From: Hillf Danton <hdanton@sina.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org,
linux-mm@kvack.org, syzkaller-bugs@googlegroups.com,
Hillf Danton <hdanton@sina.com>
Subject: Re: [syzbot] WARNING in driver_unregister
Date: Sun, 29 May 2022 08:56:03 +0800 [thread overview]
Message-ID: <20220529005603.4002-1-hdanton@sina.com> (raw)
In-Reply-To: <YpKEoBORZLtXG/y9@rowland.harvard.edu>
On Sat, 28 May 2022 16:22:56 -0400 Alan Stern wrote:
> On Sat, May 28, 2022 at 10:55:22AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot has tested the proposed patch and the reproducer did not trigger any issue:
> >
> > Reported-and-tested-by: syzbot+02b16343704b3af1667e@syzkaller.appspotmail.com
> >
> > Tested on:
> >
> > commit: 97fa5887 USB: new quirk for Dell Gen 2 devices
> > git tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
> > kernel config: https://syzkaller.appspot.com/x/.config?x=d7b232ec3adf5c8d
> > dashboard link: https://syzkaller.appspot.com/bug?extid=02b16343704b3af1667e
> > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
> > patch: https://syzkaller.appspot.com/x/patch.diff?x=10f44625f00000
> >
> > Note: testing is done by a robot and is best-effort only.
>
> Yeah, I don't believe this result.
>
> In any case, I believe the second problem (unexpected unregistration)
> arises because the driver has no protection against multiple threads
> calling raw_ioctl_run() concurrently. Fixing that should be a second
> patch, but for testing purposes the two are combined below.
>
> Alan Stern
>
> #syz test: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git 97fa5887cf28
>
> Index: usb-devel/drivers/usb/gadget/legacy/raw_gadget.c
> ===================================================================
> --- usb-devel.orig/drivers/usb/gadget/legacy/raw_gadget.c
> +++ usb-devel/drivers/usb/gadget/legacy/raw_gadget.c
> @@ -11,6 +11,7 @@
> #include <linux/ctype.h>
> #include <linux/debugfs.h>
> #include <linux/delay.h>
> +#include <linux/idr.h>
> #include <linux/kref.h>
> #include <linux/miscdevice.h>
> #include <linux/module.h>
> @@ -36,6 +37,9 @@ MODULE_LICENSE("GPL");
>
> /*----------------------------------------------------------------------*/
>
> +static DEFINE_IDA(driver_id_numbers);
> +#define DRIVER_DRIVER_NAME_LENGTH_MAX 32
> +
> #define RAW_EVENT_QUEUE_SIZE 16
>
> struct raw_event_queue {
> @@ -145,6 +149,7 @@ enum dev_state {
> STATE_DEV_INVALID = 0,
> STATE_DEV_OPENED,
> STATE_DEV_INITIALIZED,
> + STATE_DEV_REGISTERING,
> STATE_DEV_RUNNING,
> STATE_DEV_CLOSED,
> STATE_DEV_FAILED
Thanks for your plumber fix. Feel free to add
Acked-by: Hillf Danton <hdanton@sina.com>
parent reply other threads:[~2022-05-29 0:56 UTC|newest]
Thread overview: expand[flat|nested] mbox.gz Atom feed
[parent not found: <YpKEoBORZLtXG/y9@rowland.harvard.edu>]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220529005603.4002-1-hdanton@sina.com \
--to=hdanton@sina.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-usb@vger.kernel.org \
--cc=stern@rowland.harvard.edu \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox