| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 4 Dec 2023 16:02:11 +0800
From: Yaxiong Tian <iambestgod@...look.com>
To: mathias.nyman@...el.com, gregkh@...uxfoundation.org
Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
tianyaxiong@...inos.cn
Subject: [PATCH] usb:xhci: Avoid hub_event() stuck when xHC restore state timeout
From: Yaxiong Tian <tianyaxiong@...inos.cn>
when xHc restore state timeout,the xhci_reusme() return -ETIMEDOUT
instantly. After usb_hc_died() called ,they kick hub_wq to running
hub_event() but the wq is freezd. When suspend ends,hub_evnet realy
running and sticking.
Such as:
[ 968.794016][ 2] [ T37] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs"
disables this message.
[ 968.802969][ 2] [ T37] kworker/2:3 D 0 999 2 0x00000028
[ 968.809579][ 2] [ T37] Workqueue: usb_hub_wq hub_event
[ 968.814885][ 2] [ T37] Call trace:
[ 968.818455][ 2] [ T37] __switch_to+0xd4/0x138
[ 968.823067][ 2] [ T37] __schedule+0x2dc/0x6a0
[ 968.827680][ 2] [ T37] schedule+0x34/0xb0
[ 968.831947][ 2] [ T37] schedule_timeout+0x1e0/0x298
[ 968.837079][ 2] [ T37] __wait_for_common+0xf0/0x208
[ 968.842212][ 2] [ T37] wait_for_completion+0x1c/0x28
[ 968.847432][ 2] [ T37] xhci_configure_endpoint+0x104/0x640
[ 968.853173][ 2] [ T37] xhci_check_bandwidth+0x140/0x2e0
[ 968.858652][ 2] [ T37] usb_hcd_alloc_bandwidth+0x1c8/0x348
[ 968.864393][ 2] [ T37] usb_disable_device+0x198/0x260
[ 968.869698][ 2] [ T37] usb_disconnect+0xdc/0x3a0
[ 968.874571][ 2] [ T37] usb_disconnect+0xbc/0x3a0
[ 968.879441][ 2] [ T37] hub_quiesce+0xa0/0x108
[ 968.884053][ 2] [ T37] hub_event+0x4d4/0x1558
[ 968.888664][ 2] [ T37] kretprobe_trampoline+0x0/0xc4
[ 968.893884][ 2] [ T37] worker_thread+0x4c/0x488
[ 968.898668][ 2] [ T37] kthread+0xf8/0x128
[ 968.902933][ 2] [ T37] ret_from_fork+0x10/0x18
The result is that you cannot suspend again.because the wq can't
be freezed.Also hard to reboot,when some application visited this
piece.
The reason of stuck is that some access related to xhci hardware
is being called.But xhci has problem,at least not running.(
when xhci_restore_registers(),the xhci will load op_regs.The
CMD_RUN will clear in xhci_suspend().)
So using XHCI_STATE_DYING flag,to avoid any code to touching
hardware immediately.hub_event() will complete.The usb_hc_died
tasks will be completed and some sys interfaces will be removed.
Signed-off-by: Yaxiong Tian <tianyaxiong@...inos.cn>
---
drivers/usb/host/xhci.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index cb885ddc2032..f0ddd7421e1f 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1044,7 +1044,8 @@ int xhci_resume(struct xhci_hcd *xhci, pm_message_t msg)
*/
if (xhci_handshake(&xhci->op_regs->status,
STS_RESTORE, 0, 100 * 1000)) {
- xhci_warn(xhci, "WARN: xHC restore state timeout\n");
+ xhci_err(xhci, "xHC restore state timeout, assume dead\n");
+ xhci->xhc_state |= XHCI_STATE_DYING;
spin_unlock_irq(&xhci->lock);
return -ETIMEDOUT;
}
--
2.25.1
Powered by blists - more mailing lists