Re: [Report]: BUG: KASAN: use-after-free in usb_hcd_pci_remove

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 17/08/2020 12:35, Andy Shevchenko wrote:

On Sun, Aug 16, 2020 at 12:05:50PM -0400, Alan Stern wrote:

On Sun, Aug 16, 2020 at 11:33:14AM +0300, Andy Shevchenko wrote:

On Sat, Aug 15, 2020 at 4:50 AM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:

On Sat, Aug 15, 2020 at 12:55:57AM +0300, Andy Shevchenko wrote:


...


Sure, the difference in ordering was pretty obvious.  What is not
obvious is why this should cause a problem.


It may be not causing any problem right now, but with all these small
steps we may come to the case like DWC3 removal mess.


Do you think that the host controller driver is going to try to use the
IRQ vector somewhere between the pci_free_irq_vectors call and the
usb_put_hcd call?  If that's not going to happen then I don't see what
difference the order of the two calls makes.


I think that this is a bit incorrect to rely on side-effects to ruin
the clear understanding of what ordering is going on. If you insist,
you can take John's solution, but I won't give a tag on such.

Also take into consideration the possible copy'n'paste of this example
to other drivers. I have seen a lot of bad examples were
copied'n'pasted all over the kernel during my reviews. I don't want to
give another one.

So, the review process, in my opinion, should be slightly broader that
we usually understand it, i.e. take into account:
- *run-time* bisectability
- possible copy'n'paste of the code excerpts


I see.  So you use "correct" in the broader sense of "good form" as well
as strict correctness.  (It was confusing because I wouldn't conflate
those two different concepts.)


Thank you for clarification, I'm not native speaker and this is a good learn
to me. I will try to use better wording in the future.


Okay, now your reply makes sense.


Thanks!
It looks like that function [pci_free_irq_vectors()] is harmless when the vectors aren't allocated, so it should be possible to always call it always and drop the hcd flags check. But then this pattern may not be liked either.
Anyway, I guess you guys can sort this out. I'm just trying to help identify issues. 

Thanks,
John
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux