Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp4522942ybp; Mon, 14 Oct 2019 06:06:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqy5GSfKKyOWAq75lKo5wXGiClaj8gNe2Rnbj4jMHFKBn4oatGLJfKkKQeOvju7ISsdDuv/j X-Received: by 2002:a17:906:68f:: with SMTP id u15mr28322639ejb.306.1571058387861; Mon, 14 Oct 2019 06:06:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571058387; cv=none; d=google.com; s=arc-20160816; b=ummA3l0pJOwc3yJ+jqZ65ldFNpf/hOmDAGqCdCXDl/1El5/ZZ6HpuJK2e/xmWHypHT absM1sn0F/yyoqLWW1/iVK5ZYRz/Vc5X2i9vKFCLQAZmQmr+VfQUOR79Gtw02VXaEMX+ HM4q417C2FxdD+jn9lnl4Sxz5vuz+LkpazJwa7/wlfHlmZN3gXNuugl9qZ+VLVRGsc/9 hgXT+qXtv8E/hxGcHEcBumPRtn4m/8y+AjlQ9U0ltEE33YrpVjMu9zlUXIbkFGb0jFfj qb7zelc0aAK/Kc9g0R+lljx6X1/PPgCemdYLt3LKGsSp8HSDFrlvNUHQfEw+pJCXSToN p15A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=pyS+DrympKyI4FdnI2r2kXlN0WEKP6R4E5v/Ib2pOHo=; b=F/BbQV47xrancLok15qsVG8MqXNdvJS8VSENNioghKeZGdG+YE60nMbgXoTiRnyX/w B9SHqYLcUwKLaCIKIiIVJwIM+4DGS7fAuCJcLwh87ZK3yT/kThbdgQnzeFg1nZ88xfM9 J7gZpA2L7qviCceWKS3OsyV5B5kCdOqd06PHgmcLGDrgXbGwyuNO2ke/XWHCPLiZGU2t 09fSdDJxQ9lu4mDrjEnKEESYtsE8ekobJIZs5ANPgRoTYCcuanjOVEi+daj4O+9r95AJ 4v5FaaH4r7/9LXvmJI6xEGvQLmTniua4XTBEixe95YIubXbLqNOdUb5ENPjdDHRXkwf0 /2/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YDp68Zyk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p14si11846442eda.411.2019.10.14.06.06.03; Mon, 14 Oct 2019 06:06:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=YDp68Zyk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731773AbfJNM4t (ORCPT + 99 others); Mon, 14 Oct 2019 08:56:49 -0400 Received: from mail-pf1-f195.google.com ([209.85.210.195]:38001 "EHLO mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730526AbfJNM4s (ORCPT ); Mon, 14 Oct 2019 08:56:48 -0400 Received: by mail-pf1-f195.google.com with SMTP id h195so10373776pfe.5 for ; Mon, 14 Oct 2019 05:56:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pyS+DrympKyI4FdnI2r2kXlN0WEKP6R4E5v/Ib2pOHo=; b=YDp68Zyk2ywgMVsWqmix1nrW5hNei5h6TonrN8JMUKCArSSX9z2yuhp6zSoI4u/aGS Xk0HT/EcCVmQUXT3Z+9YEwyX+TYybN5z2TdKIeWK89+vNPpbrhA13RvNNu3xMjvTp4CN N2u/L72QjH7otjbNBSQpt0PcNU/fq78yjMo/qGJJBXUWpiO2DkkEopyZxiUYGq5E73NH 2lhvsHl2DpJmfdY9RpXvZBF/X91ezHas6607xDXtRhie+kQkivFpiQrWBPkhpLhrQnlV JjRdZlL/6kpuzoLgRGQ2tKBPfpOGmL2e1u/WXtIImnsi2RCBvaFdc8WNEuQ5qDi32GIP pJkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pyS+DrympKyI4FdnI2r2kXlN0WEKP6R4E5v/Ib2pOHo=; b=pb0s7BjiPrA0cBVGaCpyZuZud6Byk6/Op3RlPH1KMJbVyEArVW2CtbCrgOa+K5HbGj mH782+vPhY8tkTVTn2N97Lx74oMbZoKbAjSxghXdyiTVyic9zL1Jyx3ASQYK/ZpHwFYo HbRzE3BMewW9KXM44AfetO7K1n5J5uTR/kV1SJG5sIfGPPcjcJ52lm/SiLVgEdJW9w53 8fFsD78Ez/OJNuRX/QULqTXq78tsnHoSVTiAPOmP72LN/mthZ3pz3bo0byhyYrRr+GYI JYEfMnasn3lsY46rLdkWcDQCNYNyX6DSZ4TKRSLtkKEa1JuobnhAZ8cutPB7QCFlNGqz G56g== X-Gm-Message-State: APjAAAU4wCHtqb7JNLCu2dokXlN7eUopxhxQStbQR3X8jLuPmiZRrS8G mRkRQ0a0FvswGiJJ+XAH5SLYUlEjtbOzw2DR9aJ6WA== X-Received: by 2002:a65:4c03:: with SMTP id u3mr33085293pgq.440.1571057807365; Mon, 14 Oct 2019 05:56:47 -0700 (PDT) MIME-Version: 1.0 References: <20191011150646.GA1240544@kroah.com> In-Reply-To: <20191011150646.GA1240544@kroah.com> From: Andrey Konovalov Date: Mon, 14 Oct 2019 14:56:36 +0200 Message-ID: Subject: Re: KMSAN: uninit-value in alauda_check_media To: Greg Kroah-Hartman Cc: Alan Stern , Jaskaran Singh , syzbot , Alexander Potapenko , LKML , USB list , syzkaller-bugs , usb-storage@lists.one-eyed-alien.net Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 11, 2019 at 5:06 PM Greg Kroah-Hartman wrote: > > On Fri, Oct 11, 2019 at 10:53:47AM -0400, Alan Stern wrote: > > On Fri, 11 Oct 2019, Andrey Konovalov wrote: > > > > > On Fri, Oct 11, 2019 at 4:08 PM Alan Stern wrote: > > > > > > Now yes, it's true that defining status as an array on the stack is > > > > also a bug, since USB transfer buffers are not allowed to be stack > > > > variables. > > > > > > Hi Alan, > > > > > > I'm curious, what is the reason for disallowing that? Should we try to > > > somehow detect such cases automatically? > > > > Transfer buffers are read and written by DMA. On systems that don't > > have cache-coherent DMA controllers, it is essential that the CPU does > > not access any cache line involved in a DMA transfer while the transfer > > is in progress. Otherwise the data in the cache would be different > > from the data in the buffer, leading to corruption. > > > > (In theory it would be okay for the CPU to read (not write!) a cache > > line assigned to a buffer for a DMA write (not read!) transfer. But > > even doing that isn't really a good idea.) > > > > (Also, this isn't an issue for x86 architectures, because x86 has > > cache-coherent DMA. But it is an issue on other architectures.) > > > > In practice, this means transfer buffers have to be allocated by > > something like kmalloc, so that they occupies their own separate set of > > cache lines. Buffers on the stack obviously don't satisfy this > > requirement. > > > > At some point there was a discussion about automatically detecting when > > on-stack (or otherwise invalid) buffers are used for DMA transfers. I > > don't recall what the outcome was. > > A patchset from Kees was sent, but it needs a bit more work... Hi Greg, Could you send a link to the patchset? Thanks!