1. Patchew
  2. linux
  3. View series

[PATCH] USB: core: remove the move buf action

Edward Adam Davis posted 1 patch 5 months ago 
drivers/usb/core/driver.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] USB: core: remove the move buf action
Posted by Edward Adam Davis 5 months ago 
The buffer size of sysfs is fixed at PAGE_SIZE, and the page offset
of the buf parameter of sysfs_emit_at() must be 0, there is no need
to manually manage the buf pointer offset.

Fixes: 711d41ab4a0e ("usb: core: Use sysfs_emit_at() when showing dynamic IDs")
Reported-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b6445765657b5855e869
Tested-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
---
 drivers/usb/core/driver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/core/driver.c b/drivers/usb/core/driver.c
index c3177034b779..f441958b0ef4 100644
--- a/drivers/usb/core/driver.c
+++ b/drivers/usb/core/driver.c
@@ -119,11 +119,11 @@ ssize_t usb_show_dynids(struct usb_dynids *dynids, char *buf)
 	guard(mutex)(&usb_dynids_lock);
 	list_for_each_entry(dynid, &dynids->list, node)
 		if (dynid->id.bInterfaceClass != 0)
-			count += sysfs_emit_at(&buf[count], count, "%04x %04x %02x\n",
+			count += sysfs_emit_at(buf, count, "%04x %04x %02x\n",
 					   dynid->id.idVendor, dynid->id.idProduct,
 					   dynid->id.bInterfaceClass);
 		else
-			count += sysfs_emit_at(&buf[count], count, "%04x %04x\n",
+			count += sysfs_emit_at(buf, count, "%04x %04x\n",
 					   dynid->id.idVendor, dynid->id.idProduct);
 	return count;
 }
-- 
2.43.0
Re: [PATCH] USB: core: remove the move buf action
Posted by Greg KH 5 months ago 
On Wed, Sep 10, 2025 at 03:58:47PM +0800, Edward Adam Davis wrote:
> The buffer size of sysfs is fixed at PAGE_SIZE, and the page offset
> of the buf parameter of sysfs_emit_at() must be 0, there is no need
> to manually manage the buf pointer offset.
> 
> Fixes: 711d41ab4a0e ("usb: core: Use sysfs_emit_at() when showing dynamic IDs")
> Reported-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=b6445765657b5855e869
> Tested-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> ---
>  drivers/usb/core/driver.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

While this fix looks correct, your cc: list is very odd as this is a
linux-usb bug, not a driver core issue, right?

At the least, cc: the person who wrote the offending change?

thanks,

greg k-h
Re: [PATCH] USB: core: remove the move buf action
Posted by Danilo Krummrich 5 months ago 
On Wed Sep 10, 2025 at 11:00 AM CEST, Greg KH wrote:
> On Wed, Sep 10, 2025 at 03:58:47PM +0800, Edward Adam Davis wrote:
>> The buffer size of sysfs is fixed at PAGE_SIZE, and the page offset
>> of the buf parameter of sysfs_emit_at() must be 0, there is no need
>> to manually manage the buf pointer offset.
>> 
>> Fixes: 711d41ab4a0e ("usb: core: Use sysfs_emit_at() when showing dynamic IDs")
>> Reported-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
>> Closes: https://syzkaller.appspot.com/bug?extid=b6445765657b5855e869
>> Tested-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
>> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
>> ---
>>  drivers/usb/core/driver.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> While this fix looks correct, your cc: list is very odd as this is a
> linux-usb bug, not a driver core issue, right?

I think Edward derived the Cc: list from the recipients of the syzbot report
in [1].

Not sure how syzbot figures out the relevant recipients to send the report to
though. :)

[1] https://lore.kernel.org/all/68c118e8.a70a0220.3543fc.000e.GAE@google.com/
Re: [PATCH] USB: core: remove the move buf action
Posted by Edward Adam Davis 5 months ago 
On Wed, 10 Sep 2025 12:09:38 +0200, Danilo Krummrich wrote:
>> On Wed, Sep 10, 2025 at 03:58:47PM +0800, Edward Adam Davis wrote:
>>> The buffer size of sysfs is fixed at PAGE_SIZE, and the page offset
>>> of the buf parameter of sysfs_emit_at() must be 0, there is no need
>>> to manually manage the buf pointer offset.
>>>
>>> Fixes: 711d41ab4a0e ("usb: core: Use sysfs_emit_at() when showing dynamic IDs")
>>> Reported-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
>>> Closes: https://syzkaller.appspot.com/bug?extid=b6445765657b5855e869
>>> Tested-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
>>> Signed-off-by: Edward Adam Davis <eadavis@qq.com>
>>> ---
>>>  drivers/usb/core/driver.c | 4 ++--
>>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> While this fix looks correct, your cc: list is very odd as this is a
>> linux-usb bug, not a driver core issue, right?
>
>I think Edward derived the Cc: list from the recipients of the syzbot report
>in [1].
You understand me.
Re: [PATCH] USB: core: remove the move buf action
Posted by Edward Adam Davis 5 months ago 
On Wed, 10 Sep 2025 11:00:43 +0200, Greg KH wrote:
> > The buffer size of sysfs is fixed at PAGE_SIZE, and the page offset
> > of the buf parameter of sysfs_emit_at() must be 0, there is no need
> > to manually manage the buf pointer offset.
> >
> > Fixes: 711d41ab4a0e ("usb: core: Use sysfs_emit_at() when showing dynamic IDs")
> > Reported-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
> > Closes: https://syzkaller.appspot.com/bug?extid=b6445765657b5855e869
> > Tested-by: syzbot+b6445765657b5855e869@syzkaller.appspotmail.com
> > Signed-off-by: Edward Adam Davis <eadavis@qq.com>
> > ---
> >  drivers/usb/core/driver.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> While this fix looks correct, your cc: list is very odd as this is a
> linux-usb bug, not a driver core issue, right?
> 
> At the least, cc: the person who wrote the offending change?

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.