lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20210809063135.GA7428@nchen>
Date:   Mon, 9 Aug 2021 14:31:35 +0800
From:   Peter Chen <peter.chen@...nel.org>
To:     Jeaho Hwang <jhhwang@...t.co.kr>
Cc:     linux-usb@...r.kernel.org,
        변무광(Byeon Moo Kwang)/자동화연)Automation Platform연구팀 
        <mkbyeon@...lectric.co.kr>, Linux team <team-linux@...t.co.kr>,
        linux-rt-users@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: Chipidea USB device goes infinite loop due to interrupt while
 hw_ep_prime

On 21-08-09 10:45:16, Jeaho Hwang wrote:
> 2021년 8월 9일 (월) 오전 10:27, Peter Chen <peter.chen@...nel.org>님이 작성:
> >
> > On 21-08-04 11:03:44, Jeaho Hwang wrote:
> > > Hi. linux-usb and linux-rt experts.
> > > >
> > > > On 21-08-02 17:35:01, Jeaho Hwang wrote:
> > > > > Hi.
> > > > >
> > > > > We found an infinite loop inside the function hw_ep_set_halt
> > > > > (drivers/usb/chipidea/udc.c) if a cablle is repeatedly
> > > > > connnected/disconnected while ping through RNDIS with chipidea USB device.
> > > > >
> > > > > Using ftrace tracing, we found that hw_ep_set_halt is called due to error
> > > > > return of hw_ep_prime(drivers/usb/chipidea/udc.c:202) which is called from
> > > > > isr_tr_complete_handler -> isr_setup_status_phase -> _ep_queue.
> > > > >
> > > > > The comment of function hw_ep_prime says (execute without interruption) but
> > > > > timer interrupt is occurred while hw_ep_prime is executing. We believe that
> > > > > the interrupt causes an error return of hw_ep_prime. We tried to protect
> > > > > hw_ep_prime from irqs and then no case of the infinite loop is occurred.
> > > > >
> > > > > I want ask if it is appropriate way that turning off irq inside (threaded)
> > > > > irq handlers. And should we explicitly turn off irqs before calling
> > > > > hw_ep_prime?
> > > > >
> > > >
> > > > Jeaho, do you use RT-Linux or standard Linux? The function hw_ep_prime is
> > > > only called at udc_irq which is registered as top-half irq handlers.
> > > > Why the timer interrupt is occurred when hw_ep_prime is executing?
> > >
> > > We use preempt_RT so timer interrupt could be occurred. Now I found
> > > out that forced threaded irq handler disables local irq on standard
> > > linux so It is a linux-rt issue. Then should I make patch which
> > > disables local irqs during hw_ep_prime for RT kernel and suggest it to
> > > linux-rt maintainers?
> > >
> > > Thanks for a kind answer Peter.
> > >
> >
> 
> Thanks Peter.
> 
> > No, that will lead to deadlock since the normal request queue API function
> > ep_queue disables irq which also calls into hw_ep_prime.
> 
> ep_queue disables irq by calling spin_lock_irqsave but it actually
> does not disable irq for RT kernel.
> Therefore local_irq_save at hw_ep_prime would not cause deadlock if
> ep_queue calls it, i think.
> 
> Is it anything wrong?

Oh, I was wrong that I thought you would use spin_lock_irqsave to
disable interrupt. I am not familiar with spin_lock_irqsave behaviours
at RT kernel.

Yes, if you use local_irq_save at below sequence, that's ok.

spin_lock_irqsave(lock, flag_1);
...
func hw_ep_prime
{
	local_irq_save(flag_2);
	...
	local_irq_restore(flag_2);
}
...
spin_unlock_irqrestore(lock, flag_1);

Peter

> 
> >
> > For RT kernel, you may try to disable local irq at isr_setup_status_phase.
> >
> > --
> >
> > Thanks,
> > Peter Chen
> >
> 
> 
> -- 
> 황재호, Jay Hwang, linux team manager of RTst
> 010-7242-1593

-- 

Thanks,
Peter Chen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ