lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 7 Oct 2014 09:06:56 -0500
From:	Felipe Balbi <>
To:	Robert Baldyga <>
CC:	<>, <>,
	<>, <>,
	<>, <>,
Subject: Re: [PATCH] usb: gadget: f_fs: add "zombie" mode


On Tue, Oct 07, 2014 at 08:33:16AM +0200, Robert Baldyga wrote:
> On 10/07/2014 04:28 AM, Felipe Balbi wrote:
> > Hi,
> > 
> > On Mon, Oct 06, 2014 at 01:25:14PM +0200, Robert Baldyga wrote:
> >> Since we can compose gadgets from many functions, there is the problem
> >> related to gadget breakage while FunctionFS daemon being closed. In some
> >> cases it's strongly desired to keep gadget alive for a while, despite
> >> FunctionFS files are closed, to allow another functions to complete
> >> some presumably critical operations.
> >>
> >> For this purpose this patch introduces "zombie" mode. It can be enabled
> >> by setting mount option "zombie=1", and results with defering function
> >> closure to the moment of reopening ep0 file or filesystem umount.
> >>
> >> When ffs->state == FFS_ZOMBIE:
> >> - function is still binded and visible to host,
> >> - setup requests are automatically stalled,
> >> - all another transfers are refused,
> >> - opening ep0 causes function close, and then FunctionFS is ready for
> >>   descriptors and string write,
> >> - umount of functionfs cause function close.
> >>
> >> Signed-off-by: Robert Baldyga <>
> > 
> > Can you further explain how do you trigger this ? Do I understand
> > correctly that you composed a gadget using configfs and that gadget has
> > functionfs + another gadget ?
> > 
> Yes, I compose configfs gadget from functionfs + another gadget, and
> when functionfs daemon closes ep files, entire gadget get disconnected
> from host. FFS function is userspace code so there is no way to know
> when it will close files (it doesn't matter what is the reason of this
> situation, it can be daemon logic, program breakage, process kill or any
> other). So when we have another function in gadget which, for example,
> sends some amount of data, does some software update or implements some
> real-time functionality, we may want to keep the gadget connected
> despite FFS function is no longer functional. We can't just remove one
> of functions from gadget since it has been enumerated, so the only way
> we can do that is to make broken FFS function "zombie". It will be still
> visible to host but it will no longer implement it's functionality.

now that's an explanation. Can you update commit log with some of this
info (once we agree on how to go about fixing this) ?

I'm not sure we should try to fix this. The only case where this could
trigger is if ffs daemon crashes and dies or somebody sends a bogus
signal to kill it.

A function cannot communicate with the host if it isn't functional
and ffs depends on its userland daemon. If daemon is crashing, why not
print a big WARN("closed %s while connected to host\n") ? That seems
like it's as much as we can do from the kernel. Userland should know
that they can't have a buggy ffs daemon.

> > Then what do you need to do the trigger the issue, and what really _is_
> > the issue ? Is gadget disconnecting from host too early ? Do you see a
> > crash ? Memory leak ? Any logs available ? Any steps to reproduce ?
> > 
> You simply compose gadget from, for example, ethernet and functionfs.
> You try to send some huge file through ftp, and in meantime FFS function
> breaks. If FFS hasn't enabled "zombie" mode, entire gadget will be
> disconnected and data transmission will fail. If "zombie" mode is
> enabled, then FFS function after daemon breakage will become "zombie"
> and will be nonfunctional, but ethernet gadget will be still active and
> data transfer will be completed.

yeah, this is the problem I have with the feature. We can't expose a
non-working interface to USB host. If daemon crashes, we have to

> > Quite frankly, I don't really like this "zombie" mode. <joke> I know
> > there's a "The Walking Dead" hype right now, but this is too much.
> > </joke>
> >
> I see, but after all I couldn't find more descriptive name for this feature.

That was a joke :)


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists