lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <45e02c34-c45d-4ec7-8bd3-6c7808518229@linux.intel.com>
Date: Fri, 30 Aug 2024 16:53:56 +0300
From: Mathias Nyman <mathias.nyman@...ux.intel.com>
To: Pawel Laszczak <pawell@...ence.com>,
 "mathias.nyman@...el.com" <mathias.nyman@...el.com>
Cc: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
 "peter.chen@...nel.org" <peter.chen@...nel.org>,
 "linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH v2] usb: xhci: fixes lost of data for xHCI Cadence
 Controllers

On 21.8.2024 9.01, Pawel Laszczak wrote:
> Stream endpoint can skip part of TD during next transfer initialization
> after beginning stopped during active stream data transfer.
> The Set TR Dequeue Pointer command does not clear all internal
> transfer-related variables that position stream endpoint on transfer ring.
> 
> USB Controller stores all endpoint state information within RsvdO fields
> inside endpoint context structure. For stream endpoints, all relevant
> information regarding particular StreamID is stored within corresponding
> Stream Endpoint context.
> Whenever driver wants to stop stream endpoint traffic, it invokes
> Stop Endpoint command which forces the controller to dump all endpoint
> state-related variables into RsvdO spaces into endpoint context and stream
> endpoint context. Whenever driver wants to reinitialize endpoint starting
> point on Transfer Ring, it uses the Set TR Dequeue Pointer command
> to update dequeue pointer for particular stream in Stream Endpoint
> Context. When stream endpoint is forced to stop active transfer in the
> middle of TD, it dumps an information about TRB bytes left in RsvdO fields
> in Stream Endpoint Context which will be used in next transfer
> initialization to designate starting point for XDMA. This field is not
> cleared during Set TR Dequeue Pointer command which causes XDMA to skip
> over transfer ring and leads to data loss on stream pipe.
> 
> Patch fixes this by clearing out all RsvdO fields before initializing new
> transfer via that StreamID.
> 
> Field Rsvd0 is reserved field, so patch should not have impact for other
> xHCI controllers.
> 
> Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver")
> cc: <stable@...r.kernel.org>
> Signed-off-by: Pawel Laszczak <pawell@...ence.com>

Thanks,

Code looks good but maybe we should skip adding this to stable until we are really
sure modifying the RsvdO fields for _all_ host controllers doesn't cause any issues.

I simplified and changed the commit message, is the following ok with you:

usb: xhci: fix loss of data on Cadence xHC

Streams should flush their TRB cache, re-read TRBs, and start executing
TRBs from the beginning of the new dequeue pointer after a 'Set TR
Dequeue Pointer' command.

Cadence controllers may fail to start from the beginning of the dequeue
TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context
during 'Set TR Dequeue' command.
This stream context area is where xHC stores information about the last
partially executed TD when a stream is stopped.
xHC uses this information to resume the transfer where it left mid TD,
when the stream is restarted.

Patch fixes this by clearing out all RsvdO fields before initializing new
Stream transfer using a 'Set TR Dequeue Pointer' command.

Field RsvdO is reserved field, so patch should not have impact on other
xHCI controllers, but don't add this patch to stable kernels yet
before it has worked flawlessly upstream on different hosts for a while.

[simplify and edit commit message -Mathias]

Signed-off-by: Pawel Laszczak <pawell@...ence.com>
Signed-off-by: Mathias Nyman <mathias.nyman@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ