From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Andrey Konovalov <andreyknvl@google.com>,
Jaskaran Singh <jaskaransingh7654321@gmail.com>,
syzbot <syzbot+e7d46eb426883fb97efd@syzkaller.appspotmail.com>,
Alexander Potapenko <glider@google.com>,
LKML <linux-kernel@vger.kernel.org>,
USB list <linux-usb@vger.kernel.org>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
usb-storage@lists.one-eyed-alien.net
Subject: Re: KMSAN: uninit-value in alauda_check_media
Date: Fri, 11 Oct 2019 17:06:46 +0200 [thread overview]
Message-ID: <20191011150646.GA1240544@kroah.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1910111039380.1529-100000@iolanthe.rowland.org>
On Fri, Oct 11, 2019 at 10:53:47AM -0400, Alan Stern wrote:
> On Fri, 11 Oct 2019, Andrey Konovalov wrote:
>
> > On Fri, Oct 11, 2019 at 4:08 PM Alan Stern <stern@rowland.harvard.edu> wrote:
>
> > > Now yes, it's true that defining status as an array on the stack is
> > > also a bug, since USB transfer buffers are not allowed to be stack
> > > variables.
> >
> > Hi Alan,
> >
> > I'm curious, what is the reason for disallowing that? Should we try to
> > somehow detect such cases automatically?
>
> Transfer buffers are read and written by DMA. On systems that don't
> have cache-coherent DMA controllers, it is essential that the CPU does
> not access any cache line involved in a DMA transfer while the transfer
> is in progress. Otherwise the data in the cache would be different
> from the data in the buffer, leading to corruption.
>
> (In theory it would be okay for the CPU to read (not write!) a cache
> line assigned to a buffer for a DMA write (not read!) transfer. But
> even doing that isn't really a good idea.)
>
> (Also, this isn't an issue for x86 architectures, because x86 has
> cache-coherent DMA. But it is an issue on other architectures.)
>
> In practice, this means transfer buffers have to be allocated by
> something like kmalloc, so that they occupies their own separate set of
> cache lines. Buffers on the stack obviously don't satisfy this
> requirement.
>
> At some point there was a discussion about automatically detecting when
> on-stack (or otherwise invalid) buffers are used for DMA transfers. I
> don't recall what the outcome was.
A patchset from Kees was sent, but it needs a bit more work...
thanks,
greg k-h
next prev parent reply other threads:[~2019-10-11 15:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-07 19:39 KMSAN: uninit-value in alauda_check_media syzbot
2019-10-11 11:23 ` Jaskaran Singh
2019-10-11 11:51 ` Alexander Potapenko
2019-10-11 15:42 ` syzbot
2019-10-11 14:08 ` Alan Stern
2019-10-11 14:18 ` Andrey Konovalov
2019-10-11 14:53 ` Alan Stern
2019-10-11 15:06 ` Greg Kroah-Hartman [this message]
2019-10-14 12:56 ` Andrey Konovalov
2019-10-11 15:24 ` syzbot
2021-12-28 7:47 ` Christophe JAILLET
2021-12-28 7:47 ` syzbot
2021-12-28 22:49 ` Alan Stern
2021-12-29 9:16 ` Christophe JAILLET
2021-12-29 16:45 ` Alan Stern
2021-12-28 8:01 ` Christophe JAILLET
2021-12-28 11:10 ` [syzbot] " syzbot
-- strict thread matches above, loose matches on Subject: below --
2019-10-11 11:17 Jas K
[not found] <cca3b7b4-d9cf-a275-ec0a-c99720a94049@wanadoo.fr>
2021-12-28 7:52 ` syzbot
2023-08-02 16:05 Alan Stern
2023-08-02 16:05 ` syzbot
2023-08-02 16:35 ` Alan Stern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191011150646.GA1240544@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=andreyknvl@google.com \
--cc=glider@google.com \
--cc=jaskaransingh7654321@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzbot+e7d46eb426883fb97efd@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=usb-storage@lists.one-eyed-alien.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.