[Bug 217862] [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards.

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: bugzilla-daemon@kernel.org
To: linux-usb@vger.kernel.org
Subject: [Bug 217862] [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards.
Date: Sat, 02 Sep 2023 23:36:16 +0000	[thread overview]
Message-ID: <bug-217862-208809-lVYBCtk9pG@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-217862-208809@https.bugzilla.kernel.org/>

https://bugzilla.kernel.org/show_bug.cgi?id=217862

--- Comment #3 from pawlick3r@proton.me ---
(In reply to Alan Stern from comment #2)
> Please try this again after applying the commit in
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/
> ?id=a6ff6e7a9dd69364547751db0f626a10a6d628d2

The commit is included in Kernel 6.5 already, which my system is currently
running. 
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/usb/storage/alauda.c?h=v6.5

On previous versions of the kernel before this patch, the card reader reported
no media and generated an error about how the transfer buffer is on stack.
Chances are this broke 6 or so years ago when the kernel behavior was changed
to block drivers that did that behavior (see:
https://linux.kernel.narkive.com/YOK3Jf56/patch-v2-usb-core-warn-if-an-urb-s-transfer-buffer-is-on-stack)
but I might have to do some testing to see what Linux version in particular
broke it. Here is the error on Kernel 5.15 as an example on Ubuntu 22.04:

[   43.057770] usb 1-1: new full-speed USB device number 5 using xhci_hcd
[   43.221275] usb 1-1: New USB device found, idVendor=0584, idProduct=0008,
bcdDevice= 1.02
[   43.221284] usb 1-1: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[   43.221288] usb 1-1: Product: USB SmartMedia Adapter
[   43.221291] usb 1-1: Manufacturer: YAMAICHI ELECTRONICS Co.,Ltd.
[   43.307610] usbcore: registered new interface driver usb-storage
[   43.310782] ums-alauda 1-1:1.0: USB Mass Storage device detected
[   43.315826] scsi host1: usb-storage 1-1:1.0
[   43.316038] usbcore: registered new interface driver ums-alauda
[   44.316803] scsi 1:0:0:0: Direct-Access     Fujifilm DPC-R1 (Alauda)  0102
PQ: 0 ANSI: 0 CCS
[   44.316936] scsi 1:0:0:1: Direct-Access     Fujifilm DPC-R1 (Alauda)  0102
PQ: 0 ANSI: 0 CCS
[   44.317379] ------------[ cut here ]------------
[   44.317381] transfer buffer is on stack
[   44.317400] sd 1:0:0:0: Attached scsi generic sg0 type 0
[   44.317404] WARNING: CPU: 0 PID: 3177 at drivers/usb/core/hcd.c:1498
usb_hcd_map_urb_for_dma+0x4a9/0x4f0
[   44.317421] Modules linked in: ums_alauda usb_storage ccm rfcomm cmac
algif_hash algif_skcipher af_alg bnep snd_soc_skl snd_soc_hdac_hda
snd_hda_ext_core snd_soc_sst_ipc snd_hda_codec_hdmi snd_soc_sst_dsp
snd_soc_acpi_intel_match snd_ctl_led snd_hda_codec_conexant snd_soc_acpi
snd_hda_codec_generic ledtrig_audio intel_rapl_msr snd_soc_core snd_compress
ac97_bus snd_pcm_dmaengine snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi
snd_hda_codec mei_hdcp snd_hda_core snd_hwdep snd_pcm uvcvideo
videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 snd_seq_midi btusb btrtl
videobuf2_common btbcm btintel videodev snd_seq_midi_event mc intel_rapl_common
intel_tcc_cooling snd_rawmidi x86_pkg_temp_thermal intel_powerclamp coretemp
binfmt_misc bluetooth kvm_intel kvm ecdh_generic ecc rapl snd_seq nls_iso8859_1
intel_cstate hp_wmi snd_seq_device sparse_keymap platform_profile iwlmvm
intel_wmi_thunderbolt snd_timer joydev input_leds snd mac80211 serio_raw
wmi_bmof libarc4 iwlwifi ee1004 soundcore
[   44.317549]  cfg80211 mei_me intel_pch_thermal intel_xhci_usb_role_switch
mei hp_accel mac_hid lis3lv02d wireless_hotkey tpm_infineon acpi_pad
sch_fq_codel msr parport_pc ppdev lp ramoops parport reed_solomon pstore_blk
pstore_zone efi_pstore ip_tables x_tables autofs4 i915 i2c_algo_bit ttm
drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops rtsx_pci_sdmmc cec
crct10dif_pclmul crc32_pclmul rc_core i2c_i801 nvme ghash_clmulni_intel
aesni_intel crypto_simd cryptd psmouse e1000e i2c_smbus drm nvme_core xhci_pci
xhci_pci_renesas rtsx_pci ahci intel_lpss_pci intel_lpss libahci idma64 wmi
video pinctrl_sunrisepoint
[   44.317637] CPU: 0 PID: 3177 Comm: usb-storage Not tainted 5.15.0-82-generic
#91-Ubuntu
[   44.317643] Hardware name: HP HP EliteBook 840 G3/8079, BIOS N75 Ver. 01.57
07/28/2022
[   44.317646] RIP: 0010:usb_hcd_map_urb_for_dma+0x4a9/0x4f0
[   44.317654] Code: ff 4c 89 f2 48 c7 c7 00 e5 84 87 48 89 c6 e8 8f 60 37 00
0f 0b eb c1 48 c7 c7 25 3b 8a 87 c6 05 fb 7b 85 01 01 e8 78 60 37 00 <0f> 0b 41
be f5 ff ff ff 41 8b 54 24 5c e9 3d fc ff ff 0f 0b 41 be
[   44.317658] RSP: 0018:ffffa3e3410a3bc0 EFLAGS: 00010282
[   44.317663] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
0000000000000027
[   44.317667] RDX: ffff910623820588 RSI: 0000000000000001 RDI:
ffff910623820580
[   44.317670] RBP: ffffa3e3410a3bf8 R08: 0000000000000003 R09:
fffffffffffd1a70
[   44.317673] R10: 000000000000001d R11: 0000000000000001 R12:
ffff91040aec6540
[   44.317676] R13: ffff910400ca0000 R14: 0000000000000000 R15:
0000000000000c00
[   44.317680] FS:  0000000000000000(0000) GS:ffff910623800000(0000)
knlGS:0000000000000000
[   44.317684] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   44.317688] CR2: 00007fd828fc8ae0 CR3: 0000000043410006 CR4:
00000000003706f0
[   44.317692] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[   44.317695] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[   44.317698] Call Trace:
[   44.317700]  <TASK>
[   44.317710]  xhci_map_urb_for_dma+0x149/0x170
[   44.317717]  usb_hcd_submit_urb+0x81/0x300
[   44.317724]  usb_submit_urb+0x254/0x6d0
[   44.317734]  usb_stor_msg_common+0xa3/0x150 [usb_storage]
[   44.317747]  usb_stor_ctrl_transfer+0xa0/0xd0 [usb_storage]
[   44.317757]  alauda_check_media+0x68/0x190 [ums_alauda]
[   44.317765]  alauda_transport+0x119/0x36c [ums_alauda]
[   44.317771]  ? schedule+0x69/0x110
[   44.317783]  usb_stor_invoke_transport+0x3b/0x550 [usb_storage]
[   44.317793]  ? __wait_for_common+0xf7/0x150
[   44.317798]  ? usleep_range_state+0x90/0x90
[   44.317806]  usb_stor_transparent_scsi_command+0xe/0x20 [usb_storage]
[   44.317812]  usb_stor_control_thread+0x195/0x290 [usb_storage]
[   44.317819]  ? storage_probe+0xe0/0xe0 [usb_storage]
[   44.317826]  kthread+0x127/0x150
[   44.317832]  ? set_kthread_struct+0x50/0x50
[   44.317837]  ret_from_fork+0x1f/0x30
[   44.317845]  </TASK>
[   44.317847] ---[ end trace 09f7f04fe1319ab9 ]---
[   44.317943] sd 1:0:0:0: [sda] Media removed, stopped polling
[   44.317966] sd 1:0:0:1: [sdb] Media removed, stopped polling
[   44.318106] sd 1:0:0:1: Attached scsi generic sg1 type 0
[   44.322084] sd 1:0:0:0: [sda] Attached SCSI removable disk
[   44.322208] sd 1:0:0:1: [sdb] Attached SCSI removable disk

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are watching the assignee of the bug.

next prev parent reply	other threads:[~2023-09-02 23:36 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-02  1:05 [Bug 217862] New: [BUG] Alauda driver causes oops when inserted with card in with transfer buffer is on stack, throws errors if card is inserted afterwards bugzilla-daemon
2023-09-02  1:05 ` [Bug 217862] " bugzilla-daemon
2023-09-02  2:49 ` bugzilla-daemon
2023-09-02 23:36 ` bugzilla-daemon [this message]
2023-09-03 16:09 ` bugzilla-daemon
2023-09-04 19:41 ` bugzilla-daemon
2023-09-05  0:46 ` bugzilla-daemon
2023-09-05 16:16 ` bugzilla-daemon
2023-09-05 16:17 ` bugzilla-daemon
2023-09-05 17:47 ` bugzilla-daemon
2023-09-05 17:48 ` bugzilla-daemon
2023-09-05 19:43 ` bugzilla-daemon
2023-09-06  1:25 ` bugzilla-daemon
2023-09-06 14:49 ` bugzilla-daemon
2023-09-07  1:35 ` bugzilla-daemon
2023-09-07 13:02 ` bugzilla-daemon
2023-09-09 20:58 ` bugzilla-daemon
2023-09-10  2:33 ` bugzilla-daemon
2023-09-13 18:08 ` bugzilla-daemon
2023-09-13 19:08 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-217862-208809-lVYBCtk9pG@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@kernel.org \
    --cc=linux-usb@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.