All of lore.kernel.org
 help / color / mirror / Atom feed
From: Oliver Neukum <oneukum@suse.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: bjorn@mork.no, linux-usb@vger.kernel.org
Subject: Re: [RFC 0/5] fix races in CDC-WDM
Date: Tue, 22 Sep 2020 09:33:03 +0200	[thread overview]
Message-ID: <1600759983.6926.9.camel@suse.com> (raw)
In-Reply-To: <fab1cbfc-7284-73f4-b633-1e060c38acdb@i-love.sakura.ne.jp>

Am Dienstag, den 22.09.2020, 10:56 +0900 schrieb Tetsuo Handa:
> On 2020/09/21 19:52, Oliver Neukum wrote:

> 
> To understand it, I must understand why it is safe to defer error reporting.

It is not. There is nothing to understand here. If user space needs
a guarantee that data has been pushed out without an error, it will
have to call fsync()

Let me explain.
POSIX, as described in the man page, sets some rules about what
a driver must do and must not do. In other areas it makes
recommendations a good driver should follow. One of them is that
we block as little as possible, at the risk of delaying error
reporting. A good driver will report errors as soon as possible
while being compatible with doing IO asynchronously.

> I'm querying you about characteristics of data passed to wdm_write().
> Without knowing the difference between writing to cdc-wdm driver and normal file on
> some filesystem, I can't judge whether it is acceptable to defer reporting errors.

That is simply not a decision you or I make. The man page clearly
says that it is acceptable. If user space does not like that, it must
call fsync() after write().

> When an error occurred when writing to normal file on some filesystem, the userspace
> would simply treat that file as broken (e.g. delete such file). The userspace of this
> cdc-wdm driver might want that any error is immediately reported, for I'm thinking that
> each data passed to wdm_write() is stateful, for
> 
>   /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
>   #define WDM_DEFAULT_BUFSIZE     256
> 
> and
> 
>         if (count > desc->wMaxCommand)
>                 count = desc->wMaxCommand;
> 
> makes me think that wdm_write() has to be able to handle chunk of data in atomic
> manner.

No. the WDM spec says the clear opposite and the man page of write says
so, too.

> I don't like [RFC 8/8]. Please drop [RFC 8/8] because not only it is unrelated to
> hang up problem syzbot is reporting but also lock dependency is still unclear.

Very well. I will make a patch set that clearly fixes bugs and a
secondary one with optimizations.

	Regards
		Oliver


  reply	other threads:[~2020-09-22  7:33 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-12 13:20 [RFC 0/5] fix races in CDC-WDM Oliver Neukum
2020-08-12 13:20 ` [RFC 1/5] CDC-WDM: fix hangs in flush() Oliver Neukum
2020-08-12 13:20 ` [RFC 2/5] CDC-WDM: introduce a timeout " Oliver Neukum
2020-08-12 13:20 ` [RFC 3/5] CDC-WDM: making flush() interruptible Oliver Neukum
2020-08-12 13:20 ` [RFC 4/5] CDC-WDM: fix race reporting errors in flush Oliver Neukum
2020-08-12 13:20 ` [RFC 5/5] CDC-WDM: remove use of intf->dev after potential disconnect Oliver Neukum
2020-08-12 14:29 ` [RFC 0/5] fix races in CDC-WDM Tetsuo Handa
2020-09-10  9:09   ` Oliver Neukum
2020-09-10 10:01     ` Tetsuo Handa
2020-09-15  9:14       ` Oliver Neukum
2020-09-15 10:30         ` Tetsuo Handa
2020-09-16 10:18           ` Oliver Neukum
2020-09-16 11:14             ` Tetsuo Handa
2020-09-17  9:50               ` Oliver Neukum
2020-09-17 11:24                 ` Tetsuo Handa
2020-09-17 14:17                   ` Oliver Neukum
2020-09-17 16:17                     ` Tetsuo Handa
2020-09-21 10:52                       ` Oliver Neukum
2020-09-22  1:56                         ` Tetsuo Handa
2020-09-22  7:33                           ` Oliver Neukum [this message]
2020-09-22  8:34                             ` Tetsuo Handa
2020-09-22  9:45                               ` Oliver Neukum

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1600759983.6926.9.camel@suse.com \
    --to=oneukum@suse.com \
    --cc=bjorn@mork.no \
    --cc=linux-usb@vger.kernel.org \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.