wrote:
>> pdev_nr and rhport can be controlled by user-space, hence leading to
>> a potential exploitation of the Spectre variant 1 vulnerability.
>>
>> This issue was detected with
7c ("usbip: usbip_host: fix NULL-ptr deref and
use-after-free errors") in usb-linus
Signed-off-by: Shuah Khan (Samsung OSG) <sh...@kernel.org>
---
drivers/usb/usbip/stub_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/stub_main.c b/dri
() and stub_device_rebind()
call put_busid_priv() to release the busid lock before returning. This
changes fixes the unprotected code paths eliminating the race conditions
in updating the busid entries.
Signed-off-by: Shuah Khan (Samsung OSG) <sh...@kernel.org>
---
drivers/usb/usbip/stub.h
On 04/30/2018 04:48 PM, Greg KH wrote:
> On Mon, Apr 30, 2018 at 04:17:19PM -0600, Shuah Khan (Samsung OSG) wrote:
>> Device is left in the busid_table after unbind and rebind. Rebind
>> initiates usb bus scan and the original driver claims the device.
>> After rescan the dev
the devices to their original drivers. This includes cleanup changes
and moving device_attach() code to a common routine to be called from
rebind_store() and usbip_host_exit().
Signed-off-by: Shuah Khan (Samsung OSG) <sh...@kernel.org>
---
drivers/usb/usbip/stub_dev.c | 6 +
drive
.
Signed-off-by: Shuah Khan (Samsung OSG) <sh...@kernel.org>
---
drivers/usb/usbip/stub_main.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
index d41d0cdeec0f..fb46bd62d538 100644
--- a/drivers/usb/usbip/stub_main.c
the devices to their original drivers. This includes cleanup changes
and moving device_attach() code to a common routine to be called from
rebind_store() and usbip_host_exit().
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_dev.c | 6 +
drivers/usb
Refine probe and disconnect debug msgs to be useful and say what is
in progress.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb
.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_main.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c
index d41d0cdeec0f..fb46bd62d538 100644
--- a/drivers/usb/usbip/stub_main.c
+++ b/drive
On 04/06/2018 02:01 AM, Sergei Shtylyov wrote:
> Hello!
>
> On 4/6/2018 1:31 AM, Shuah Khan wrote:
>
>> Validate !rhport < 0 before using it to access port_status array.
>
> Why '!'?
>
I should have explained it better in the commit log.
rhport is set bas
Validate !rhport < 0 before using it to access port_status array.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/vhci_hcd.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index 20e
Fix it to not print kernel pointer address. Remove the conditional
and debug message as it isn't very useful.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Cc: stable <sta...@vger.kernel.org>
---
drivers/usb/usbip/usbip_event.c | 4
1 file changed, 4 deletions(-)
diff --g
usbip_host calls device_attach() without holding dev->parent lock.
Fix it.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Cc: stable <sta...@vger.kernel.org>
---
drivers/usb/usbip/stub_main.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/drivers/usb/usbip/stub_m
On 04/05/2018 10:42 AM, Sasha Levin wrote:
> Hi.
>
> [This is an automated email]
>
> This commit has been processed by the -stable helper bot and determined
> to be a high probability candidate for -stable trees. (score: 13.1846)
>
> The bot has tested the following trees: v4.15.15, v4.14.32,
On 04/05/2018 10:42 AM, Sasha Levin wrote:
> Hi.
>
> [This is an automated email]
>
> This commit has been processed by the -stable helper bot and determined
> to be a high probability candidate for -stable trees. (score: 10.6103)
>
> The bot has tested the following trees: v4.15.15, v4.14.32,
On 04/04/2018 02:25 AM, Oliver Neukum wrote:
> Am Dienstag, den 03.04.2018, 09:56 -0600 schrieb Shuah Khan:
>> This is a virtual device associated to a real physical device on a different
>> system. My concern is that if the module gets removed accidentally then it
>>
On 04/03/2018 12:56 AM, Greg KH wrote:
> On Mon, Apr 02, 2018 at 02:52:31PM -0600, Shuah Khan wrote:
>> vhci_hcd module can be removed even when devices are attached. Fix to
>> prevent module removal when devices are still attached.
>>
>> Signed-off-by: Shuah Kh
On 04/03/2018 12:56 AM, Greg KH wrote:
> On Mon, Apr 02, 2018 at 02:52:32PM -0600, Shuah Khan wrote:
>> vhci_hcd fails to do reset to put usb device and sockfd in the
>> module remove/stop paths. Fix the leak.
>>
>> Signed-off-by: Shuah Khan <shua...@osg.samsung.c
vhci_hcd fails to do reset to put usb device and sockfd in the
module remove/stop paths. Fix the leak.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/usbip/usbip_comm
vhci_hcd module can be removed even when devices are attached. Fix to
prevent module removal when devices are still attached.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/vhci_sysfs.c | 25 +
1 file changed, 21 insertions(+), 4 del
-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbipd.c | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tools/usb/usbip/src/usbipd.c b/tools/usb/usbip/src/usbipd.c
index f8ff735eb100..32864c52942d 100644
--- a/tools/usb/usbip/src/usbipd.c
+++ b
Currently ST_OK and ST_NA are the only values used to communicate
status of a request from a client. Use new error codes to clearly
indicate what failed. For example, when client sends request to
import a device that isn't export-able, send ST_DEV_BUSY to the client.
Signed-off-by: Shuah Khan
.
Existing defines are moved to a common header in libsrc to be included
in the libusbip_la-usbip_common.o to be used by all the usbip tools.
Supporting interface to print error strings is added to the common lib.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/
)
- when a client requests a device that isn't exportable,
usbip attach -r server_name -b 3-10.4
usbip: error: Attach Request for 3-10.4 failed - Device not found
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbip_attach.c | 11 +--
tools/usb/usb
failed - Device not found
Shuah Khan (3):
usbip: tools: add more error codes for usbip request/reply messages
usbip: usbip_host_common: Use new error codes to return request status
usbip: tools: change to use new error codes in server reply messages
tools/usb/usbip/libsrc/usbip_common.c
On 03/06/2018 01:35 AM, Salvador Fandiño wrote:
>
>
> On 03/06/2018 01:03 AM, Shuah Khan wrote:
>> On 03/05/2018 02:00 AM, Salvador Fandiño wrote:
>>> On 02/21/2018 01:35 AM, Shuah Khan wrote:
>>>> Hi Salvador,
>>>>
>>>> On 01/
On 03/05/2018 02:00 AM, Salvador Fandiño wrote:
> On 02/21/2018 01:35 AM, Shuah Khan wrote:
>> Hi Salvador,
>>
>> On 01/30/2018 01:36 AM, Salvador Fandino wrote:
>>> Let me start by explaining the problem that have motivated me to write
>>> this patche
On 02/27/2018 03:45 PM, Krzysztof Opasiak wrote:
>
>
> On 02/27/2018 11:23 PM, Shuah Khan wrote:
>> Attach device error message is cryptic and useless. Fix it to be
>> informative.
>>
>> Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
>> --
Kernel and tool version mismatch message is cryptic. Fix it to be
informative.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbip_network.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/usb/usbip/src/usbip_network.c
b/too
Attach device error message is cryptic and useless. Fix it to be
informative.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbip_attach.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/usb/usbip/src/usbip_attach.c
b/tools/usb/usb
buffer_length > ((~0 >> 1))) =>
(s32min-s32max > s32max)'
drivers/staging/usbip/stub_rx.c:501 stub_recv_cmd_submit() warn: always
true condition '(pdu->u.cmd_submit.transfer_buffer_length <= ((~0 >>
1))) => (s32min-s32max <= s32max)'
Reported-by: Dan Carpenter <da
k_irqsave(>lock, flags);
> /* Don't export what we don't have */
> - if (!udc || !udc->driver || !udc->pullup) {
> - dev_err(dev, "no device or gadget not bound");
> + if (!udc->driver || !udc->pullup) {
> + dev_err(dev, &qu
Hi Salvador,
On 01/30/2018 01:36 AM, Salvador Fandino wrote:
> Let me start by explaining the problem that have motivated me to write
> this patches:
>
> I work on the QVD, a virtual desktop platform for Linux. This software
> runs Linux desktops (i.e. XFCE, KDE) and their applications inside
now warns that these aren't checked with
-Wformat-overflow, and with -Werror enabled in configure.ac, that makes
these tools unbuildable.
This patch fixes these problems by replacing sprintf() with snprintf()
in one place and adding checks for the return value of snprintf().
Signed-off-by: Shuah
):
usb: usbip: Fix possible deadlocks reported by lockdep
Shuah Khan (8):
usbip: fix stub_rx: get_pipe() to validate endpoint number
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: prevent vhci_hcd driver from leaking a socket pointer address
usbip: Fix
or instead of calling BUG().
Change caller stub_recv_cmd_submit() to handle the get_pipe()
error return.
Reported-by: Secunia Research <v...@secunia.com>
Cc: stable <sta...@vger.kernel.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman
e, leaving device unusable by the client. The device is still
attached and however client can't use it.
The problem was fixed as part of larger change to add USB3 Super Speed
support.
This patch isolates the one line fix to clear the USB_PORT_STAT_POWER
from the original patch.
Signed-off-by: Shuah
Upstream commit 90120d15f4c3 ("usbip: prevent leaking socket pointer
address in messages")
usbip driver is leaking socket pointer address in messages. Remove
the messages that aren't useful and print sockfd in the ones that
are useful for debugging.
Signed-off-by: Shuah
g 109351
https://bugzilla.kernel.org/show_bug.cgi?id=109351
Signed-off-by: Andrew Goodbody <andrew.goodb...@cambrionix.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_event.c | 5 ++-
dr
Upstream commit 248a22044366 ("usbip: stub: stop printing kernel
pointer addresses in messages")
Remove and/or change debug, info. and error messages to not print
kernel pointer addresses.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Cc: stable <sta...@vger.kernel.org&g
bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.
Reported-by: Secunia Research <v...@secunia.com>
Cc: stable <sta...@vger.kernel.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman
laces socket pointer address
with sockfd.
Reported-by: Secunia Research <v...@secunia.com>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_common.h | 1 +
drivers/usb/usbip/vhci_sysfs.c | 26 +++---
tools/usb/usbip/libsrc/vhci
Upstream commit 8272d099d05f ("usbip: vhci: stop printing kernel
pointer addresses in messages")
Remove and/or change debug, info. and error messages to not print
kernel pointer addresses.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Cc: stable <sta...@vger.kernel.org&g
et pointer address is not used at the moment
and it was made visible as a convenient way to find IP address from
socket pointer address by looking up /proc/net/{tcp,tcp6}.
As this opens a security hole, the fix replaces socket pointer address
with sockfd.
Reported-by: Eric Biggers <ebigge..
e, leaving device unusable by the client. The device is still
attached and however client can't use it.
The problem was fixed as part of larger change to add USB3 Super Speed
support.
This patch isolates the one line fix to clear the USB_PORT_STAT_POWER
from the original patch.
Signed-off-by: Shuah
in the first patch in this series masked this bug. With these two fixes,
client can use the imported devices on 4.4
Eric Biggers also reported the tcp_socket address still in the status
file while I am getting the patch ready. I added him to Reported-by.
Shuah Khan (2):
usbip: vhci_hcd: clear
On 01/30/2018 01:36 AM, Salvador Fandino wrote:
> Let me start by explaining the problem that have motivated me to write
> this patches:
>
> I work on the QVD, a virtual desktop platform for Linux. This software
> runs Linux desktops (i.e. XFCE, KDE) and their applications inside LXC
>
On 01/28/2018 05:14 AM, Greg KH wrote:
> On Fri, Jan 26, 2018 at 11:54:35AM -0700, Shuah Khan wrote:
>> Upstream commit 1c9de5bf4286 ("usbip: vhci-hcd: Add USB3 SuperSpeed
>> support")
>
> Hm, I think you have the wrong commit id here.
>
> I don't see any
Keep usbip_device sockfd state in sync with tcp_socket. When tcp_socket
is reset to null, reset sockfd to -1 to keep it in sync.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Cc: sta...@vger.kernel.org
---
drivers/usb/usbip/stub_dev.c | 3 +++
drivers/usb/usbip/vhci_hcd.c | 2 ++
2
tatus file is fixed.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/vhci_hcd.c | 2 +-
drivers/usb/usbip/vhci_sysfs.c | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c
index 00d6894554
e, leaving device unusable by the client. The device is still
attached and however client can't use it.
The problem was fixed as part of larger change to add USB3 Super
Speed support. This patch backports just the change to clear the
USB_PORT_STAT_POWER.
Signed-off-by: Shuah Khan <shua...@os
As I started backporting security fixes, I found a deadlock bug that was
fixed in a later release. This patch series contains backports for all
these problems.
Andrew Goodbody (1):
usb: usbip: Fix possible deadlocks reported by lockdep
Shuah Khan (3):
usbip: fix stub_rx: get_pipe
g 109351
https://bugzilla.kernel.org/show_bug.cgi?id=109351
Signed-off-by: Andrew Goodbody <andrew.goodb...@cambrionix.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_event.c | 5 ++-
dr
or instead of calling BUG().
Change caller stub_recv_cmd_submit() to handle the get_pipe()
error return.
Reported-by: Secunia Research <v...@secunia.com>
Cc: stable <sta...@vger.kernel.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman
Upstream commit 90120d15f4c3 ("usbip: prevent leaking socket pointer
address in messages")
usbip driver is leaking socket pointer address in messages. Remove
the messages that aren't useful and print sockfd in the ones that
are useful for debugging.
Signed-off-by: Shuah
bad input requesting for
unbounded memory allocations. Validate early in get_pipe() and return
failure.
Reported-by: Secunia Research <v...@secunia.com>
Cc: stable <sta...@vger.kernel.org>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman
ing the compiler that this particular case statement
is meant to fall through.
Reviewed-by: Peter Senna Tschudin <peter.se...@gmail.com>
Signed-off-by: Jonathan Dieter <jdie...@lesbg.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Shuah Khan &l
now warns that these aren't checked with
-Wformat-overflow, and with -Werror enabled in configure.ac, that makes
these tools unbuildable.
This patch fixes these problems by replacing sprintf() with snprintf()
in one place and adding checks for the return value of snprintf().
Signed-off-by: Shuah
laces socket pointer address
with sockfd.
Reported-by: Secunia Research <v...@secunia.com>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_common.h | 1 +
drivers/usb/usbip/vhci_sysfs.c | 25 +++--
tools/usb/usbip/libsrc/vhci
alue of snprintf().
Reviewed-by: Peter Senna Tschudin <peter.se...@gmail.com>
Signed-off-by: Jonathan Dieter <jdie...@lesbg.com>
Acked-by: Shuah Khan <shua...@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Shuah Khan <shua...@o
ing the compiler that this particular case statement
is meant to fall through.
Reviewed-by: Peter Senna Tschudin <peter.se...@gmail.com>
Signed-off-by: Jonathan Dieter <jdie...@lesbg.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Shuah Khan &l
laces socket pointer address
with sockfd.
Reported-by: Secunia Research <v...@secunia.com>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/usbip_common.h | 1 +
drivers/usb/usbip/vhci_sysfs.c | 25 +++--
tools/usb/usbip/libsrc/vhci
anks to a script from Joe Perches, this was easily done.
>
> Reported-by: Joe Perches <j...@perches.com>
> Cc: Peter Chen <peter.c...@nxp.com>
> Cc: Felipe Balbi <ba...@kernel.org>
> Cc: Johan Hovold <jo...@kernel.org>
> Cc: Valentina Manea <valentina.mane..
Commit 2f2d0088eb93
("usbip: prevent vhci_hcd driver from leaking a socket pointer address")
in the /sys/devices/platform/vhci_hcd/status.
Fix the header and field alignment to reflect the changes and make it
easier to read.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
com>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
Greg,
Please apply this fix to 4.9 stable. I re-discovered the problem
on 4.9.77-rc1 and re-tested the patch on it.
thanks,
-- Shuah
drivers/usb/usbip/vhci_sysfs.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/
: sta...@vger.kernel.org
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbip_list.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/tools/usb/usbip/src/usbip_list.c b/tools/usb/usbip/src/usbip_list.c
index f1b38e866dd7..d65a9f444174 100644
--- a/too
with
accesses via the attached busid result in errors and system hangs during
shutdown.
Fix it to check and bail out if the device is already attached to vhci_hcd.
Cc: sta...@vger.kernel.org
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
tools/usb/usbip/src/usbip_bind.c | 9 ++
On 12/18/2017 11:00 PM, pei.zh...@intel.com wrote:
> From: Pei Zhang
>
> USB system will clear port's ENABLE feature for some USB devices when
> vdev is already assigned port address. This cause getPortStatus reports
> to system that this device is not enabled, client OS
n",
> + "urb seq# %u was unlinked %ssynchronously\n",
>seqnum, status == -ENOENT ? "" : "a");
> break;
> case -EINPROGRESS:
>
Thanks Colin!
Acked-by: Shuah Khan <shua
do {
> - msg_data_left();
> sock->sk->sk_allocation = GFP_NOIO;
>
> result = sock_recvmsg(sock, , MSG_WAITALL);
>
Thanks for the patch. Looks good to me.
Acked-by: Shuah Khan <shua...@osg.samsung.com>
Greg, please pick this patch up.
thank
On 12/30/2017 09:11 AM, Elad Wexler wrote:
> Fixup a coding style issue
>
> Signed-off-by: Elad Wexler <elad.wex...@gmail.com>
Thanks for the patch. Looks good to me.
Acked-by: Shuah Khan <shua...@osg.samsung.com>
Greg, please pick this patch up.
thanks,
-- Shuah
-
On 12/30/2017 09:01 AM, Elad Wexler wrote:
> Fix possible resource leak: fd
>
> Signed-off-by: Elad Wexler <elad.wex...@gmail.com>
Thanks for the patch. Looks good to me.
Acked-by: Shuah Khan <shua...@osg.samsung.com>
Greg, please pick this patch up.
thanks,
-- Shuah
-
v_send_ret_submit() handles urb with a null transfer_buffer, when it
replays a packet with potential malicious data that could contain a
null buffer.
Add a check for the condition when actual_length > 0 and transfer_buffer
is null.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
Harden CMD_SUBMIT path to handle malicious input that could trigger
large memory allocations. Add checks to validate transfer_buffer_length
and number_of_packets to protect against bad input requesting for
unbounded memory allocations.
Signed-off-by: Shuah Khan <shua...@osg.samsung.
usbip_dump_usb_device() and usbip_dump_urb() print kernel addresses.
Remove kernel addresses from usb device and urb debug msgs and improve
the message content.
Instead of printing parent device and bus addresses, print parent device
and bus names.
Signed-off-by: Shuah Khan <s
Remove and/or change debug, info. and error messages to not print
kernel pointer addresses.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/vhci_hcd.c | 10 --
drivers/usb/usbip/vhci_rx.c | 23 +++
drivers/usb/usbip/vhci_tx.c | 3
Remove and/or change debug, info. and error messages to not print
kernel pointer addresses.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_main.c | 5 +++--
drivers/usb/usbip/stub_rx.c | 7 ++-
drivers/usb/usbip/stub_tx.c | 6 +++---
3 files chan
usbip driver is leaking socket pointer address in messages. Remove
the messages that aren't useful and print sockfd in the ones that
are useful for debugging.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_dev.c | 3 +--
drivers/usb/usbip/usbip_common.
US_ID_SIZE + 4, "del %s",
> + busid);
>
> rc = write_sysfs_attribute(match_busid_attr_path, command,
> -sizeof(command));
> +cmd_size);
> if (rc < 0) {
> db
2max)'
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_rx.c | 11 +--
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
index
On 12/14/2017 01:16 PM, Dan Carpenter wrote:
> On Thu, Dec 14, 2017 at 11:01:15AM -0700, Shuah Khan wrote:
>> Hi Dan,
>>
>> On 12/14/2017 12:58 AM, Dan Carpenter wrote:
>>> Hello Shuah Khan,
>>>
>>> The patch c6688ef9f297: "usbip: fix stub_rx:
On 12/14/2017 03:23 AM, Juan Zea wrote:
>> Why not use the return value from snprintf() for length, instead of calling
> strlen(command)?
>
> Yes, that makes sense. Something like this?
Yes
>
> diff --git a/tools/usb/usbip/src/utils.c b/tools/usb/usbip/src/utils.c
> index 2b3d6d2..3d7b42e
Hi Dan,
On 12/14/2017 12:58 AM, Dan Carpenter wrote:
> Hello Shuah Khan,
>
> The patch c6688ef9f297: "usbip: fix stub_rx: harden CMD_SUBMIT path
> to handle malicious input" from Dec 7, 2017, leads to the following
> static checker warning:
>
> drivers/u
On 12/13/2017 04:07 AM, Juan Zea wrote:
> usbip bind writes commands followed by random string when writing to
> match_busid attribute in sysfs, caused by using full variable size
> instead of string length.
>
> Signed-off-by: Juan Zea
> ---
> tools/usb/usbip/src/utils.c |
ting the flag here. This is followed by usb_submit_urb().
Probably there is no need to set URB_NO_FSBR in USBIP to begin with,
considering usb_submit_urb() handled that before this patch.
I think it is safe to make the change.
Acked-by: Shuah Khan <shua...@osg.samsung.com>
thanks,
-- Shuah
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
On 12/08/2017 09:33 AM, Greg KH wrote:
> On Fri, Dec 08, 2017 at 08:44:58AM -0700, Shuah Khan wrote:
>> Hi Jakub,
>>
>> On 12/08/2017 08:14 AM, Secunia Research wrote:
>>> Hi Shuah,
>>>
>>> Thanks a lot for the quick fixes.
>>
>>
Hi Jakub,
On 12/08/2017 08:14 AM, Secunia Research wrote:
> Hi Shuah,
>
> Thanks a lot for the quick fixes.
Thanks for finding them and doing all the leg work in
pin pointing the issues.
>
> Please, use this email address: v...@secunia.com
>
> We have assigned the following CVEs to the
On 12/07/2017 11:25 PM, Greg KH wrote:
> On Thu, Dec 07, 2017 at 02:16:46PM -0700, Shuah Khan wrote:
>> Jakub Jirasek from Secunia Research at Flexera reported security
>> vulnerabilities in the USB over IP driver. This patch series all
>> the 4 reported problems.
>
> N
.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_rx.c | 18 +++---
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
index 536e037f541f..4d61063c259d 100644
--- a/drivers/usb
Jakub Jirasek from Secunia Research at Flexera reported security
vulnerabilities in the USB over IP driver. This patch series all
the 4 reported problems.
Jakub, could you please suggest an email address I can use for the
Reported-by tag?
Shuah Khan (4):
usbip: fix stub_rx: get_pipe
-by: Shuah Khan <shua...@osg.samsung.com>
---
drivers/usb/usbip/stub_rx.c | 35 +++
1 file changed, 31 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c
index 4d61063c259d..493ac2928391 100644
--- a/drivers/usb
stub_send_ret_submit() handles urb with a potential null transfer_buffer,
when it replays a packet with potential malicious data that could contain
a null buffer. Add a check for the condition when actual_length > 0 and
transfer_buffer is null.
Signed-off-by: Shuah Khan <shua...@osg.samsu
s not used at the moment
and it was made visible as a convenient way to find IP address from socket
pointer address by looking up /proc/net/{tcp,tcp6}.
As this opens a security hole, the fix replaces socket pointer address with
sockfd.
Signed-off-by: Shuah Khan <shua...@osg.samsung.com>
---
d
1 - 100 of 259 matches
Mail list logo