All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alan Stern <stern@rowland.harvard.edu>
To: Johan Hovold <johan@kernel.org>
Cc: Greg KH <greg@kroah.com>,
	syzbot <syzbot+ada0f7d3d9fd2016d927@syzkaller.appspotmail.com>,
	syzkaller-bugs@googlegroups.com,
	USB mailing list <linux-usb@vger.kernel.org>
Subject: Re: [PATCH] USB: core: Make usb_start_wait_urb() interruptible
Date: Mon, 30 Aug 2021 10:46:13 -0400	[thread overview]
Message-ID: <20210830144613.GA332514@rowland.harvard.edu> (raw)
In-Reply-To: <YSyPQqMPHRiUvYEx@hovoldconsulting.com>

On Mon, Aug 30, 2021 at 09:56:50AM +0200, Johan Hovold wrote:
> On Sat, Aug 28, 2021 at 09:58:25PM -0400, Alan Stern wrote:
> > This patch fixes the problem by converting the uninterruptible wait to
> > an interruptible one.  For the most part this won't affect calls to
> > usb_start_wait_urb(), because they are made by kernel threads and so
> > can't receive most signals.
> > 
> > But in some cases such calls may occur in user threads in contexts
> > other than usbfs ioctls.  A signal in these circumstances could cause
> > a USB transfer to fail when otherwise it wouldn't.  The outcome
> > wouldn't be too dreadful, since USB transfers can fail at any time and
> > the system is prepared to handle these failures gracefully.  In
> > theory, for example, a signal might cause a driver's probe routine to
> > fail; in practice if the user doesn't want a probe to fail then he
> > shouldn't send interrupt signals to the probing process.
> 
> While probe() triggered through sysfs or by module loading is one
> example, the USB msg helpers are also called in a lot of other
> user-thread contexts such as open() calls etc. It might even be that the
> majority of these calls can be done from user threads (post
> enumeration).

Could be.  It's not a well defined matter; it depends on what drivers 
are in use and how they are used.

Consider that a control message in a driver is likely to use the 
default USB_CTRL_[GS]ET_TIMEOUT value of 5 seconds.  Does it make sense 
to allow uninterruptible wait states to last as long as that?

And to what extent does it matter if we make these delays 
interruptible?  A signal delivered during a system call will be fielded 
when the call returns if not earlier; the only difference will be that 
now some USB messages may be aborted.  For things like SIGINT or 
SIGTERM this seems reasonable.  (I'm not so sure about things like 
SIGALRM, SIGIO, or SIGSTOP, though.)

> > Overall, then, making these delays interruptible seems to be an
> > acceptable risk.
> 
> Possibly, but changing the API like this to fix the usbfs ioctls seems
> like using a bit of a too big hammer to me, especially when backporting
> to stable.

Perhaps the stable backport could be delayed for a while (say, one 
release cycle).

Do you have alternative suggestions?  I don't think we want special 
interruptible versions of usb_control_msg() and usb_bulk_msg() just for 
use by usbfs.

Alan Stern

  reply	other threads:[~2021-08-30 14:46 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-28 15:52 [syzbot] INFO: task hung in do_proc_bulk syzbot
2021-08-28 18:03 ` Alan Stern
2021-08-28 20:05   ` syzbot
2021-08-29  1:58     ` [PATCH] USB: core: Make usb_start_wait_urb() interruptible Alan Stern
2021-08-30  7:56       ` Johan Hovold
2021-08-30 14:46         ` Alan Stern [this message]
2021-08-30 15:11           ` Oliver Neukum
2021-08-30 16:09             ` Alan Stern
2021-08-31  8:52               ` Oliver Neukum
2021-08-31  9:13           ` Johan Hovold
2021-08-31 10:47             ` Oliver Neukum
2021-08-31 11:02             ` Oliver Neukum
2021-08-31 11:10             ` Johan Hovold
2021-08-31 17:03               ` Alan Stern
2021-09-01  8:16                 ` Oliver Neukum
2021-09-02 20:04 ` [syzbot] INFO: task hung in do_proc_bulk Alan Stern
2021-09-02 20:46   ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210830144613.GA332514@rowland.harvard.edu \
    --to=stern@rowland.harvard.edu \
    --cc=greg@kroah.com \
    --cc=johan@kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=syzbot+ada0f7d3d9fd2016d927@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.