| Message ID | 20210515142513.183623-1-ducheng2@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | net:usb:r8152: remove WARN_ON_ONCE() in rtl_vendor_mode() | expand |
Du Cheng <ducheng2@gmail.com> > Sent: Saturday, May 15, 2021 10:25 PM [...] > If from the userland, a dummy_udc (a virtual USB device for > debugging/device emulation) is configured to have a > VENDOR_ID/PRODUCT_ID > combination that is supported by rtl8152 driver, and kernel tries to > match this dummy device with rtl8152 driver by probing, the > rtl8152_probe() function will cause WARN_ON_ONCE() in rtl_vendor_mode(). > This causes kernel panic if panic_on_warn is set. > > More specifically, this WARN_ON_ONCE() is triggered when the rtl8152 > driver detects (and trys to switch on) the vendor specific USB > configuration, which is an expected behavior for supported USB devices. > Rtl8152 should also anticipate dummy_udc which can have arbitrary > configurations and interfaces. > > Remove this WARN_ON_ONCE() so that rtl8152 is able to handle (or > gracefully refuse) an unsupported USB device during probing. > > Bug reported by syzbot: > https://syzkaller.appspot.com/bug?id=912c9c373656996801b4de61f1e3cb326f > e940aa > > VENDOR_ID/PRODUCT_ID in question: > REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927) > > Reported-by: syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com > Signed-off-by: Du Cheng <ducheng2@gmail.com> Acked-by: Hayes Wang <hayeswang@realtek.com>
diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c index 136ea06540ff..247ac4b1b34c 100644 --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -8135,8 +8135,6 @@ static bool rtl_vendor_mode(struct usb_interface *intf) } } - WARN_ON_ONCE(i == num_configs); - return false; }
If from the userland, a dummy_udc (a virtual USB device for debugging/device emulation) is configured to have a VENDOR_ID/PRODUCT_ID combination that is supported by rtl8152 driver, and kernel tries to match this dummy device with rtl8152 driver by probing, the rtl8152_probe() function will cause WARN_ON_ONCE() in rtl_vendor_mode(). This causes kernel panic if panic_on_warn is set. More specifically, this WARN_ON_ONCE() is triggered when the rtl8152 driver detects (and trys to switch on) the vendor specific USB configuration, which is an expected behavior for supported USB devices. Rtl8152 should also anticipate dummy_udc which can have arbitrary configurations and interfaces. Remove this WARN_ON_ONCE() so that rtl8152 is able to handle (or gracefully refuse) an unsupported USB device during probing. Bug reported by syzbot: https://syzkaller.appspot.com/bug?id=912c9c373656996801b4de61f1e3cb326fe940aa VENDOR_ID/PRODUCT_ID in question: REALTEK_USB_DEVICE(VENDOR_ID_MICROSOFT, 0x0927) Reported-by: syzbot+95afd23673f5dd295c57@syzkaller.appspotmail.com Signed-off-by: Du Cheng <ducheng2@gmail.com> --- This patch passed syzbot test. drivers/net/usb/r8152.c | 2 -- 1 file changed, 2 deletions(-)