Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp3396019pxk; Mon, 5 Oct 2020 08:38:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzw+2qHE7Tv8UHi5abNB3H0/J/9xX+oI+ey+36+TbTbhm0dm5gE3IjhGiedYJ0ipn8Bazdv X-Received: by 2002:a50:fe93:: with SMTP id d19mr166961edt.323.1601912318715; Mon, 05 Oct 2020 08:38:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601912318; cv=none; d=google.com; s=arc-20160816; b=uRuCY8kzI6ZYmoBfCPly1qNwht47N9zjxdDTeFICe0ygjlO1bDp+vKPN7dKo4j9jsS qDBug39KuwuLtAQ6w6qmmKfMckuIbv1kbDii3+2uWQE0AmAJCyjxqThc6VdCczApLJZW y7+Z0t+NKcmw3F26ZOZiDwNGoPT3woWbzURmmErn9BVWGxZk9G6YLhbR9o+PGAB43iQ0 g0q0avqlqR+c20nonIGFcu1J/gBW0VboTfFBlkzWGZEuIzI0q15fgod6+PnJQEDtHpH4 nvaadxfWnDtCnd0Uf1kx6ZpqiFI7siQTMf/2dBYw2vhZ3MXadadXIaIuKwRh3+M0JGjF NDLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=SQNUMZb5JiNR3xovd49RJ2W9blDnU3JGCE7Vm9ic3sI=; b=zCjpusQxZ/NhKFNaSEpvJ1zdiY0ZbCgHDzFJXHku3ky7gw/1Zqw/x0kyo889kq3hB8 jD2ZOHBxMIwxYppIeE/cVb4hHy7mYAnOW8uRYywSANKllIe+F5QEn4se7zMUNV5Leaui IFpJv1OGdxPIKF0SwXAd/xDq/AocvM6lCra+pIrcDDBFFpSfe33HjAgR30PC5S7WziUA TrzkdSaq8QufwkhpMG6wht3JayAzTksgskb2dPpoM7R7zxdJ2umvC9XdO6UkrUa28uRy efd8rAV0CqJNhVre+gS+OjR1QGOk6Nvf5g4uYKkKUGNJ+G0mGmNz371lLlufM8WGwJGE 8VUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eKd5HdT+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b25si176471edw.586.2020.10.05.08.38.15; Mon, 05 Oct 2020 08:38:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=eKd5HdT+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728331AbgJEPez (ORCPT + 99 others); Mon, 5 Oct 2020 11:34:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:35490 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727844AbgJEPem (ORCPT ); Mon, 5 Oct 2020 11:34:42 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 56443207BC; Mon, 5 Oct 2020 15:34:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1601912081; bh=mF2qM+6mrTEqba8z30D+KHTocD0MO7WUZFPMHbfyAHg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=eKd5HdT+CahXqJNJmbyW0ZVxWv35HGrt0Htw3b9urf1y2lKSM+FprzeHoBaLF4xul YAQK3bIf0MVlrh7Uo9Dh2VXoq/cyPHVc2U4nDrfZVaTxhphgBeNAZVj5WfwJhUA9ib 5SOkFhrFWYcqG6Xbq5aJ/kntyowaaQNeQqxiU9To= Date: Mon, 5 Oct 2020 17:28:40 +0200 From: Greg Kroah-Hartman To: Alan Stern Cc: Andrey Konovalov , Valentina Manea , Shuah Khan , USB list , LKML , Dmitry Vyukov , Nazime Hande Harputluoglu , syzkaller Subject: Re: Is usb_hcd_giveback_urb() allowed in task context? Message-ID: <20201005152840.GA2372768@kroah.com> References: <20201005152218.GF376584@rowland.harvard.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201005152218.GF376584@rowland.harvard.edu> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 05, 2020 at 11:22:18AM -0400, Alan Stern wrote: > On Mon, Oct 05, 2020 at 05:08:11PM +0200, Andrey Konovalov wrote: > > Dear USB and USB/IP maintainers, > > > > While fuzzing the USB/IP stack with syzkaller we've stumbled upon an issue. > > > > Currently kcov (the subsystem that is used for coverage collection) > > USB-related callbacks assume that usb_hcd_giveback_urb() can only be > > called from interrupt context, as indicated by the comment before the > > function definition. > > The primary reason for this restriction (as far as I'm aware) is because > the routine uses spin_lock/spin_unlock rather than the > _irqsave/_irqrestore variants. There's also a small efficiency issue: > In the vast majority of cases involving real host controllers, the > routine _will_ be called in interrupt context. So we optimized for that > case. > > > In the USB/IP code, however, it's called from the > > task context (see the stack trace below). > > > > Is this something that is allowed and we need to fix kcov? Or is this > > a bug in USB/IP? > > It's a bug in USB/IP. Interrupts should be disabled when it calls > usb_hcd_giveback_urb(). But that's not always the case when we have host controllers running with threaded interrupts, right? Or do they still disable interrupts? thanks, greg k-h