| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Sep 2022 12:01:20 -0400
From: Alan Stern <stern@...land.harvard.edu>
To: Rondreis <linhaoguo86@...il.com>
Cc: balbi@...nel.org, andriy.shevchenko@...ux.intel.com,
jakobkoschel@...il.com, quic_wcheng@...cinc.com,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: kernel v5.19 warn in usb_ep_queue
On Wed, Sep 21, 2022 at 11:00:41PM +0800, Rondreis wrote:
> Thanks for your reply!
> I applied this patch in v5.19 and the reproducer just attached
> a composite device with network and mass storage functions.
> The output of the kernel is as follows:
> [ 1558.868398][ T7423] configfs-gadget gadget.1: Enable bulk in
> [ 1558.868675][ T7423] configfs-gadget gadget.1: Enable bulk out
> [ 1558.868957][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1558.952998][ T24] cdc_eem 2-1:1.0 usb1: register 'cdc_eem' at
> usb-dummy_hcd.1-1, CDC EEM Device, 72:47:e4:74:0b:8e
> [ 1558.968402][ T24] usb-storage 2-1:1.1: USB Mass Storage device detected
> [ 1558.976267][ T24] scsi host2: usb-storage 2-1:1.1
> [ 1560.028547][ T7470] cdc_eem 2-1:1.0 usb1: unregister 'cdc_eem'
> usb-dummy_hcd.1-1, CDC EEM Device
> [ 1560.078980][ T7470] configfs-gadget gadget.1: Bulk out complete
> ffff8881279f0b00
> [ 1560.080226][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.080617][ T7470] configfs-gadget gadget.1: Disable bulk in B
> [ 1560.080820][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.081456][ T7470] configfs-gadget gadget.1: Disable bulk out B
> [ 1560.081950][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.083056][ T7423] ------------[ cut here ]------------
> [ 1560.083386][ T7423] WARNING: CPU: 0 PID: 7423 at
> drivers/usb/gadget/udc/core.c:283 usb_ep_queue+0x9b/0x3b0
Okay, that's not what I expected. Can you try the same thing with
updated patch below?
Alan Stern
Index: usb-devel/drivers/usb/gadget/function/f_mass_storage.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/function/f_mass_storage.c
+++ usb-devel/drivers/usb/gadget/function/f_mass_storage.c
@@ -367,6 +367,7 @@ static void __raise_exception(struct fsg
{
unsigned long flags;
+ dev_info(&common->gadget->dev, "Raise exception %d %p\n", new_state, arg);
/*
* Do nothing if a higher-priority exception is already in progress.
* If a lower-or-equal priority exception is in progress, preempt it
@@ -415,6 +416,7 @@ static void bulk_in_complete(struct usb_
struct fsg_common *common = ep->driver_data;
struct fsg_buffhd *bh = req->context;
+ dev_info(&common->gadget->dev, "Bulk in complete %p\n", bh);
if (req->status || req->actual != req->length)
DBG(common, "%s --> %d, %u/%u\n", __func__,
req->status, req->actual, req->length);
@@ -431,6 +433,7 @@ static void bulk_out_complete(struct usb
struct fsg_common *common = ep->driver_data;
struct fsg_buffhd *bh = req->context;
+ dev_info(&common->gadget->dev, "Bulk out complete %p\n", bh);
dump_msg(common, "bulk-out", req->buf, req->actual);
if (req->status || req->actual != bh->bulk_out_intended_length)
DBG(common, "%s --> %d, %u/%u\n", __func__,
@@ -547,6 +550,7 @@ static bool start_in_transfer(struct fsg
if (!fsg_is_set(common))
return false;
bh->state = BUF_STATE_SENDING;
+ dev_info(&common->gadget->dev, "Bulk in start %p\n", bh);
if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq))
bh->state = BUF_STATE_EMPTY;
return true;
@@ -557,6 +561,8 @@ static bool start_out_transfer(struct fs
if (!fsg_is_set(common))
return false;
bh->state = BUF_STATE_RECEIVING;
+ dev_info(&common->gadget->dev, "Bulk out start %p\n", bh);
+ dump_stack();
if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq))
bh->state = BUF_STATE_FULL;
return true;
@@ -2310,12 +2316,15 @@ reset:
/* Disable the endpoints */
if (fsg->bulk_in_enabled) {
+ dev_info(&fsg->gadget->dev, "Disable bulk in A\n");
usb_ep_disable(fsg->bulk_in);
fsg->bulk_in_enabled = 0;
}
if (fsg->bulk_out_enabled) {
+ dev_info(&fsg->gadget->dev, "Disable bulk out A\n");
usb_ep_disable(fsg->bulk_out);
fsg->bulk_out_enabled = 0;
+ dev_info(&fsg->gadget->dev, "Disable bulk out A finished\n");
}
common->fsg = NULL;
@@ -2333,6 +2342,7 @@ reset:
rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in);
if (rc)
goto reset;
+ dev_info(&fsg->gadget->dev, "Enable bulk in\n");
rc = usb_ep_enable(fsg->bulk_in);
if (rc)
goto reset;
@@ -2343,6 +2353,7 @@ reset:
fsg->bulk_out);
if (rc)
goto reset;
+ dev_info(&fsg->gadget->dev, "Enable bulk out\n");
rc = usb_ep_enable(fsg->bulk_out);
if (rc)
goto reset;
@@ -2392,12 +2403,15 @@ static void fsg_disable(struct usb_funct
/* Disable the endpoints */
if (fsg->bulk_in_enabled) {
+ dev_info(&fsg->gadget->dev, "Disable bulk in B\n");
usb_ep_disable(fsg->bulk_in);
fsg->bulk_in_enabled = 0;
}
if (fsg->bulk_out_enabled) {
+ dev_info(&fsg->gadget->dev, "Disable bulk out B\n");
usb_ep_disable(fsg->bulk_out);
fsg->bulk_out_enabled = 0;
+ dev_info(&fsg->gadget->dev, "Disable bulk out B finished\n");
}
__raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL);
Powered by blists - more mailing lists