lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <54990CE7.1030008@samsung.com>
Date:	Tue, 23 Dec 2014 07:34:15 +0100
From:	Robert Baldyga <r.baldyga@...sung.com>
To:	balbi@...com
Cc:	Peter Chen <peter.chen@...escale.com>, gregkh@...uxfoundation.org,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	m.szyprowski@...sung.com, k.opasiak@...sung.com
Subject: Re: [PATCH] usb: gadget: udc-core: call udc_stop() before gadget unbind

Hi Felipe,

On 12/22/2014 05:34 PM, Felipe Balbi wrote:
> On Mon, Dec 15, 2014 at 11:05:22AM +0100, Robert Baldyga wrote:
>> On 12/15/2014 06:13 AM, Peter Chen wrote:
>>> On Fri, Dec 12, 2014 at 02:17:28PM +0100, Robert Baldyga wrote:
>>>> As usb function drivers assumes that all usb request will be completed
>>>> before function unbind call, we should supply such behavior. In some
>>>> cases ep_disable() won't kill all request effectively, because some
>>>> IN requests can be in running state. In such situation it's possible
>>>> to have unbind function called before last request completion, which
>>>> can cause problems.
>>>
>>> Doesn't the function's disable/unbind should call usb_ep_dequeue to make
>>> sure the transfer has ended?
>>
>> USB function drivers like ECM or HID surely doesn't. It looks like
>> there's assumption that all requests will be completed by UDC driver.
> 
> that's a bug on those drivers :-)

So we can't make assumptions that requests will be completed in
ep_disable()?

> 
>> Function ep_disable() should complete requests in hardware driver, but
>> at least in DWC2 driver not all requests are completed at this stage
> 
> and that's a bug on dwc2 :-)

I have already found that out. Another UDC drivers simply kill all
request without waiting for currently running, so I did the same in
DWC2. Here is my patch:
http://www.spinics.net/lists/linux-usb/msg118698.html

> 
>> (request which are in hardware FIFO are omitted to give them chance to
>> be transferred). Those requests are forced to complete in udc_stop()
> 
> that's wrong, we're disabling the endpoint anyway. Either dwc2 needs to
> wait_for_completion() or forcibly cancel the request. The bottom line is
> that control should not exit ep_disable() until all requests have been
> quiesced.

So that's not bug in function drivers. They make correct assumption,
because they expect that requests will be completed in ep_disable().

> 
>> function, and that's why it's needed to be called before unbind.
>>
>>>
>>> .udc_stop may stop the controller, and .unbind may still visit hardware.
>>
>> Hmm, indeed it can be problem.
> 
> yes, it will be :-)
> 

Thanks,
Robert Baldyga
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ