Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp7971444ioo; Fri, 3 Jun 2022 18:33:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4QIQwgchs/Nb/gtOJoF93HmgedtAPqQNDsoHwD9TNFIC+1wrr3GtzaLreP+JxzHb/x9YQ X-Received: by 2002:a17:906:3793:b0:702:eea9:843a with SMTP id n19-20020a170906379300b00702eea9843amr10794831ejc.465.1654306430744; Fri, 03 Jun 2022 18:33:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654306430; cv=none; d=google.com; s=arc-20160816; b=kcPECFqn44OCErMnvY8u+Wrwg3uVCVHUyVgoK0GYrSoINOM+i7uxTf7xUL2bKLosan o9VGpPScR/Rnz3QwNUTW5yfnPc7UppTh+v7puDlZMQtxBDYLlMcu3D06wLyUWZZg0gBI H/2MxZNRnpTWQ/PlBnf9YgktQ6tSLV5JUubzkDncw6Dadg5OGHu/GvLKkyP/IaOpB5RK Sc5fDCa1nDJ4ysZfoYQytrQmMz9cNZMrqpjfbZT1CKxjPxI1B1LlENDqPOoy+U7E3J31 b+omo8QqE+wrhi342fTPQY1m+2jQuIjjVAhF8sDpQNByDa5n5pVkIw18pqU6pGVrUIWB L8AA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=viwrNRYZcjL4LJ4Mj02uPsgUvDYRqlgRQBdIOtvDEbU=; b=uE8MLckGmwQFS8diUwSIWXzs4FehvTr1nY+aaCMpxi9P5JEQaAFrCpRgA+fEaAdj9S jYXInJqQz6yOEhE5jQpBNH8DmGL6AJ23/6EE5ghnxyt7Boqi8L6dO+3Cd+G4CJ+Vli+4 e5Zigu42sf+cjhGcZcFuoAg7XygivxJFKjkYmfAoCv8d6tX0nBeni66XvJ7KVsCgDU+6 l2nSsm5JDDmg/DBCsqkJ5bZdysAPFQIRtuvcfGXBsHhIg+5VUfnpClYgslMQrU/HwwmI JiDg8r/7pEVX7KkYyQgeQH/mxfwv0jUrmBcz578ceRR8Xui3b7cxKNg4YrH3MMx9xnPA Irag== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sb34-20020a1709076da200b006f3a8b079f6si9749693ejc.626.2022.06.03.18.33.24; Fri, 03 Jun 2022 18:33:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343904AbiFCQ12 (ORCPT + 99 others); Fri, 3 Jun 2022 12:27:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59804 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238628AbiFCQ10 (ORCPT ); Fri, 3 Jun 2022 12:27:26 -0400 Received: from netrider.rowland.org (netrider.rowland.org [192.131.102.5]) by lindbergh.monkeyblade.net (Postfix) with SMTP id BBF2C1836F for ; Fri, 3 Jun 2022 09:27:25 -0700 (PDT) Received: (qmail 306240 invoked by uid 1000); 3 Jun 2022 12:27:25 -0400 Date: Fri, 3 Jun 2022 12:27:25 -0400 From: Alan Stern To: Greg KH Cc: Andy Shevchenko , syzbot , hdanton@sina.com, lenb@kernel.org, linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org, rafael.j.wysocki@intel.com, rafael@kernel.org, rjw@rjwysocki.net, syzkaller-bugs@googlegroups.com, linux-usb@vger.kernel.org Subject: Re: [syzbot] general protection fault in __device_attach Message-ID: References: <000000000000bb7f1c05da29b601@google.com> <00000000000010b7d305e08837c8@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 03, 2022 at 06:11:55PM +0200, Greg KH wrote: > On Fri, Jun 03, 2022 at 12:03:32PM -0400, Alan Stern wrote: > > On Fri, Jun 03, 2022 at 05:52:38PM +0200, Greg KH wrote: > > > On Fri, Jun 03, 2022 at 11:42:19AM -0400, Alan Stern wrote: > > > > So now what should happen when device_add() for an interface fails in > > > > usb_set_configuration()? > > > > > > But how can that really fail on a real system? > > > > > > Is this just due to error-injection stuff? If so, I'm really loath to > > > rework the world for something that can never happen in real life. > > > > > > Or is this a real syzbot-found-with-reproducer issue? > > > > Aren't there quite a few reasons why device_add() might fail? (Although > > most of them probably are memory allocation errors...) > > I was thinking of the dev_set_name() issue further back in the call > chain. As far as I know, the only reason for dev_set_name() to fail is -ENOMEM. That's not something the user can control directly. > > Basically, you have to make up your mind. If a function can fail, you > > should be prepared to handle the failure. If it can't fail, there's no > > point in even checking the return code. > > True, ok, we should unwind the mess. I'll try to look at it after the > merge window... > > But again, is this a "real and able to be triggered from userspace" > problem, or just fault-injection-induced? I don't think any of the failure paths here are controlled by the user. They all seem to involve something going wrong internally in the kernel (i.e., corruption or memory allocation failure for a small buffer). Once that happens, the game is pretty much over anyway. Is it worth handling this sort of thing, or should we ignore the possibility and allow it to escalate to the point where the user can potentially trigger a kernel panic? Another way of putting it is: How gracefully do you want the kernel to collapse when this sort of corruption happens? Alan Stern