lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Yys1UHJ/+XoKyR6Y@rowland.harvard.edu>
Date:   Wed, 21 Sep 2022 12:01:20 -0400
From:   Alan Stern <stern@...land.harvard.edu>
To:     Rondreis <linhaoguo86@...il.com>
Cc:     balbi@...nel.org, andriy.shevchenko@...ux.intel.com,
        jakobkoschel@...il.com, quic_wcheng@...cinc.com,
        linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: kernel v5.19 warn in usb_ep_queue

On Wed, Sep 21, 2022 at 11:00:41PM +0800, Rondreis wrote:
> Thanks for your reply!
> I applied this patch in v5.19 and the reproducer just attached
> a composite device with network and mass storage functions.
> The output of the kernel is as follows:

> [ 1558.868398][ T7423] configfs-gadget gadget.1: Enable bulk in
> [ 1558.868675][ T7423] configfs-gadget gadget.1: Enable bulk out
> [ 1558.868957][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1558.952998][   T24] cdc_eem 2-1:1.0 usb1: register 'cdc_eem' at
> usb-dummy_hcd.1-1, CDC EEM Device, 72:47:e4:74:0b:8e
> [ 1558.968402][   T24] usb-storage 2-1:1.1: USB Mass Storage device detected
> [ 1558.976267][   T24] scsi host2: usb-storage 2-1:1.1
> [ 1560.028547][ T7470] cdc_eem 2-1:1.0 usb1: unregister 'cdc_eem'
> usb-dummy_hcd.1-1, CDC EEM Device
> [ 1560.078980][ T7470] configfs-gadget gadget.1: Bulk out complete
> ffff8881279f0b00
> [ 1560.080226][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.080617][ T7470] configfs-gadget gadget.1: Disable bulk in B
> [ 1560.080820][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.081456][ T7470] configfs-gadget gadget.1: Disable bulk out B
> [ 1560.081950][ T7423] configfs-gadget gadget.1: Bulk out start ffff8881279f0b00
> [ 1560.083056][ T7423] ------------[ cut here ]------------
> [ 1560.083386][ T7423] WARNING: CPU: 0 PID: 7423 at
> drivers/usb/gadget/udc/core.c:283 usb_ep_queue+0x9b/0x3b0

Okay, that's not what I expected.  Can you try the same thing with 
updated patch below?

Alan Stern


Index: usb-devel/drivers/usb/gadget/function/f_mass_storage.c
===================================================================
--- usb-devel.orig/drivers/usb/gadget/function/f_mass_storage.c
+++ usb-devel/drivers/usb/gadget/function/f_mass_storage.c
@@ -367,6 +367,7 @@ static void __raise_exception(struct fsg
 {
 	unsigned long		flags;
 
+	dev_info(&common->gadget->dev, "Raise exception %d %p\n", new_state, arg);
 	/*
 	 * Do nothing if a higher-priority exception is already in progress.
 	 * If a lower-or-equal priority exception is in progress, preempt it
@@ -415,6 +416,7 @@ static void bulk_in_complete(struct usb_
 	struct fsg_common	*common = ep->driver_data;
 	struct fsg_buffhd	*bh = req->context;
 
+	dev_info(&common->gadget->dev, "Bulk in complete %p\n", bh);
 	if (req->status || req->actual != req->length)
 		DBG(common, "%s --> %d, %u/%u\n", __func__,
 		    req->status, req->actual, req->length);
@@ -431,6 +433,7 @@ static void bulk_out_complete(struct usb
 	struct fsg_common	*common = ep->driver_data;
 	struct fsg_buffhd	*bh = req->context;
 
+	dev_info(&common->gadget->dev, "Bulk out complete %p\n", bh);
 	dump_msg(common, "bulk-out", req->buf, req->actual);
 	if (req->status || req->actual != bh->bulk_out_intended_length)
 		DBG(common, "%s --> %d, %u/%u\n", __func__,
@@ -547,6 +550,7 @@ static bool start_in_transfer(struct fsg
 	if (!fsg_is_set(common))
 		return false;
 	bh->state = BUF_STATE_SENDING;
+	dev_info(&common->gadget->dev, "Bulk in start %p\n", bh);
 	if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq))
 		bh->state = BUF_STATE_EMPTY;
 	return true;
@@ -557,6 +561,8 @@ static bool start_out_transfer(struct fs
 	if (!fsg_is_set(common))
 		return false;
 	bh->state = BUF_STATE_RECEIVING;
+	dev_info(&common->gadget->dev, "Bulk out start %p\n", bh);
+	dump_stack();
 	if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq))
 		bh->state = BUF_STATE_FULL;
 	return true;
@@ -2310,12 +2316,15 @@ reset:
 
 		/* Disable the endpoints */
 		if (fsg->bulk_in_enabled) {
+			dev_info(&fsg->gadget->dev, "Disable bulk in A\n");
 			usb_ep_disable(fsg->bulk_in);
 			fsg->bulk_in_enabled = 0;
 		}
 		if (fsg->bulk_out_enabled) {
+			dev_info(&fsg->gadget->dev, "Disable bulk out A\n");
 			usb_ep_disable(fsg->bulk_out);
 			fsg->bulk_out_enabled = 0;
+			dev_info(&fsg->gadget->dev, "Disable bulk out A finished\n");
 		}
 
 		common->fsg = NULL;
@@ -2333,6 +2342,7 @@ reset:
 	rc = config_ep_by_speed(common->gadget, &(fsg->function), fsg->bulk_in);
 	if (rc)
 		goto reset;
+	dev_info(&fsg->gadget->dev, "Enable bulk in\n");
 	rc = usb_ep_enable(fsg->bulk_in);
 	if (rc)
 		goto reset;
@@ -2343,6 +2353,7 @@ reset:
 				fsg->bulk_out);
 	if (rc)
 		goto reset;
+	dev_info(&fsg->gadget->dev, "Enable bulk out\n");
 	rc = usb_ep_enable(fsg->bulk_out);
 	if (rc)
 		goto reset;
@@ -2392,12 +2403,15 @@ static void fsg_disable(struct usb_funct
 
 	/* Disable the endpoints */
 	if (fsg->bulk_in_enabled) {
+		dev_info(&fsg->gadget->dev, "Disable bulk in B\n");
 		usb_ep_disable(fsg->bulk_in);
 		fsg->bulk_in_enabled = 0;
 	}
 	if (fsg->bulk_out_enabled) {
+		dev_info(&fsg->gadget->dev, "Disable bulk out B\n");
 		usb_ep_disable(fsg->bulk_out);
 		fsg->bulk_out_enabled = 0;
+		dev_info(&fsg->gadget->dev, "Disable bulk out B finished\n");
 	}
 
 	__raise_exception(fsg->common, FSG_STATE_CONFIG_CHANGE, NULL);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ