Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access

From: Alan Stern
Date: Mon Jul 21 2025 - 09:52:10 EST

Next message: Theodore Ts'o: "Re: [PATCH] ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr"
Previous message: kernel test robot: "[linus:master] [x86/mm] 1701771d30: will-it-scale.per_thread_ops 11.8% improvement"
In reply to: Lecomte, Arnaud: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Next in thread: Lecomte, Arnaud: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 21, 2025 at 09:22:40AM +0100, Lecomte, Arnaud wrote:
> Hi Alan, thanks for your reply.
>
> Your point raises an important question for me: Is there a specific reason
> why we don’t have
> a synchronization mechanism in place to protect the URB's transfer buffer ?

Protect it from what? Access by some driver at an inappropriate time?
Drivers are supposed to know (and this is alluded to in the kerneldoc
for usb_submit_urb()) that they aren't allowed to touch the transfer
buffer while an URB is queued.

Alan Stern

Next message: Theodore Ts'o: "Re: [PATCH] ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr"
Previous message: kernel test robot: "[linus:master] [x86/mm] 1701771d30: will-it-scale.per_thread_ops 11.8% improvement"
In reply to: Lecomte, Arnaud: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Next in thread: Lecomte, Arnaud: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]