lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 30 Jul 2021 16:52:31 -0600
From:   Shuah Khan <skhan@...uxfoundation.org>
To:     Michael <msbroadf@...il.com>
Cc:     valentina.manea.m@...il.com, shuah@...nel.org,
        gregkh@...uxfoundation.org, linux-usb@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Shuah Khan <skhan@...uxfoundation.org>
Subject: Re: [PATCH v2] vhci_hcd: USB port can get stuck in the disabled state

On 7/23/21 5:58 PM, Michael wrote:
> Here is the lsusb on the client when the device fails to attach
> ---------------------------------------
> michael@...ntu:~$ lsusb
> Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
> Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
> 
> 
> Here is the lsusb on the host before use
> -----------------------------------------------------
> pi@...pberrypi:~ $ lsusb
> Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
> Bus 001 Device 003: ID 045e:02e6 Microsoft Corp. Wireless XBox Controller Dongle
> Bus 001 Device 002: ID 2109:3431 VIA Labs, Inc. Hub
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> 

Sorry for the delay on this. I had to make time to do some research on
usb_reset_device() calls from probe routines.

 From what you said in another email:

"The device is in the  VDEV_ST_USED state when a reset occurs and so its
never re-enabled"

Right if device is in VDEV_ST_USED state, vhci treats reset as invalid.

Your commit log says:

"When a remote usb device is attached to the local Virtual USB
Host Controller Root Hub port, the bound device driver may send a
port reset command. For example to initialize firmware (eg. btusb does this).
This port reset command can be sent at any time, however the VHCI hcd
root hub is only expecting reset to occur before the device receives
SET_ADDRESS. The USB port should always be enabled after a reset
(because the port is virtual and there is no possibility of hardware errors)"

It appears btusb driver issues reset as a workaround: btusb_setup_intel()

        /* The controller has a bug with the first HCI command sent to it
          * returning number of completed commands as zero. This would stall the
          * command processing in the Bluetooth core.
          *
          * As a workaround, send HCI Reset command first which will reset the
          * number of completed commands and allow normal command processing
          * from now on.
          */

Another "Toggle the hard reset line" workaround for Realtek devices:
See btusb_rtl_cmd_timeout()

Both of these cases are workarounds. Is this what you are referring to about
btusb doing reset?

Specific to this bug report and mt76, other network/wireless usb drivers
call usb_reset_device() from their probe routines unconditionally. These
are the calls from normal paths and not fw load/error paths.

rtl8152_probe(), carl9170_usb_probe(), mt7663u_probe() and so on. Looking
at these probe routines, it appears some of them do that to avoid problems
in disconnect path.

I have two questions:
- Is it necessary to do usb_reset_device() in net/wireless usb driver
   probe routines?
- Are these legit calls according to protocol?

If yes, we can look into changing vhci to handle this case for net/wireless
usb drivers. I would not delete the check though. I would add VDEV_ST_USED
check in addition to VDEV_ST_NOTASSIGNED with some comments on why this is
necessary.

Furthermore there is a bug in the line pr_err("vhci_device speed not set\n");
(L479) because resetting a full-speed device is not an error.

This is a separate issue is separate. vhci is missing USB_SPEED_FULL checks
at various places. This has to be done as a separate work.

thanks,
-- Shuah

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ