On Mon, Oct 05, 2020 at 11:22:18AM -0400, Alan Stern wrote: > On Mon, Oct 05, 2020 at 05:08:11PM +0200, Andrey Konovalov wrote: > > Dear USB and USB/IP maintainers, > > > > While fuzzing the USB/IP stack with syzkaller we've stumbled upon an issue. > > > > Currently kcov (the subsystem that is used for coverage collection) > > USB-related callbacks assume that usb_hcd_giveback_urb() can only be > > called from interrupt context, as indicated by the comment before the > > function definition. > > The primary reason for this restriction (as far as I'm aware) is because > the routine uses spin_lock/spin_unlock rather than the > _irqsave/_irqrestore variants. There's also a small efficiency issue: > In the vast majority of cases involving real host controllers, the > routine _will_ be called in interrupt context. So we optimized for that > case. > > > In the USB/IP code, however, it's called from the > > task context (see the stack trace below). > > > > Is this something that is allowed and we need to fix kcov? Or is this > > a bug in USB/IP? > > It's a bug in USB/IP. Interrupts should be disabled when it calls > usb_hcd_giveback_urb(). But that's not always the case when we have host controllers running with threaded interrupts, right? Or do they still disable interrupts? thanks, greg k-h
