From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDD0AC3DA61 for ; Mon, 29 Jul 2024 08:26:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 624FE6B008C; Mon, 29 Jul 2024 04:26:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5AD746B0092; Mon, 29 Jul 2024 04:26:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 425DC6B0093; Mon, 29 Jul 2024 04:26:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 214B76B008C for ; Mon, 29 Jul 2024 04:26:14 -0400 (EDT) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BC000A01D6 for ; Mon, 29 Jul 2024 08:26:13 +0000 (UTC) X-FDA: 82392107826.02.CBBE8AE Received: from mout-p-201.mailbox.org (mout-p-201.mailbox.org [80.241.56.171]) by imf20.hostedemail.com (Postfix) with ESMTP id CAEAD1C0005 for ; Mon, 29 Jul 2024 08:26:10 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=sylv.io header.s=MBO0001 header.b=DU9eH44o; spf=pass (imf20.hostedemail.com: domain of sylv@sylv.io designates 80.241.56.171 as permitted sender) smtp.mailfrom=sylv@sylv.io; dmarc=pass (policy=none) header.from=sylv.io ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722241517; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K7fnqw37rhxeqjvTfmqBdiz93kBqO/8jFv9TVqAzuSI=; b=4LrmG89Mh8e3FR+LjiicbtbQP8B5El7ak2t4PmxS/j7Di4gnYC4xhUcEgwuWyIcDRk1fMf RiITVYPMW27TYTAt/a42JqA7y84ijC4q5SJ2LN6wQtiGZ2f/N9AF7TtzfCGe2iqwB6AXHW PuLddJxolZ2+GCyHveNBQILWWpKoShM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722241517; a=rsa-sha256; cv=none; b=nV3KeRXF0CDWf9QFJG7Ut6bSbP991k0Om95UFuQY8v/NOa4to34Ogv+gfGVLb+oHRCcIaR 4JqSbmszMw2tgr4PHStzbZk1rulF4GlhLkijyYjDKIFdql1PoyirAvn+RGVZl76JTsA01g ZCoNOfYwxEjVj1CHqJSf9YeXWCNBOPY= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=sylv.io header.s=MBO0001 header.b=DU9eH44o; spf=pass (imf20.hostedemail.com: domain of sylv@sylv.io designates 80.241.56.171 as permitted sender) smtp.mailfrom=sylv@sylv.io; dmarc=pass (policy=none) header.from=sylv.io Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4WXWf55JDkz9tJ5; Mon, 29 Jul 2024 10:26:05 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sylv.io; s=MBO0001; t=1722241565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=K7fnqw37rhxeqjvTfmqBdiz93kBqO/8jFv9TVqAzuSI=; b=DU9eH44oPtmAdluEEyoP/E2jdGbDnTyb0fWZoUp2ydRTSvXP48q5Kogbg8Kvc+6aKF9J7G BAKm+xjIcnB+yj4naC11+QetJRSB/1hNVsHBa8Heew8gwYwnVTlr10gJfqL6UwoZNMwJsM 2OQDcb5y1GGva32HzKEeph3CmwkrNFAJPdFlI6o9V/xFX8Q/0ViZvfCEsoItnWTIhGn9R/ CFGk1Wb7gX9iQuPABQhoZKTxIUMal9D6X+u96jPpk/FLradT1yK1rFD/30IvR+6dbPJCfi i+cvTvKBYVWrGprU4wKelXEHSXWJxDWKP8ggMZ+YnauHcjvIin7N/oNapgM63A== Message-ID: Subject: Re: [PATCH] usb: gadget: dummy_hcd: execute hrtimer callback in softirq context From: Marcello Sylvester Bauer To: andrey.konovalov@linux.dev, Alan Stern , Greg Kroah-Hartman Cc: Andrey Konovalov , Dmitry Vyukov , Aleksandr Nogikh , Marco Elver , Alexander Potapenko , kasan-dev@googlegroups.com, Andrew Morton , linux-mm@kvack.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+2388cdaeb6b10f0c13ac@syzkaller.appspotmail.com, syzbot+17ca2339e34a1d863aad@syzkaller.appspotmail.com, stable@vger.kernel.org Date: Mon, 29 Jul 2024 10:25:56 +0200 In-Reply-To: <20240729022316.92219-1-andrey.konovalov@linux.dev> References: <20240729022316.92219-1-andrey.konovalov@linux.dev> Autocrypt: addr=sylv@sylv.io; prefer-encrypt=mutual; keydata=mDMEX4a2/RYJKwYBBAHaRw8BAQdAgPh7hXqL35bMLhbhZbzNFhQslzLjFA/nooSPkjfwp 1y0J01hcmNlbGxvIFN5bHZlc3RlciBCYXVlciA8c3lsdkBzeWx2LmlvPoiRBBMWCgA5AhsBBAsJCA cEFQoJCAUWAgMBAAIeAQIXgBYhBAzRGzXUX6FMlUr5GUv0FpMH/RIkBQJfhrn3AhkBAAoJEEv0FpM H/RIk+XAA/2uYBupPaP7oiwvwRjhAnO5wAZzQh8guHu3CDiLTUnXNAQDjeHY1ES/IXN6W+gVfGPFa rtzmGeRUQk1lSQL7SfhwCbQvTWFyY2VsbG8gU3lsdmVzdGVyIEJhdWVyIDxtZUBtYXJjZWxsb2Jhd WVyLmNvbT6IjgQTFgoANhYhBAzRGzXUX6FMlUr5GUv0FpMH/RIkBQJfhrlYAhsBBAsJCAcEFQoJCA UWAgMBAAIeAQIXgAAKCRBL9BaTB/0SJOHbAQCp2E6WRbY3U7nxxfEt8lOq3pCi0VeUAWu93CnWZX0 X9wEArZ6h9wCGHhlGBTaB/U7BRHlgftCcEuxeCuMZEa8rqwC0MU1hcmNlbGxvIFN5bHZlc3RlciBC YXVlciA8aW5mb0BtYXJjZWxsb2JhdWVyLmNvbT6IjgQTFgoANhYhBAzRGzXUX6FMlUr5GUv0FpMH/ RIkBQJfhrmFAhsBBAsJCAcEFQoJCAUWAgMBAAIeAQIXgAAKCRBL9BaTB/0SJLF/AQDwn+Oiv2Zf2o ZxGttQl/oQNR3YJZuGt8k+JTSWS98xxwEAiBULaSCQ4JaVq5VdOXwb0tPsfQuYbBQjbAK9WI3QmwM= Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-LWyd7UgxwvTeqjduYLti" MIME-Version: 1.0 X-Stat-Signature: 45d7dxus5pjbs8q9ftqg6h3yks861kde X-Rspamd-Queue-Id: CAEAD1C0005 X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1722241570-141008 X-HE-Meta: U2FsdGVkX195JgtgY3mArsTV5SHC8M2K3Bqyfb650IIg41Ljms6YcU8ZFfnYpgfY5NXMRk4DMGZinK1UteNUcbaCQNb1WPEH6AZu7FF1b3dq/ngh8w5eK7dqZlgQ2N0vzQpv56XUwKHf9oZ8NtX7pOmwAsE/IMer+R6BzujdoFfpeUEO4V0OFVrzHpg6T0KcOuY0e6tR/gxaDpfZkVCoXeGVc7u1NlFguDWQNiutNDO7YipKxKUhEVRDdtDj/JEiLb+F3HWCIvb/gCwl6gAEAWCJetd4GrzI1dIX1bDSofxFA7PTZ8KybXccIGjoJ3oGSCsfqJujNSagRhOAQpvvOm+p6UPDXr8ePsazKWO9CFzfpod8qEgCFEujembBMUthHBml6deaoX/aEwHL5bxriic+Be0H5mTd3Omyls1mtKCKXnWDIvFgqW5g6vcHDHFt43WkyXbvDqN2UwYFVdu92qJe26n2vTEYN5M/FwTfyfo2PzPZE52zXwTTz6rpRYV/8uQmMhBjZW14gil8vTa2qnGxY0VxksxkzQuJfT+TDGaxt7O+AN18aGs3CqEUt+aUf3+gyMZfBqgfbMYczdmQnIo0jWXa27+9xLNRoMK+ssh/cOZuvzhwQ+p/xdnhlTe3BYDbD0tFlCrQAvxJRmBuoq3KjSAGOpbF3zKhDUS/VxGt8lWtWpxRBXHtAOzYvA+rmeV6ZSqhHq2u1ZlIGpd8J0q2Bel2e7WtDA1Wv+1NPPyDmNwt0bIk1cMMCRaFAfrkh7+B9rz9p5pLFFIZCsvFV+6Xy68PkJ75HDdSYjDbh646BDBKNaLNkc5aH+URgUQSFXosul1XQVnYHBcrquaRaHKb2aeaN4AYKQwh7KP/qJQCWkAu0Se4DUUGJ8QadEF1O1KrsT3Tfed/vVkxwrz38Eqdy0h5u4XzdhM9rUvkkoR/PRpOrQ2ugGqL0VwxOLFWfCJxznhW49a/JQXHDE+ FcSYmhJS LQiKwXBZHPRl4SNGMoMoLiB4z/fVHUX22YPVRpKu9AH7BBzMnXmywxc7k+d55R3sNJV7aBR/wOV5+2pYKB1qoK//JwY+YIBejAGmPeXp+746SdaNaYuwrX9Tm23fBmI6+H/e/6oDRbR/VHzL9sFL6g8BTSnXmp1tDC8JggOVYCHAcR4Jsdz3KR5e3a3p0ckaQrAk93cZFF1SXvwTgOEReUoQTe52mMA0YHHaBCLzhYqbMlyQYK6oF48xxR6OkQ/FuAQkXom7tKoMKT+6/pPr+mfBvAxhQuuxj3vYgyDyXGifPfdq7NKYc44fL9rbQCjaFsD8Ro4ZuazK5+l/StXcBrtl4w9FdgjixMgeEAh7k1gdLQDTCJkxTYMrABzYOxln9MLXgC4Z08/7weVo4SZ1NQUOku1XsKnWlQTtdwmXRFbzBQW17lt5vdu7I+YEFNyGOHEuK9jJBtd9sBvqF6W9zgwfq5JWF5VnPBKzLZdkfs58kVsZZG9A1p+AFVnmjLM6jN2nGLnsDAwR4Vc/wVgqym65ico2DjBhoOXYku3VzUqS+/zKAlpJmUFsmK0wBdP3sMY9lg8kqvSnwRuebTADZdYAQ4omkrsOLR8+MWLqPV71+T5d2vP5mCL6Ek4alhM3/ecgn81WQH+yHE2w4+idzLkYhHwL4I/HEC9qJ7ZGjbvP/rIl969iuRf+mE0u1VKH1+MZlm6kaMx0xlLkp7IDTTXQ5DllzzNc3H6OXEr6bGYLmZRcKEZ/0jFpR2O8Ze/jaqLg3 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --=-LWyd7UgxwvTeqjduYLti Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Andrey, On Mon, 2024-07-29 at 04:23 +0200, andrey.konovalov@linux.dev wrote: > From: Andrey Konovalov >=20 > Commit a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer > transfer > scheduler") switched dummy_hcd to use hrtimer and made the timer's > callback be executed in the hardirq context. >=20 > With that change, __usb_hcd_giveback_urb now gets executed in the > hardirq > context, which causes problems for KCOV and KMSAN. >=20 > One problem is that KCOV now is unable to collect coverage from > the USB code that gets executed from the dummy_hcd's timer callback, > as KCOV cannot collect coverage in the hardirq context. >=20 > Another problem is that the dummy_hcd hrtimer might get triggered in > the > middle of a softirq with KCOV remote coverage collection enabled, and > that > causes a WARNING in KCOV, as reported by syzbot. (I sent a separate > patch > to shut down this WARNING, but that doesn't fix the other two > issues.) >=20 > Finally, KMSAN appears to ignore tracking memory copying operations > that happen in the hardirq context, which causes false positive > kernel-infoleaks, as reported by syzbot. >=20 > Change the hrtimer in dummy_hcd to execute the callback in the > softirq > context. >=20 > Reported-by: syzbot+2388cdaeb6b10f0c13ac@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=3D2388cdaeb6b10f0c13ac > Reported-by: syzbot+17ca2339e34a1d863aad@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=3D17ca2339e34a1d863aad > Fixes: a7f3813e589f ("usb: gadget: dummy_hcd: Switch to hrtimer > transfer scheduler") > Cc: stable@vger.kernel.org > Signed-off-by: Andrey Konovalov >=20 > --- >=20 > Marcello, would this change be acceptable for your use case? Thanks for investigating and finding the cause of this problem. I have already submitted an identical patch to change the hrtimer to softirq: https://lkml.org/lkml/2024/6/26/969 However, your commit messages contain more useful information about the problem at hand. So I'm happy to drop my patch in favor of yours. Btw, the same problem has also been reported by the intel kernel test robot. So we should add additional tags to mark this patch as the fix. Reported-by: kernel test robot Closes: https://lore.kernel.org/oe-lkp/202406141323.413a90d2-lkp@intel.com Acked-by: Marcello Sylvester Bauer Thanks, Marcello > If we wanted to keep the hardirq hrtimer, we would need teach KCOV to > collect coverage in the hardirq context (or disable it, which would > be > unfortunate) and also fix whatever is wrong with KMSAN, but all that > requires some work. > --- > =C2=A0drivers/usb/gadget/udc/dummy_hcd.c | 14 ++++++++------ > =C2=A01 file changed, 8 insertions(+), 6 deletions(-) >=20 > diff --git a/drivers/usb/gadget/udc/dummy_hcd.c > b/drivers/usb/gadget/udc/dummy_hcd.c > index f37b0d8386c1a..ff7bee78bcc49 100644 > --- a/drivers/usb/gadget/udc/dummy_hcd.c > +++ b/drivers/usb/gadget/udc/dummy_hcd.c > @@ -1304,7 +1304,8 @@ static int dummy_urb_enqueue( > =C2=A0 > =C2=A0 /* kick the scheduler, it'll do the rest */ > =C2=A0 if (!hrtimer_active(&dum_hcd->timer)) > - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), > HRTIMER_MODE_REL); > + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), > + HRTIMER_MODE_REL_SOFT); > =C2=A0 > =C2=A0 done: > =C2=A0 spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); > @@ -1325,7 +1326,7 @@ static int dummy_urb_dequeue(struct usb_hcd > *hcd, struct urb *urb, int status) > =C2=A0 rc =3D usb_hcd_check_unlink_urb(hcd, urb, status); > =C2=A0 if (!rc && dum_hcd->rh_state !=3D DUMMY_RH_RUNNING && > =C2=A0 !list_empty(&dum_hcd->urbp_list)) > - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); > + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), > HRTIMER_MODE_REL_SOFT); > =C2=A0 > =C2=A0 spin_unlock_irqrestore(&dum_hcd->dum->lock, flags); > =C2=A0 return rc; > @@ -1995,7 +1996,8 @@ static enum hrtimer_restart dummy_timer(struct > hrtimer *t) > =C2=A0 dum_hcd->udev =3D NULL; > =C2=A0 } else if (dum_hcd->rh_state =3D=3D DUMMY_RH_RUNNING) { > =C2=A0 /* want a 1 msec delay here */ > - hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), > HRTIMER_MODE_REL); > + hrtimer_start(&dum_hcd->timer, ns_to_ktime(DUMMY_TIMER_INT_NSECS), > + HRTIMER_MODE_REL_SOFT); > =C2=A0 } > =C2=A0 > =C2=A0 spin_unlock_irqrestore(&dum->lock, flags); > @@ -2389,7 +2391,7 @@ static int dummy_bus_resume(struct usb_hcd > *hcd) > =C2=A0 dum_hcd->rh_state =3D DUMMY_RH_RUNNING; > =C2=A0 set_link_state(dum_hcd); > =C2=A0 if (!list_empty(&dum_hcd->urbp_list)) > - hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), HRTIMER_MODE_REL); > + hrtimer_start(&dum_hcd->timer, ns_to_ktime(0), > HRTIMER_MODE_REL_SOFT); > =C2=A0 hcd->state =3D HC_STATE_RUNNING; > =C2=A0 } > =C2=A0 spin_unlock_irq(&dum_hcd->dum->lock); > @@ -2467,7 +2469,7 @@ static DEVICE_ATTR_RO(urbs); > =C2=A0 > =C2=A0static int dummy_start_ss(struct dummy_hcd *dum_hcd) > =C2=A0{ > - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); > + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, > HRTIMER_MODE_REL_SOFT); > =C2=A0 dum_hcd->timer.function =3D dummy_timer; > =C2=A0 dum_hcd->rh_state =3D DUMMY_RH_RUNNING; > =C2=A0 dum_hcd->stream_en_ep =3D 0; > @@ -2497,7 +2499,7 @@ static int dummy_start(struct usb_hcd *hcd) > =C2=A0 return dummy_start_ss(dum_hcd); > =C2=A0 > =C2=A0 spin_lock_init(&dum_hcd->dum->lock); > - hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); > + hrtimer_init(&dum_hcd->timer, CLOCK_MONOTONIC, > HRTIMER_MODE_REL_SOFT); > =C2=A0 dum_hcd->timer.function =3D dummy_timer; > =C2=A0 dum_hcd->rh_state =3D DUMMY_RH_RUNNING; > =C2=A0 --=-LWyd7UgxwvTeqjduYLti Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- iIMEABYKACsWIQR81eCeIFvseLvKEUNWslSZtA36GQUCZqdSFA0cc3lsdkBzeWx2 LmlvAAoJEFayVJm0DfoZT9wA/0cbEIRrGeccZCTVN5CQK6Nx31rSKXTIDsobIdO0 9cG/AQDGFJq2QwpbDTAe4HN2gmybrc3qqnu5zQ/qym81WTu1BA== =hqtW -----END PGP SIGNATURE----- --=-LWyd7UgxwvTeqjduYLti--