From patchwork Mon Jul 29 02:23:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: andrey.konovalov@linux.dev X-Patchwork-Id: 13744192 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1284AC3DA64 for ; Mon, 29 Jul 2024 02:23:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9FDFB6B009B; Sun, 28 Jul 2024 22:23:25 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9AE1F6B009C; Sun, 28 Jul 2024 22:23:25 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8769C6B009D; Sun, 28 Jul 2024 22:23:25 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 6A15B6B009B for ; Sun, 28 Jul 2024 22:23:25 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id DD80CC01A2 for ; Mon, 29 Jul 2024 02:23:24 +0000 (UTC) X-FDA: 82391193528.26.9B5E85F Received: from out-177.mta1.migadu.com (out-177.mta1.migadu.com [95.215.58.177]) by imf10.hostedemail.com (Postfix) with ESMTP id 209C2C0007 for ; Mon, 29 Jul 2024 02:23:22 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=qdROVfdd; spf=pass (imf10.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722219776; a=rsa-sha256; cv=none; b=pllXH68UiN07RMNJPc5gcifOWTuJ6yxMJ0xQ113UxLObfpP1sWHcsmKAM0KMfli6IuPx/k ut8KJO9ofODCO0HYNd3vPPqiA+zASNFjVGBO1rt+P5RWcCLCVJSJ2/gq799G0Xf5ZhGkAG TqudYajKjFdNKtmtVHJoA1T4h/wHBbg= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=qdROVfdd; spf=pass (imf10.hostedemail.com: domain of andrey.konovalov@linux.dev designates 95.215.58.177 as permitted sender) smtp.mailfrom=andrey.konovalov@linux.dev; dmarc=pass (policy=none) header.from=linux.dev ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722219776; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=gCwEWY47GPr6v18PXrGNgbZC2X9ZT/ev75yXbrOMQ20=; b=YOMYuwgoZYOhURKsxGBLQC+s7A1t0FiHpLnZMs1X5NUeHMyV7UKmKDcOhc14GDmrPavEPS wp9UxktFwQ6W8kp1X2MP4fglQD3hGn26/yqVqrKGTFVpmz2Fg5qDwU55PMIqwIoduId5i7 5KllRK4gmMLWIJcYexk2DQ0RY3Qc9fw= X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1722219801; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=gCwEWY47GPr6v18PXrGNgbZC2X9ZT/ev75yXbrOMQ20=; b=qdROVfddxjaSGO7YDWE0he2haKUbf/739Cf9hegW3cM2ojd/US9Iy1w2rcY6y83lWa+rMX 38f+ZDw/E86rTU1tkM/MC+MhJf45x+bQ9h/BsigqjhEsT4km/ov5ze8XagSBmpljMQF7gL 6IWsyrK5DR4S8ZmZX7QgHJCST/tL6/o= From: andrey.konovalov@linux.dev To: Alan Stern , Greg Kroah-Hartman , Marcello Sylvester Bauer Cc: Andrey Konovalov , Dmitry Vyukov , Aleksandr Nogikh , Marco Elver , Alexander Potapenko , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+2388cdaeb6b10f0c13ac@syzkaller.appspotmail.com, syzbot+17ca2339e34a1d863aad@syzkaller.appspotmail.com, stable@vger.kernel.org Subject: [PATCH] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context Date: Mon, 29 Jul 2024 04:23:16 +0200 Message-Id: <20240729022316.92219-1-andrey.konovalov@linux.dev> MIME-Version: 1.0 X-Migadu-Flow: FLOW_OUT X-Stat-Signature: 7u6op6imysrfta355yw4hbbtk7c79c98 X-Rspamd-Queue-Id: 209C2C0007 X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1722219802-814528 X-HE-Meta: U2FsdGVkX1+Cu/jNeac/aKs8xy6DJ1UoEbSRuxXHlnU0WOBV8JqFg26xDlJxJ3728H/uRyvOVWkCHsJ4MFxqVi0i85Lw8E9cXBEzwgLXSa7X6I0fa9yQJzK+z71I0H1CBLYns7J3X7zqkqeIyyvOTHuXFkYEWutlQDEifOFuEFi17kPt37j3++01YMyiX+rmaPhH8J8kaYvlo+geRyLLAKRwLrdj+WTPQqXcjqAfNxIG3s4M61z74DETm1bwe13avGvZnLco+ZbV0z+ejAplKe5qcy0Yhop1a7tO5EurIS2ZiXYC3Ejxb0f2OIR74RCMZTDY0FWqAOT72cyCesbTfPGwo6oiH1/aq3W78iWSRp+zdGW5F+SStIYZZsPg0Qp6s2XeboNBzrfMbTyfPhQAz/eziA0TTuX/pIBd4hde4m8d/oHIqshDSPtYrEDncibJMJxXJLMHVrs7uygHpqWV/lSMkO57UJrKa6UzBmEdrBNrSO5kC590qhY+lg72sm7LuQ3Splk6Acx6tWMdDR4EK9/SZwsTPAw9xt60X6G33VGC2ItSFli4Qn+JcfRUSSW/Gj0WjF7xNm8rtbTnlqvdY+6nXKQccU+krwdWpgXIGJgpkK8RpYWN6lO95Hsh7EliNsh69Xc1KIpdFGvcbT7crFs/MRX7PJwCTWTKD9FixslawDwEEXFBtZbrWbOzERmy/Cva8WMCCWlvtQxFwK+z/h97DlWVn5ARL+fyS26vdD/nXCT6d3BZ4lyHJRh1jEjCkppT+lWhLLh/hbB/vp3bBW51E3tvX6zym/ZQuzGBs7Cx30WYwOGyuFSp4cm2J5QeyxSimc4ut+1ovHr/eoMYQ+YkNDZubr0ZLz2/+rm0giIYh+c/0kGFVFSWCfKVtpNSCBMBGSQ9XCg3vZ9dogY1F17eAUsxfg7RKEW1+5OlML97nD3+8il6vuwQBFNpJjiTxH8J7h/oMQoPt2qDiVr OMJ/nGOP QNKmDg35i95MzQYifwSb9t9yKax+SVaKikzz7096e0IBjskwTvQOy4RylFZvbUIetai4k6rQVtzEI6W9ZuN9u/mq1DXQCaPxi/w/EpHH5DwcRskuoPTL4Q7L5EC62k9v7GWao7wyf8bOTY4coyjOs3sHGbfbJl2LlgAQUQdVsJE25RnQbBKDouN6OjZgpCnfvUaXHIvABN0uVtco0kI+pNejhXx3Y6PJBvguLNRny6PqsjPavmd1j0YzRjivf7J0TrPdCebY/xeWoU3hlPDW/suQpMow2/ZbhBAgfygntyD6db1FKR4abnFgzJ9cuiSw+YQVAXjYm7jOWOPtiitIolnBGLa9cSR8cw9/V3igIYEBTv+EJghqGK6uL+k18bgVNa5a19PC5SXtkrv0+klOB6DxfPXPRzNWoo4OT51/nMSbXGeVUABrESZ0tXw5yzCW0iRuoF88fyp20+mWAGYFKHog1Ybn2oTWmQTG+eKAn/3Hro8A= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Andrey Konovalov Commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") switched dummy_hcd to use hrtimer and made the timer's callback be executed in the hardirq context. With that change, __usb_hcd_giveback_urb now gets executed in the hardirq context, which causes problems for KCOV and KMSAN. One problem is that KCOV now is unable to collect coverage from the USB code that gets executed from the dummy_hcd's timer callback, as KCOV cannot collect coverage in the hardirq context. Another problem is that the dummy_hcd hrtimer might get triggered in the middle of a softirq with KCOV remote coverage collection enabled, and that causes a WARNING in KCOV, as reported by syzbot. (I sent a separate patch to shut down this WARNING, but that doesn't fix the other two issues.) Finally, KMSAN appears to ignore tracking memory copying operations that happen in the hardirq context, which causes false positive kernel-infoleaks, as reported by syzbot. Change the hrtimer in dummy_hcd to execute the callback in the softirq context. Reported-by: syzbot+2388cdaeb6b10f0c13ac@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=2388cdaeb6b10f0c13ac Reported-by: syzbot+17ca2339e34a1d863aad@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=17ca2339e34a1d863aad Fixes: a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler") Cc: stable@vger.kernel.org Signed-off-by: Andrey Konovalov Reported-by: kernel test robot Acked-by: Marcello Sylvester Bauer Reported-by: syzbot+c793a7eca38803212c61@syzkaller.appspotmail.com Reported-by: syzbot+1e6e0b916b211bee1bd6@syzkaller.appspotmail.com Reported-by: syzbot+edd9fe0d3a65b14588d5@syzkaller.appspotmail.com --- Marcello, would this change be acceptable for your use case? If we wanted to keep the hardirq hrtimer, we would need teach KCOV to collect coverage in the hardirq context (or disable it, which would be unfortunate) and also fix whatever is wrong with KMSAN, but all that requires some work. --- drivers/usb/gadget/udc/dummy_hcd.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/usb/gadget/udc/dummy_hcd.c b/drivers/usb/gadget/udc/dummy_hcd.c index f37b0d8386c1a..ff7bee78bcc49 100644 --- a/drivers/usb/gadget/udc/dummy_hcd.c +++ b/drivers/usb/gadget/udc/dummy_hcd.c @@ -1304,7 +1304,8 @@ static int dummy_urb_enqueue( /* kick the scheduler, it'll do the rest */ if (!hrtimer_active(&dum_hcd->timer)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); done: spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); @@ -1325,7 +1326,7 @@ static int dummy_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) rc = usb_hcd_check_unlink_urb(hcd, urb, status); if (!rc && dum_hcd->rh_state != DUMMY_RH_RUNNING && !list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); return rc; @@ -1995,7 +1996,8 @@ static enum hrtimer_restart dummy_timer(struct hrtimer *t) dum_hcd->udev = NULL; } else if (dum_hcd->rh_state == DUMMY_RH_RUNNING) { /* want a 1 msec delay here */ - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), + HRTIMER_MODE_REL_SOFT); } spin_unlock_irqrestore(&dum->lock, flags); @@ -2389,7 +2391,7 @@ static int dummy_bus_resume(struct usb_hcd *hcd) dum_hcd->rh_state = DUMMY_RH_RUNNING; set_link_state(dum_hcd); if (!list_empty(&dum_hcd->urbp_list)) - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL_SOFT); hcd->state = HC_STATE_RUNNING; } spin_unlock_irq(&dum_hcd->dum->lock); @@ -2467,7 +2469,7 @@ static DEVICE_ATTR_RO(urbs); static int dummy_start_ss(struct dummy_hcd *dum_hcd) { - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING; dum_hcd->stream_en_ep = 0; @@ -2497,7 +2499,7 @@ static int dummy_start(struct usb_hcd *hcd) return dummy_start_ss(dum_hcd); spin_lock_init(&dum_hcd->dum->lock); - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); dum_hcd->timer.function = dummy_timer; dum_hcd->rh_state = DUMMY_RH_RUNNING;