lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0b985241-31a4-4d12-80be-4e211d21dfd6@samsung.com>
Date: Wed, 7 Aug 2024 10:16:56 +0530
From: Selvarasu Ganesan <selvarasu.g@...sung.com>
To: Thinh Nguyen <Thinh.Nguyen@...opsys.com>
Cc: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"jh0801.jung@...sung.com" <jh0801.jung@...sung.com>, "dh10.jung@...sung.com"
	<dh10.jung@...sung.com>, "naushad@...sung.com" <naushad@...sung.com>,
	"akash.m5@...sung.com" <akash.m5@...sung.com>, "rc93.raju@...sung.com"
	<rc93.raju@...sung.com>, "taehyun.cho@...sung.com"
	<taehyun.cho@...sung.com>, "hongpooh.kim@...sung.com"
	<hongpooh.kim@...sung.com>, "eomji.oh@...sung.com" <eomji.oh@...sung.com>,
	"shijie.cai@...sung.com" <shijie.cai@...sung.com>
Subject: Re: [PATCH] usb: dwc3: core: Prevent USB core invalid event buffer
 address access


On 8/7/2024 5:44 AM, Thinh Nguyen wrote:
> On Mon, Jul 22, 2024, Selvarasu Ganesan wrote:
>> This commit addresses an issue where the USB core could access an
>> invalid event buffer address during runtime suspend, potentially causing
>> SMMU faults and other memory issues. The problem arises from the
>> following sequence.
>> 	1. In dwc3_gadget_suspend, there is a chance of a timeout when
>> 	moving the USB core to the halt state after clearing the
>> 	run/stop bit by software.
>> 	2. In dwc3_core_exit, the event buffer is cleared regardless of
>> 	the USB core's status, which may lead to an SMMU faults and
>> 	other memory issues. if the USB core tries to access the event
>> 	buffer address.
>>
>> To prevent this issue, this commit ensures that the event buffer address
>> is not cleared by software  when the USB core is active during runtime
>> suspend by checking its status before clearing the buffer address.
> What happen after adding this check? Can the device resume and function
> properly afterward? If not, do you know if a soft-reset will recover the
> issue?
>
> Thanks,
> Thinh

Yes, we can see the proper resume with this fix even if the USB IP core 
not entered into halted during suspend.

And we not tried soft reset as this fix is working fine.

Anyway soft reset is part of resume sequence and it will reset or 
recover the USB IP state machine.


Thanks,

Selva

>
>> Signed-off-by: Selvarasu Ganesan <selvarasu.g@...sung.com>
>> ---
>>   drivers/usb/dwc3/core.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
>> index cb82557678dd..c7c1a253862e 100644
>> --- a/drivers/usb/dwc3/core.c
>> +++ b/drivers/usb/dwc3/core.c
>> @@ -559,8 +559,10 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc)
>>   void dwc3_event_buffers_cleanup(struct dwc3 *dwc)
>>   {
>>   	struct dwc3_event_buffer	*evt;
>> +	u32				reg;
>>   
>> -	if (!dwc->ev_buf)
>> +	reg = dwc3_readl(dwc->regs, DWC3_DSTS);
>> +	if (!dwc->ev_buf || !(reg & DWC3_DSTS_DEVCTRLHLT))
>>   		return;
>>   
>>   	evt = dwc->ev_buf;
>> -- 
>> 2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ