On Mon, Feb 23, 2026 at 09:39:52AM -0500, Alan Stern wrote:

On Mon, Feb 23, 2026 at 01:58:48PM +0100, Greg Kroah-Hartman wrote:

quoted

The pegasus driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it.  If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.

Cc: Petko Manolov <petkan@nucleusys.com>
Cc: stable <stable@kernel.org>
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

This does much the same thing as

https://lore.kernel.org/linux-usb/20260222050633.410165-1-n7l8m4@u.northwestern.edu/T/#u (local)

and that patch also removes some magic numbers.

Yes it does, that's a much nicer patch than mine.

BTW, what is gkh_clanker_2000?

A hacked up system of tools/scripts I'm running here to find stuff like
"take this previously applied commit that fixed a problem, does the same
pattern need to be also done anywhere else in the tree"?  It finds a lot
of stuff and then I sift through it and see if anything is actually real
or not and if so, make up a patch for it.  It was my "merge window is
giving me a respite from reviewing patches" hobby project this past
week.

Now if I was really good, I could turn the output into a coccinelle
script, as this is just simple patterns.

Also it seems that we aren't running the coccinelle scripts anymore, as
many things it has found are already covered by that, I wonder why that
is...

thanks,

greg k-h