CVS commit: src/sys/dev/usb

[Taylor R Campbell]

Module Name:    src
Committed By:   riastradh
Date:           Sat Mar 12 15:30:42 UTC 2022

Modified Files:
        src/sys/dev/usb: vhci.c

Log Message:
vhci(4): Don't fail with ENOBUFS if no intrxfer is set up.

uhub(4) will set up the intrxfer and query the current state at its
leisure -- no need to treat racing with it as a failure.

(If there's some reason the caller needs to know about this state,
then (a) there should be a comment explaining why, and (b) the
assertion in vhci_fd_close needs to change.)

Should fix a host of syzbot crashes that were all tripping over the
same assertion but with different gobbledegook on the console --
here's all the ones I found in a quick skim of the front page:

Reported-by: syzbot+58b183ac688d656e1...@syzkaller.appspotmail.com
Reported-by: syzbot+e7b0e904184aa2c18...@syzkaller.appspotmail.com
Reported-by: syzbot+476b25a0a3655f356...@syzkaller.appspotmail.com
Reported-by: syzbot+e5b69892daf87a746...@syzkaller.appspotmail.com
Reported-by: syzbot+db7f0bc71c33a488d...@syzkaller.appspotmail.com
Reported-by: syzbot+71d0e82df292c5673...@syzkaller.appspotmail.com
Reported-by: syzbot+dbfaad061b2c909d6...@syzkaller.appspotmail.com
Reported-by: syzbot+d8b90cead59b887fe...@syzkaller.appspotmail.com
Reported-by: syzbot+ea147adc4461acb9f...@syzkaller.appspotmail.com
Reported-by: syzbot+cb7239776d4f51c39...@syzkaller.appspotmail.com
Reported-by: syzbot+ffbae2dd4d4a0196b...@syzkaller.appspotmail.com
Reported-by: syzbot+95d4852ea931f775c...@syzkaller.appspotmail.com
Reported-by: syzbot+3236a5e1bc356909b...@syzkaller.appspotmail.com
Reported-by: syzbot+f5ac32d58eab38bce...@syzkaller.appspotmail.com
Reported-by: syzbot+beb9643da72188117...@syzkaller.appspotmail.com
Reported-by: syzbot+896191203695ba350...@syzkaller.appspotmail.com
Reported-by: syzbot+7c175b48b2682cc32...@syzkaller.appspotmail.com
Reported-by: syzbot+caa5bc391d36d7533...@syzkaller.appspotmail.com
Reported-by: syzbot+9fe6d4c43fa10f9e4...@syzkaller.appspotmail.com
Reported-by: syzbot+ae9ae663386e72d17...@syzkaller.appspotmail.com
Reported-by: syzbot+a0c3a5c2f7af91e44...@syzkaller.appspotmail.com
Reported-by: syzbot+3c157b017d0cafa7a...@syzkaller.appspotmail.com
Reported-by: syzbot+1e05efbbf2d7df821...@syzkaller.appspotmail.com
Reported-by: syzbot+999f20b408f61e22f...@syzkaller.appspotmail.com
Reported-by: syzbot+22d227370f78b3a34...@syzkaller.appspotmail.com
Reported-by: syzbot+33760fa9b95349460...@syzkaller.appspotmail.com
Reported-by: syzbot+75d865aafbc9ebadb...@syzkaller.appspotmail.com
Reported-by: syzbot+3ddff5cb80bc0c9ac...@syzkaller.appspotmail.com
Reported-by: syzbot+0f942570160d533d8...@syzkaller.appspotmail.com


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/sys/dev/usb/vhci.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/dev/usb/vhci.c
diff -u src/sys/dev/usb/vhci.c:1.25 src/sys/dev/usb/vhci.c:1.26
--- src/sys/dev/usb/vhci.c:1.25	Thu Mar  3 06:12:11 2022
+++ src/sys/dev/usb/vhci.c	Sat Mar 12 15:30:42 2022
@@ -1,4 +1,4 @@
-/*	$NetBSD: vhci.c,v 1.25 2022/03/03 06:12:11 riastradh Exp $ */
+/*	$NetBSD: vhci.c,v 1.26 2022/03/12 15:30:42 riastradh Exp $ */
 
 /*
  * Copyright (c) 2019-2020 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: vhci.c,v 1.25 2022/03/03 06:12:11 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vhci.c,v 1.26 2022/03/12 15:30:42 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -787,7 +787,6 @@ vhci_usb_attach(vhci_fd_t *vfd)
 	vhci_port_t *port;
 	struct usbd_xfer *xfer;
 	u_char *p;
-	int ret = 0;
 
 	port = &sc->sc_port[vfd->port];
 
@@ -802,7 +801,6 @@ vhci_usb_attach(vhci_fd_t *vfd)
 	xfer = sc->sc_intrxfer;
 
 	if (xfer == NULL) {
-		ret = ENOBUFS;
 		goto done;
 	}
 	KASSERT(xfer->ux_status == USBD_IN_PROGRESS);
@@ -821,7 +819,7 @@ vhci_usb_attach(vhci_fd_t *vfd)
 
 done:
 	mutex_exit(&sc->sc_lock);
-	return ret;
+	return 0;
 }
 
 static void
@@ -886,8 +884,7 @@ vhci_usb_detach(vhci_fd_t *vfd)
 
 	xfer = sc->sc_intrxfer;
 	if (xfer == NULL) {
-		mutex_exit(&sc->sc_lock);
-		return ENOBUFS;
+		goto done;
 	}
 	KASSERT(xfer->ux_status == USBD_IN_PROGRESS);
 
@@ -910,6 +907,7 @@ vhci_usb_detach(vhci_fd_t *vfd)
 	vhci_port_flush(sc, port);
 
 	mutex_exit(&port->lock);
+done:
 	mutex_exit(&sc->sc_lock);
 	return 0;
 }