Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access

From: Lecomte, Arnaud
Date: Tue Jul 22 2025 - 04:23:45 EST

Next message: AngeloGioacchino Del Regno: "Re: [PATCH v1 3/7] power: reset: qcom-pon: Migrate to devm_spmi_subdevice_alloc_and_add()"
Previous message: Yeoreum Yun: "Re: [PATCH v4 4/7] arm64/futex: move futex atomic logic with clearing PAN bit"
In reply to: Alan Stern: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Next in thread: kernel test robot: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It clarifies things and makes more sense now.
Appreciate the explanation :), thanks for your time

Arnaud

On 21/07/2025 14:51, Alan Stern wrote:

On Mon, Jul 21, 2025 at 09:22:40AM +0100, Lecomte, Arnaud wrote:

Hi Alan, thanks for your reply.

Your point raises an important question for me: Is there a specific reason
why we don’t have
a synchronization mechanism in place to protect the URB's transfer buffer ?

Protect it from what? Access by some driver at an inappropriate time?
Drivers are supposed to know (and this is alluded to in the kerneldoc
for usb_submit_urb()) that they aren't allowed to touch the transfer
buffer while an URB is queued.

Alan Stern

Next message: AngeloGioacchino Del Regno: "Re: [PATCH v1 3/7] power: reset: qcom-pon: Migrate to devm_spmi_subdevice_alloc_and_add()"
Previous message: Yeoreum Yun: "Re: [PATCH v4 4/7] arm64/futex: move futex atomic logic with clearing PAN bit"
In reply to: Alan Stern: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Next in thread: kernel test robot: "Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]