Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp7025843ybc;
        Thu, 28 Nov 2019 09:28:58 -0800 (PST)
X-Google-Smtp-Source: APXvYqxumcpDWtRRTqZpoL9Mf3aaonafUSOopOTjhsalLT2Itmt9k5zObhtiFUiTr2EPj9dQkELT
X-Received: by 2002:a05:6402:1850:: with SMTP id v16mr39380263edy.301.1574962138332;
        Thu, 28 Nov 2019 09:28:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1574962138; cv=none;
        d=google.com; s=arc-20160816;
        b=dS3Y91Rl/YPA0nSUNPhCFVk2BQLF17IgHkDJyN79p2Rnu29L1AIayEjYdz06V2JRHi
         H1MRI8Ui2RrsCL28WKAyH0QhxxCvIvfmbgea+O1lj0hGahrCuURdzKvQEq2SIx5z59yN
         Zxm3DTRKdqqz+1fvP0YpHBxBGE15HxuatpRJ2+JKXTvw4Y0pc3eV66c6azaXFEbTVhE4
         4E22QscG1E4ztDgM/2Chr5BT/lEBccIz1ivtWJwAMYq8oVtU1mcDWbxPkywVmUHJ9tA0
         0fRBPz1tj5o8inmpBiqWYMW/dzsR1EWoVVBdWbP9itjHxDREdSFuoiGbWhKII2e+XXAR
         qMhw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:in-reply-to
         :subject:cc:to:from:date;
        bh=8nUkka0AqYT5tfauJO0gPN6o/zOKspQOyULg0MalSz0=;
        b=SoGB5PajECflzkYDeIjp7xR7gBny0naMgSjdIU0Iyn7kANC6PqX11PMv1Nd9N8wfe6
         MN2k/VESObgxpZVM4ttd6p9J6c81jiQIBQlTz9ly901fOiQrYLnQzm7W0ZiKr600s88t
         o1QO2cFYDam7l3Yl4Ceyrnm5kgdkqYqJAd0m4FAvqJ1/6R5BBPGjIYX5HnC7gVpIc6ZO
         MHmsoDbHZC8GQzy1O8h9A7yHuQ0whf+9L3GKrHiHkOYUC4cOBs579prcbWHndwKDMNE0
         ufh2sR3A1f8WDOg3iBBUfthqaJo/C/ReBsXXoGQc+c7hOK8E3tvYUREj2Dt6nDPXhzZK
         S31Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w10si1057628edv.428.2019.11.28.09.28.34;
        Thu, 28 Nov 2019 09:28:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727184AbfK1RZL (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Thu, 28 Nov 2019 12:25:11 -0500
Received: from netrider.rowland.org ([192.131.102.5]:54835 "HELO
        netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with SMTP id S1727141AbfK1RZH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Nov 2019 12:25:07 -0500
Received: (qmail 20647 invoked by uid 500); 28 Nov 2019 12:25:05 -0500
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 28 Nov 2019 12:25:05 -0500
Date:   Thu, 28 Nov 2019 12:25:05 -0500 (EST)
From:   Alan Stern <stern@rowland.harvard.edu>
X-X-Sender: stern@netrider.rowland.org
To:     Oliver Neukum <oneukum@suse.com>
cc:     syzbot <syzbot+9ca7a12fd736d93e0232@syzkaller.appspotmail.com>,
        <andreyknvl@google.com>, <hverkuil@xs4all.nl>,
        Kernel development list <linux-kernel@vger.kernel.org>,
        <linux-media@vger.kernel.org>,
        USB list <linux-usb@vger.kernel.org>, <mchehab@kernel.org>,
        <syzkaller-bugs@googlegroups.com>
Subject: Re: KASAN: use-after-free Read in si470x_int_in_callback (2)
In-Reply-To: <1574954383.21204.11.camel@suse.com>
Message-ID: <Pine.LNX.4.44L0.1911281214050.19734-100000@netrider.rowland.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 28 Nov 2019, Oliver Neukum wrote:

> Am Mittwoch, den 27.11.2019, 16:11 -0500 schrieb Alan Stern:
> > Oliver:
> > 
> > Make of this what you will...
> 
> Hi,
> 
> first, thank you. Second, this is teaching me to question my
> assumptions. There is no disconnect at all. We are busy looping
> in the error handler as we have virtual hardware in this test,
> which can execute an URB without waiting for hardware.
> 
> So should we kill error handling for this case?

Okay.  First of all, we must recognize that these syzbot tests have
encountered two separate bugs.  The first is the one fixed in your
original patches (the use-after-free).  This bug needs no discussion;
it looks like your patch fixes it.

The second bug is the CPU starvation caused by the tight resubmit loop
in the completion handler.  It is the reason why you kept getting
failure reports back from syzbot.  It is to some extent a misleading
result, related to the fact that dummy-hcd doesn't use real hardware,
as you noted.

Nevertheless, the fix I posted is appropriate.  I posed this question
to Greg KH some weeks ago, and he pointed out that after some
discussion on the mailing list, people had generally agreed that
drivers should not blindly resubmit URBs when they get an unrecognized
error status.  In this situation, error recovery has to occur at a
higher level (for example, the user could unplug the device and then
plug it in again).

So even though with real hardware this tight resubmit loop might not
end up using all the available CPU time, not resubmitting is still the
right approach.

Alan Stern