Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On Sat, Sep 24, 2016 at 3:21 AM, Malcolm Priestley wrote: > > > On 22/09/16 20:50, Malcolm Priestley wrote: >> >> >> >> On 22/09/16 15:25, Oliver Neukum wrote: >>> >>> On Thu, 2016-09-22 at 14:46 +0300, Binyamin Sharet wrote: >>> >&g

Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On Thu, Sep 22, 2016 at 11:18 AM, Binyamin Sharet wrote: > On Thu, Sep 22, 2016 at 11:02 AM, Oliver Neukum wrote: >> On Thu, 2016-09-22 at 10:50 +0300, Binyamin Sharet wrote: >>> On Thu, Sep 22, 2016 at 10:35 AM, Oliver Neukum wrote: >>> > On Thu, 2016-09-22 a

Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On Thu, Sep 22, 2016 at 11:02 AM, Oliver Neukum wrote: > On Thu, 2016-09-22 at 10:50 +0300, Binyamin Sharet wrote: >> On Thu, Sep 22, 2016 at 10:35 AM, Oliver Neukum wrote: >> > On Thu, 2016-09-22 at 09:53 +0300, Binyamin Sharet wrote: >> >> On Wed, Sep 21, 2016

Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On Thu, Sep 22, 2016 at 10:35 AM, Oliver Neukum wrote: > On Thu, 2016-09-22 at 09:53 +0300, Binyamin Sharet wrote: >> On Wed, Sep 21, 2016 at 11:09 PM, Malcolm Priestley >> wrote: >> > >> Malcolm, just to make it clear, this bug was not found with an >> actua

Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On Wed, Sep 21, 2016 at 11:09 PM, Malcolm Priestley wrote: > On 21/09/16 17:44, Greg KH wrote: >> >> On Wed, Sep 21, 2016 at 06:34:03PM +0200, Oliver Neukum wrote: >>> >>> On Thu, 2016-08-18 at 13:50 +0300, Binyamin Sharet wrote: >>>> >

Re: [PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

On 09/12/2016 04:11 PM, Alan Stern wrote: > On Mon, 12 Sep 2016, Binyamin Sharet (bsharet) wrote: > >>> On 8 Sep 2016, at 23:24, Alan Stern wrote: >>> >>> On Thu, 8 Sep 2016, Binyamin Sharet (bsharet) wrote: >>> >>>>> On 8 Sep 2016, at

Re: [PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

> On 8 Sep 2016, at 23:24, Alan Stern wrote: > > On Thu, 8 Sep 2016, Binyamin Sharet (bsharet) wrote: > >> >>> On 8 Sep 2016, at 22:20, Alan Stern wrote: >>> >>> On Thu, 8 Sep 2016, Binyamin Sharet (bsharet) wrote: >>>

Re: [PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

> On 8 Sep 2016, at 22:20, Alan Stern wrote: > > On Thu, 8 Sep 2016, Binyamin Sharet (bsharet) wrote: > >>> I was thinking more like: >>> >>> struct usb_gadgetfs_ioctl_arg { >>> uint16_t length; >>> uint8_t reserved[2]; >>

Re: [PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

e that has a length field at a reserved spot near the beginning >>> (perhaps along with one or two other reserved entries), for example. >> >> something along the like below? >> >> >> /* better names appreciated */ >> struct usb_gadgetfs_packet { >> uint16_t length; >>uint8_t reserved[2]; >> >>uint8_t *data; /* dynamically allocated by userspace */ >> } >> >> I can work with that no problem. > > I was thinking more like: > > struct usb_gadgetfs_ioctl_arg { > uint16_t length; > uint8_t reserved[2]; > > uint8_t data[0]; > } > > but the principle is pretty much the same. > > Alan Stern > Won’t the user lose the relevant information (e.g. feature structure) by using this model? Binyamin Sharet Cisco, STARE-C

[PATCH v2 2/2] usb: gadgetfs: feature - delegate get descriptor

will break user mode drivers that expect gedgetfs to handle GET_DESCRIPTOR requests. The feature availability is protected by Kconfig USB_GADGETFS_ALLOW_DELEGATE_DESCRIPTOR (depends on EXPERT) so that a user mode driver will not enable it by mistake. Signed-off-by: Binyamin Sharet --- drivers/usb

[PATCH v2 1/2] usb: gadgetfs: introduce feature control mechanism

set of features. e.g. in order to check a specific feature, a user needs to read the supported and enabled features, set the desired bitmap on the read bitmap and call the "set enabled features" ioctl with the modified bitmap. Signed-off-by: Binyamin Sharet --- drivers/usb/gadget/lega

[PATCH v2 0/2] usb: gadgetfs: support delegation of GET_DESCRIPTOR

then close and re-open the control endpoint file, the feature will be disabled until the ioctl will be issued on the new file descriptor. -- Binyamin Sharet, Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message

Re: [PATCH 3/3] usb: gadgetfs: protect descriptor delegation with Kconfig

On 09/07/2016 03:51 PM, Felipe Balbi wrote: > Binyamin Sharet writes: > >> On 09/07/2016 03:40 PM, Felipe Balbi wrote: >>> Binyamin Sharet writes: >>> >>>> Added USB_GADGETFS_ALLOW_DELEGATE_DESCRIPTORS to Kconfig, this >>>> opti

Re: [PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

On 09/07/2016 03:36 PM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: >> Feature control mechanism allows addition of dynamic features to >> gadgetfs. >> >> It provides a user-mode driver the ability to control those features, >> by querying the su

Re: [PATCH 3/3] usb: gadgetfs: protect descriptor delegation with Kconfig

On 09/07/2016 03:40 PM, Felipe Balbi wrote: > Binyamin Sharet writes: > >> Added USB_GADGETFS_ALLOW_DELEGATE_DESCRIPTORS to Kconfig, this >> option is available under USB_GADGETFS and requires EXPERT. >> Enabling this option will not change the default behavior of >&

[PATCH 3/3] usb: gadgetfs: protect descriptor delegation with Kconfig

amp;dev->enabled_features, GADGETFS_FEATURE_DELEGATE_DESCRIPTORS)) goto delegate; -switch (w_value >> 8) { +#endif + +switch (w_value >> 8) { case USB_DT_DEVICE: value = min (w_length, (u16) sizeof *dev->dev); -- 2

[PATCH 2/3] usb: gadgetfs: feature - delegate get descriptor

driver. + * enabling this feature means that the user mode driver must handle + * all GET_DEACRIPTOR requests. + */ +#define GADGETFS_FEATURE_DELEGATE_DESCRIPTORS0 + + struct usb_gadgetfs_features { uint64_t bitmap[4]; }; -- 2.5.0 -- Binyamin Sharet, Cisco, STARE-C -- To unsubscribe

[PATCH 1/3] usb: gadgetfs: introduce feature control mechanism

s) + +/* sets the enabled features bitmap */ +#define GADGETFS_SET_ENABLED_FEATURES_IOR('g', 0x12, \ +struct usb_gadgetfs_features) + #endif /* __LINUX_USB_GADGETFS_H */ -- 2.5.0 -- Binyamin Sharet, Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH 0/3] usb: gadgetfs: support delegation of GET_DESCRIPTOR

protects the GET_DESCRIPTOR delegation feature with Kconfig -- Binyamin Sharet, Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Gadgetfs - adding support for delegation of setup requests

On 08/19/2016 10:31 AM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: >>>>>> I think this will cause existing implementation over gadgetfs to fail >>>>>> with this >>>>>> special kernel (as now it will delegate everyt

Re: [umap2] status of issues

> On 2 Sep 2016, at 15:31, Greg KH wrote: > > On Fri, Sep 02, 2016 at 12:09:40PM +, Binyamin Sharet (bsharet) wrote: >> Hi, >> >> After confusing Greg, here’s the current status of all 11 issues initially >> reported by us. >> >> Since the i

[umap2] status of issues

is not an issue at all, but the expected behaviour If any other clarification/action is needed, please let me know. Binyamin Sharet Cisco, STARE-C N�r��yb�X��ǧv�^�)޺{.n�+{��^n�r���z���h�&���G���h�(�階�ݢj"���m��z�ޖ���f���h���~�m�

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

On 08/31/2016 01:24 PM, Oliver Neukum wrote: > On Wed, 2016-08-31 at 12:48 +0300, Binyamin Sharet wrote: > >> Sure, but could you send me the cdc-acm.c file that this patch applies to? >> Otherwise I need to patch it manually each time... > Patch already a

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

On 08/31/2016 12:27 PM, Oliver Neukum wrote: > On Fri, 2016-08-26 at 18:02 +0000, Binyamin Sharet (bsharet) wrote: > >> I think the reason is that in case of quirks == NO_UNION_NORMAL it gets the >> data >> and control interfaces and then jumps to skip_normal probe, in whi

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

ata interfaces are not the same, there is no check whether data_interface->cur_altsetting is NULL. (before the first line of code in skip_normal_probe) which may cause the first check to dereference a NULL pointer. Those changes are of course in addition to the patch you sent before. Binyamin

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

> On 25 Aug 2016, at 17:24, Oliver Neukum wrote: > > On Thu, 2016-08-25 at 13:53 +, Binyamin Sharet (bsharet) wrote: >>> > >> It’s a good thing you asked, as I forgot to test this one… >> >> Just to be sure - which tag should I use for testing thi

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

> > On 25 Aug 2016, at 15:59, Oliver Neukum wrote: > > On Wed, 2016-08-17 at 15:26 +0200, Oliver Neukum wrote: >> On Tue, 2016-08-16 at 16:46 +0300, Binyamin Sharet wrote: >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Driver source file: drivers/usb/cl

Re: Gadgetfs - adding support for delegation of setup requests

On 08/18/2016 03:18 PM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: > > [...] > >>>>>> Many USB host implementations, including at least older versions of >>>>>> Linux, >>>>>> have bugs in the enumerat

Re: [Umap2][11/11][9022:d483] kernel is unable to handle paging address

On 08/18/2016 03:23 PM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: >> On 08/18/2016 01:39 PM, Oliver Neukum wrote: >>> On Wed, 2016-08-17 at 14:39 +0300, Binyamin Sharet wrote: >>>> On 08/16/2016 04:52 PM, Binyamin Sharet wrote: >>>

Re: [Umap2][4/11][0557:2002] NULL pointer dereference

On 08/18/2016 12:12 PM, Oliver Neukum wrote: > On Thu, 2016-08-18 at 12:10 +0300, Binyamin Sharet wrote: >> On 08/18/2016 12:02 PM, Oliver Neukum wrote: >>> On Thu, 2016-08-18 at 12:03 +0300, Binyamin Sharet wrote: >>>> On 08/18/2016 11:37 AM, Oliver Neukum wrote: >

Re: Gadgetfs - adding support for delegation of setup requests

On 08/18/2016 01:25 PM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: >>>>>>>> I get your point, what I propose is not to change the default behavior >>>>>>>> of gadgetfs, >>>>>>>> but allow it

Re: [Umap2][11/11][9022:d483] kernel is unable to handle paging address

On 08/18/2016 01:39 PM, Oliver Neukum wrote: > On Wed, 2016-08-17 at 14:39 +0300, Binyamin Sharet wrote: >> On 08/16/2016 04:52 PM, Binyamin Sharet wrote: >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Driver source file: drivers/media/usb/dvb-usb/dw2102.c >>

Re: [Umap2][4/11][0557:2002] NULL pointer dereference

On 08/18/2016 12:02 PM, Oliver Neukum wrote: > On Thu, 2016-08-18 at 12:03 +0300, Binyamin Sharet wrote: >> On 08/18/2016 11:37 AM, Oliver Neukum wrote: >>> On Wed, 2016-08-17 at 17:33 +0300, Binyamin Sharet wrote: >>>> On 08/17/2016 05:19 PM, Oliver Neukum wrote: >

Re: Gadgetfs - adding support for delegation of setup requests

On 08/18/2016 10:44 AM, Felipe Balbi wrote: > Hi, > > Binyamin Sharet writes: >> Felipe, Greg, >> >> You wrote pretty much the same things on two separate threads, >> so I will answer only here... >> >> On Tue, Aug 16, 2016 at 1:51 PM, Felipe Bal

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

Hi, On 08/17/2016 04:26 PM, Oliver Neukum wrote: > On Tue, 2016-08-16 at 16:46 +0300, Binyamin Sharet wrote: >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/usb/class/cdc-acm.c >> Umap2 command line: umap2vsscan -P -s 22b8:2d93 > Hi, > >

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

On 08/17/2016 04:26 PM, Oliver Neukum wrote: > On Tue, 2016-08-16 at 16:46 +0300, Binyamin Sharet wrote: >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/usb/class/cdc-acm.c >> Umap2 command line: umap2vsscan -P -s 22b8:2d93 > Hi, > > cou

Re: [Umap2][4/11][0557:2002] NULL pointer dereference

On 08/17/2016 05:19 PM, Oliver Neukum wrote: > On Wed, 2016-08-17 at 17:07 +0300, Binyamin Sharet wrote: >> The issue was found on raspbian with kernel 4.4.6, and was not found >> on >> ubuntu 16.04 with mainline kernel 4.8-rc2, I don't have much >> experience >&

Re: [Umap2][4/11][0557:2002] NULL pointer dereference

On 08/17/2016 04:18 PM, Oliver Neukum wrote: > On Wed, 2016-08-17 at 14:26 +0300, Binyamin Sharet wrote: >> On 08/16/2016 06:02 PM, Alan Stern wrote: >>> On Tue, 16 Aug 2016, Binyamin Sharet wrote: >>> >>>> Kernel version: raspberrypi 4.4.6-v7+ #871 &

Re: [Umap2][11/11][9022:d483] kernel is unable to handle paging address

On 08/17/2016 02:39 PM, Binyamin Sharet wrote: > On 08/16/2016 04:52 PM, Binyamin Sharet wrote: >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/media/usb/dvb-usb/dw2102.c >> Umap2 command line: umap2vsscan -P -s 9022:d483 >> >> After

Re: [Umap2][11/11][9022:d483] kernel is unable to handle paging address

On 08/16/2016 04:52 PM, Binyamin Sharet wrote: > Kernel version: raspberrypi 4.4.6-v7+ #871 > Driver source file: drivers/media/usb/dvb-usb/dw2102.c > Umap2 command line: umap2vsscan -P -s 9022:d483 > > After connecting such a device, kernel oops: kernel is unable to handle &

Re: [Umap2][9/11][05c5:0002] NULL pointer dereference

On 08/17/2016 09:45 AM, Johan Hovold wrote: > On Wed, Aug 17, 2016 at 09:37:02AM +0300, Binyamin Sharet wrote: >> Hi >> >> On 08/16/2016 06:04 PM, Johan Hovold wrote: >>> On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote: >>>> On Tue, 16 Aug 2016

Re: [Umap2][8/11][076d:0006] NULL pointer dereference

On 08/16/2016 04:49 PM, Binyamin Sharet wrote: > Kernel version: raspberrypi 4.4.6-v7+ #871 > Driver source file: drivers/staging/vt6656/main_usb.c > Umap2 command line: umap2vsscan -P -s 076d:0006 > > After connecting such a device, NULL pointer dereference in the kernel. >

Re: [Umap2][7/11][160a:3184] NULL pointer dereference

On 08/16/2016 04:48 PM, Binyamin Sharet wrote: > Kernel version: raspberrypi 4.4.6-v7+ #871 > Driver source file: drivers/staging/vt6656/main_usb.c > Related file: drivers/staging/comedi/drivers/usbduxsigma.c > Umap2 command line: umap2vsscan -P -s 160a:3184 > > After connec

Re: [Umap2][6/11][3923:718a] NULL pointer dereference

On 08/16/2016 04:57 PM, Binyamin Sharet wrote: > Kernel version: 4.4.0-24-generic #43-Ubuntu SMP > Driver source file: drivers/staging/comedi/drivers/ni_usb6501.c > Umap2 command line: umap2vsscan -P -s 3923:718a > > After connecting such a device, there's a NULL pointer

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

On 08/17/2016 01:18 PM, Binyamin Sharet wrote: > On 08/17/2016 01:06 PM, Oliver Neukum wrote: >> On Tue, 2016-08-16 at 16:46 +0300, Binyamin Sharet wrote: >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Driver source file: drivers/usb/class/cdc-acm.c >>> Um

Re: [Umap2][3/11][0471:0602] NULL pointer dereference

On 08/17/2016 10:16 AM, Binyamin Sharet wrote: > Hi, > > On 08/17/2016 10:07 AM, Greg KH wrote: >> On Wed, Aug 17, 2016 at 09:05:34AM +0200, Greg KH wrote: >>> On Wed, Aug 17, 2016 at 09:26:18AM +0300, Binyamin Sharet wrote: >>>> Hi, >>>> >>>

Re: [Umap2][4/11][0557:2002] NULL pointer dereference

On 08/16/2016 06:02 PM, Alan Stern wrote: > On Tue, 16 Aug 2016, Binyamin Sharet wrote: > >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/net/usb/kaweth.c >> Umap2 command line: umap2vsscan -P -s 0557:2002 >> >> After connecting suc

Re: [Umap2][2/11][10cf:5500] NULL pointer dereference

On 08/17/2016 09:32 AM, Binyamin Sharet wrote: > Hi > > On 08/16/2016 04:44 PM, Binyamin Sharet wrote: >> Kernel version: 4.4.0-24-generic #43-Ubuntu SMP >> Driver source file: drivers/staging/comedi/drivers/vmk80xx.c >> Umap2 command line: umap2vsscan -P -s 10cf:5500

Re: [Umap2][1/11][0aa8:8001] USB stack hang

On 08/17/2016 09:29 AM, Binyamin Sharet wrote: > Hi > > On 08/16/2016 06:15 PM, Binyamin Sharet wrote: >> On 08/16/2016 05:49 PM, Greg KH wrote: >>> On Tue, Aug 16, 2016 at 04:42:23PM +0300, Binyamin Sharet wrote: >>>> Kernel version: raspberrypi 4.4.6-v7

Re: [Umap2][5/11][22b8:2d93] NULL pointer dereference

On 08/17/2016 01:06 PM, Oliver Neukum wrote: > On Tue, 2016-08-16 at 16:46 +0300, Binyamin Sharet wrote: >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/usb/class/cdc-acm.c >> Umap2 command line: umap2vsscan -P -s 22b8:2d93 >> >> Aft

Re: [Umap2][3/11][0471:0602] NULL pointer dereference

Hi, On 08/17/2016 10:07 AM, Greg KH wrote: > On Wed, Aug 17, 2016 at 09:05:34AM +0200, Greg KH wrote: >> On Wed, Aug 17, 2016 at 09:26:18AM +0300, Binyamin Sharet wrote: >>> Hi, >>> >>> On 08/16/2016 05:39 PM, Alan Stern wrote: >>>> On Tue, 16 Au

Re: [Umap2][9/11][05c5:0002] NULL pointer dereference

Hi On 08/16/2016 06:04 PM, Johan Hovold wrote: > On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote: >> On Tue, 16 Aug 2016, Binyamin Sharet wrote: >> >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Driver source file: drivers/usb/serial/digi_ac

Re: [Umap2][2/11][10cf:5500] NULL pointer dereference

Hi On 08/16/2016 04:44 PM, Binyamin Sharet wrote: > Kernel version: 4.4.0-24-generic #43-Ubuntu SMP > Driver source file: drivers/staging/comedi/drivers/vmk80xx.c > Umap2 command line: umap2vsscan -P -s 10cf:5500 > > After connecting such a device, there's oops due to NULL p

Re: [Umap2][1/11][0aa8:8001] USB stack hang

Hi On 08/16/2016 06:15 PM, Binyamin Sharet wrote: > On 08/16/2016 05:49 PM, Greg KH wrote: >> On Tue, Aug 16, 2016 at 04:42:23PM +0300, Binyamin Sharet wrote: >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Kernel version: 4.4.0-24-generic #43-Ubuntu SMP >>>

Re: [Umap2][3/11][0471:0602] NULL pointer dereference

Hi, On 08/16/2016 05:39 PM, Alan Stern wrote: > On Tue, 16 Aug 2016, Binyamin Sharet wrote: > >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Driver source file: drivers/input/misc/ati_remote2.c >> Umap2 command line: umap2vsscan -P -s 0471:0602 >> >>

Re: [Umap2][9/11][05c5:0002] NULL pointer dereference

On 08/16/2016 06:04 PM, Johan Hovold wrote: > On Tue, Aug 16, 2016 at 10:47:44AM -0400, Alan Stern wrote: >> On Tue, 16 Aug 2016, Binyamin Sharet wrote: >> >>> Kernel version: raspberrypi 4.4.6-v7+ #871 >>> Driver source file: drivers/usb/serial/digi_ac

Re: Potential vulnerabilities in USB host stack/drivers

On 08/16/2016 05:51 PM, Greg KH wrote: > On Tue, Aug 16, 2016 at 04:40:43PM +0300, Binyamin Sharet wrote: >> Hi, >> >> We are using Umap2 to scan USB hosts for vendor-specific device support. >> e.g. whether appropriate drivers are loaded when a device with a spec

Re: [Umap2][1/11][0aa8:8001] USB stack hang

On 08/16/2016 05:49 PM, Greg KH wrote: > On Tue, Aug 16, 2016 at 04:42:23PM +0300, Binyamin Sharet wrote: >> Kernel version: raspberrypi 4.4.6-v7+ #871 >> Kernel version: 4.4.0-24-generic #43-Ubuntu SMP >> Driver source file: drivers/staging/media/lirc/lirc_imon.c

[Umap2][11/11][9022:d483] kernel is unable to handle paging address

Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/media/usb/dvb-usb/dw2102.c Umap2 command line: umap2vsscan -P -s 9022:d483 After connecting such a device, kernel oops: kernel is unable to handle paging address. Also happens with 9022:d484. Binyamin Sharet Cisco, STARE-C

[Umap2][10/11][1a0a:0102] USB host stops communicating

1.4: VID from HSOTG Electrical Test Fixture [ 5924.892725] usb 1-1.4: Got PID 0x101 [ 5924.892741] usb 1-1.4: TEST_SE0_NAK [ 5924.892770] WARN::dwc_otg_hcd_hub_control:3471: USB_PORT_FEAT_TEST 3 Binyamin Sharet Cisco, STARE-C -- To unsubscribe from this list: send the line "unsubscribe linux-usb

[Umap2][9/11][05c5:0002] NULL pointer dereference

Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/usb/serial/digi_acceleport.c Umap2 command line: umap2vsscan -P -s 05c5:0002 After connecting such a device, NULL pointer dereference in the kernel. Binyamin Sharet Cisco, STARE-C << Attached: 05c5_0002_dme

[Umap2][2/11][10cf:5500] NULL pointer dereference

Kernel version: 4.4.0-24-generic #43-Ubuntu SMP Driver source file: drivers/staging/comedi/drivers/vmk80xx.c Umap2 command line: umap2vsscan -P -s 10cf:5500 After connecting such a device, there's oops due to NULL pointer dereference. Binyamin Sharet Cisco, STARE-C <&l

[Umap2][8/11][076d:0006] NULL pointer dereference

Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/staging/vt6656/main_usb.c Umap2 command line: umap2vsscan -P -s 076d:0006 After connecting such a device, NULL pointer dereference in the kernel. Binyamin Sharet Cisco, STARE-C << Attached: 076d_0006_dme

[Umap2][3/11][0471:0602] NULL pointer dereference

Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/input/misc/ati_remote2.c Umap2 command line: umap2vsscan -P -s 0471:0602 After connecting such a device, NULL pointer dereference in the kernel and USB stops responding. Binyamin Sharet Cisco, STARE-C << At

[Umap2][7/11][160a:3184] NULL pointer dereference

connect another device or two after this one to trigger the oops. Binyamin Sharet Cisco, STARE-C << Attached: 160a_3184_dmesg_1.log >> << Attached: 160a_3184_dmesg_2.log >> [ 291.754550] usb 1-1.4: new high-speed USB device number 17 using dwc_otg [ 291.869191] usb 1-1

[Umap2][1/11][0aa8:8001] USB stack hang

log. Binyamin Sharet Cisco, STARE-C [ 1206.083207] usb 3-2: new high-speed USB device number 2 using xhci_hcd [ 1206.504969] usb 3-2: New USB device found, idVendor=0aa8, idProduct=8001 [ 1206.504978] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1206.504982] usb 3-2: Product

Potential vulnerabilities in USB host stack/drivers

Hi, We are using Umap2 to scan USB hosts for vendor-specific device support. e.g. whether appropriate drivers are loaded when a device with a specific VID/PID is inserted. In our configuration, we connect multiple times to the host, each time providing different VID/PID in the device descriptor,

[Umap2][4/11][0557:2002] NULL pointer dereference

driver. Binyamin Sharet Cisco, STARE-C << Attached: 0557_2002_dmesg.log >> [ 266.644327] usb 1-1.5: new high-speed USB device number 35 using dwc_otg [ 266.758503] usb 1-1.5: New USB device found, idVendor=0557, idProduct=2002 [ 266.758530] usb 1-1.5: New USB device strings: Mfr=

[Umap2][5/11][22b8:2d93] NULL pointer dereference

Kernel version: raspberrypi 4.4.6-v7+ #871 Driver source file: drivers/usb/class/cdc-acm.c Umap2 command line: umap2vsscan -P -s 22b8:2d93 After connecting such a device, NULL pointer dereference in the kernel and USB stops responding. Binyamin Sharet Cisco, STARE-C << At

Re: Gadgetfs - adding support for delegation of setup requests

Felipe, Greg, You wrote pretty much the same things on two separate threads, so I will answer only here... On Tue, Aug 16, 2016 at 1:51 PM, Felipe Balbi wrote: > > Hi, > > Binyamin Sharet writes: >>>> 2. At least in my case, where I wan't to use gadgetfs for fu

Re: Gadgetfs - adding support for delegation of setup requests

Hi, On Tue, Aug 16, 2016 at 11:36 AM, Felipe Balbi wrote: > > Hi, > > Binyamin Sharet writes: >>> Alan Stern writes: >>>>> I'm using GadgetFs for USB host fuzzing (using umap2), >>>>> and part of the fuzzing session is to send invalid

Re: Gadgetfs - adding support for delegation of setup requests

Hi, On Tue, Aug 16, 2016 at 10:23 AM, Felipe Balbi wrote: > > Hi, > > Alan Stern writes: >>> I'm using GadgetFs for USB host fuzzing (using umap2), >>> and part of the fuzzing session is to send invalid descriptors at >>> various stages. >>> >>> However, some requests are not delegated to user-l

Gadgetfs - adding support for delegation of setup requests

suggestion? Thanks, Binyamin Sharet -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: [PATCH] usb: gadget: fix check in sync read from ep in gadgetfs

On Mon, Jul 11, 2016 at 8:47 AM, Peter Chen wrote: > On Sun, Jul 10, 2016 at 11:25:17AM +0300, Binyamin Sharet wrote: >> Hi, >> >> Could someone please advise whether I should also open a bug in >> bugzilla for this thing? or if there anything else I'm missing?

Re: [PATCH] usb: gadget: fix check in sync read from ep in gadgetfs

y. Thanks, Binyamin On Thu, Jul 7, 2016 at 10:22 PM, Binyamin Sharet wrote: > When reading synchronously from a non-zero endpoint, gadgetfs will > return -EFAULT even if the read succeeds, due to a bad check of the > copy_to_iter() return value. > > This fix compares the return val

[PATCH] usb: gadget: fix check in sync read from ep in gadgetfs

. Signed-off-by: Binyamin Sharet --- drivers/usb/gadget/legacy/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/legacy/inode.c b/drivers/usb/gadget/legacy/inode.c index aa3707b..8560f2f 100644 --- a/drivers/usb/gadget/legacy/inode.c +++ b/drivers/usb