Re: [PATCH RESEND] media: flexcop-usb: fix endpoint type check
From: Greg Kroah-Hartman
Date: Thu Sep 22 2022 - 06:12:35 EST
On Thu, Sep 22, 2022 at 11:37:36AM +0200, Johan Hovold wrote:
> On Thu, Sep 22, 2022 at 10:41:43AM +0200, Greg Kroah-Hartman wrote:
> > On Tue, Sep 20, 2022 at 11:00:35AM +0200, Johan Hovold wrote:
> > > Mauro and Hans,
> > >
> > > On Mon, Aug 22, 2022 at 05:10:27PM +0200, Johan Hovold wrote:
> > > > Commit d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint
> > > > type") tried to add an endpoint type sanity check for the single
> > > > isochronous endpoint but instead broke the driver by checking the wrong
> > > > descriptor or random data beyond the last endpoint descriptor.
> > > >
> > > > Make sure to check the right endpoint descriptor.
> > > >
> > > > Fixes: d725d20e81c2 ("media: flexcop-usb: sanity checking of endpoint type")
> > > > Cc: Oliver Neukum <oneukum@xxxxxxxx>
> > > > Cc: stable@xxxxxxxxxxxxxxx # 5.9
> > > > Reported-by: Dongliang Mu <mudongliangabcd@xxxxxxxxx>
> > > > Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>
> > > > ---
> > > >
> > > > It's been two months and two completely ignored reminders so resending.
> > > >
> > > > Can someone please pick this fix up and let me know when that has been
> > > > done?
> > >
> > > It's been another month so sending yet another reminder. This driver as
> > > been broken since 5.9 and I posted this fix almost four months ago and
> > > have sent multiple reminders since.
> > >
> > > Can someone please pick this one and the follow-up cleanups up?
> >
> > I've taken this one in my tree now. Which one were the "follow-up"
> > cleanups?
>
> Thanks. These are the follow-up cleanups:
>
> https://lore.kernel.org/lkml/20220822151456.27178-1-johan@xxxxxxxxxx/
Thanks, I'll take them after the first one was merged into Linus's tree.
> Perhaps we should start taking USB related changes like this through the
> USB tree by default. Posting patches to the media subsystem feels like
> shooting patches at a black hole.
I agree, there's been a bunch of patches sent there (some with security
fixes) that are not getting responded to :(
thanks,
greg k-h