Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp45089pxk; Mon, 5 Oct 2020 17:11:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyl2+fK6YMp7wuYyNZB0a1CBwrpTtLFb6XWOZLTzzbsyzrIZDbNLMvND160zqWT1EL7Qse2 X-Received: by 2002:a17:906:a156:: with SMTP id bu22mr2418916ejb.177.1601943114329; Mon, 05 Oct 2020 17:11:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1601943114; cv=none; d=google.com; s=arc-20160816; b=epsiubBjU0GffQer0oYttdmk/HEiY6XXmc+61OYT1lkU2gItQkeiD18JYPYEYvFgzj Pdmi3dVc0NWQll74WgTX2gRq36RY7/W+i2wUHuQiHVw9grRNf+vjEx1wvu8LTzSOs6VQ h3+jL1gLTiiHPuxlNbTZFjeKExeE79fyAIQXTYIDpTFw2F6smEr2nApom+UN1Qx3JhXd cH3ARvT34utWXEknE1CIBm/eSnx89Ti5W2ccl6zJXgs9wc5HV5rP3bQSKOA+CQCGxhhO RAzO/ROWZAxnSqLGjIHSdrlm+djKzncqcLttaZ66DH9N8QXrxJj079jc8+/xZk4ccQxr bSEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=GLXZCuLe+nmBBNgX+3o5nAxSyxtIjEk0r9c1JO+fP3E=; b=xgiSq09ZdOzjgnt16m6468Aw2WdJ/Rp05ky7QBNL0rP15YLl5k9z/eDLHotUMa6Rhw xa3UrheFr27Z3OgavCKl8silTR1P2fnH6wgNHLQRSzL2TDpWZpvptvAAMAFtBg1YqjHp ych3v565uSEE50ssYuouQg1P7jvQDOZYDm9/ocSE1ukP7GlE97xBEA5tY9GMyGgD6/uv s4E5+fHxj2JETbcUTOizAF7DHmvhQK09ZhgJx40IMzhOvdoCZQKmZBIyJRdu6vbP6QAN l+OMBuPy+sGbW3bC8pYAA5SBRDdmSO6rjbqG5kxhMzkiJQWrB5v1+uiwnEu/v9jnWWh+ p1Xw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=aKgzasvr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g3si1108911edu.80.2020.10.05.17.11.31; Mon, 05 Oct 2020 17:11:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=google header.b=aKgzasvr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727267AbgJEXiZ (ORCPT + 99 others); Mon, 5 Oct 2020 19:38:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39604 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725973AbgJEXiZ (ORCPT ); Mon, 5 Oct 2020 19:38:25 -0400 Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 25291C0613CE for ; Mon, 5 Oct 2020 16:38:25 -0700 (PDT) Received: by mail-io1-xd35.google.com with SMTP id g7so11049935iov.13 for ; Mon, 05 Oct 2020 16:38:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=GLXZCuLe+nmBBNgX+3o5nAxSyxtIjEk0r9c1JO+fP3E=; b=aKgzasvrSmvYXs6eL3Tm2oSn3kRRZ0uN8NR7k72iqR9s2i7VvSkbvwK6xQ8hFYBJpF U6gxGHvLb5DUuc7VBMyh/1pIDrK0ga0+Q/mcO01dZehVTJEccuqjJF7qACxS8l1hc622 lXX2q6fmdQJRnCfEXb5S1q1gCDNQmueyLKEZg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=GLXZCuLe+nmBBNgX+3o5nAxSyxtIjEk0r9c1JO+fP3E=; b=ChO32uwWrNbOscl2pTYRwZdZVd1jyS9W/neQIEnUEEP6tv/d1SqtU0uh9xoTZ1FzPG 9ug4QKEZ6P6exX2XfSoCCE98e0lQ1/ye+WtA7W3LBwAyQ8SwBPxCJmQtBORU58KfRfDU 07oLtNseAXlobN09TwNTpnWljVH4QeGsplof2oihHjPqbgpxKFV5/meGYUVSVNnwV9CG 0yZSEEh40Uvp7cJfyE223LjO0REDhXmx8tuaxuR8RZizmZn/lansHhyN11xtYO1vE/wU ENuS5y5ZP1AdYeepp0xpt+8+Q3bju9bITy4WS0KLyoPWyW67alheGzVpUGjhui6cYy1d HhkQ== X-Gm-Message-State: AOAM532euy9qcGD0rC3+RA/kk3iGpb6W3loMzFxITtJViBpl3Xi1ZAq+ eiTPt7vylFZLF1O/dZAZw+X8/w== X-Received: by 2002:a05:6638:4:: with SMTP id z4mr2085742jao.123.1601941104396; Mon, 05 Oct 2020 16:38:24 -0700 (PDT) Received: from [192.168.1.112] (c-24-9-64-241.hsd1.co.comcast.net. [24.9.64.241]) by smtp.gmail.com with ESMTPSA id t12sm758388ilh.18.2020.10.05.16.38.23 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 05 Oct 2020 16:38:23 -0700 (PDT) Subject: Re: Is usb_hcd_giveback_urb() allowed in task context? To: Alan Stern , Andrey Konovalov Cc: Greg Kroah-Hartman , Valentina Manea , Shuah Khan , USB list , LKML , Dmitry Vyukov , Nazime Hande Harputluoglu , syzkaller , Shuah Khan References: <20201005151857.GA2309511@kroah.com> <20201005152540.GG376584@rowland.harvard.edu> From: Shuah Khan Message-ID: <65b4ff62-f9c8-b9cf-50bb-c9b08cce7230@linuxfoundation.org> Date: Mon, 5 Oct 2020 17:38:22 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20201005152540.GG376584@rowland.harvard.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/5/20 9:25 AM, Alan Stern wrote: > On Mon, Oct 05, 2020 at 05:21:30PM +0200, Andrey Konovalov wrote: >> On Mon, Oct 5, 2020 at 5:18 PM Greg Kroah-Hartman >> wrote: >>> >>> On Mon, Oct 05, 2020 at 05:08:11PM +0200, Andrey Konovalov wrote: >>>> Dear USB and USB/IP maintainers, >>>> >>>> While fuzzing the USB/IP stack with syzkaller we've stumbled upon an issue. >>>> >>>> Currently kcov (the subsystem that is used for coverage collection) >>>> USB-related callbacks assume that usb_hcd_giveback_urb() can only be >>>> called from interrupt context, as indicated by the comment before the >>>> function definition. In the USB/IP code, however, it's called from the >>>> task context (see the stack trace below). >>>> >>>> Is this something that is allowed and we need to fix kcov? Or is this >>>> a bug in USB/IP? >>> >>> It's a bug in kcov, and is not true as you have found out :) >> >> OK, I see, I'll work on a fix, thanks! >> >> Should I also update the comment above usb_hcd_giveback_urb() to >> mention that it can be called in_task()? Or is this redundant and is >> assumed in general? > > No, no -- it won't work right if it's called in process context. Not > only do the spinlock calls leave the interrupt flag unchanged, also the > driver callback routines may expect to be invoked with interrupts > disabled. (We have tried to fix this, but I'm not at all certain that > all the cases have been updated.) > In the case of vhci case, usb_hcd_giveback_urb() is called from vhci's urb_enqueue, when it determines it doesn't need to xmit the urb and can give it back. This path runs in task context. Do you have any recommendation on how this case can be handled? thanks, -- Shuah