lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250407074905.2d236fb9@foxbook>
Date: Mon, 7 Apr 2025 07:49:05 +0200
From: MichaƂ Pecio <michal.pecio@...il.com>
To: Alan Stern <stern@...land.harvard.edu>
Cc: Paul Menzel <pmenzel@...gen.mpg.de>, Mathias Nyman
 <mathias.nyman@...ux.intel.com>, Mathias Nyman <mathias.nyman@...el.com>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-usb@...r.kernel.org,
 LKML <linux-kernel@...r.kernel.org>
Subject: Re: xhci: WARN Set TR Deq Ptr cmd failed due to incorrect slot or
 ep state.

On Sun, 6 Apr 2025 15:26:41 -0400, Alan Stern wrote:
> I'd guess that you're seeing the result of the
> 
> 		usb_disable_interface(udev, intf, true);
> 
> call in usb_reset_and_verify_device().  This call is made following
> the actual reset, as part of the procedure for putting everything
> back to the way it was before the reset.

Your guess is right. I added dump_stack() to those calls.

The bug is triggered by this function calling usb_disable_interface()
and usb_enable_interface() after usb_hcd_alloc_bandwidth().

These two issue endpoint_disable() and endpoint_reset() to the HCD and
xhci_hcd appears to be confused about the intent of the former, because
it clears host_ep->hcpriv, breaking all future endpoint_reset() calls.

Since 6.15, this call informs xhci_hcd that device endpoint has been
cleared and pending URBs can be started, so this isn't working now.


BTW, that's not a corner of the driver which I'm very familiar with,
but AFAIU this disable/enable sequence is pointless for xHCI if done
on freshly created endpoints. It would only wait for clearing TT to
finish (there should be none) and issue some commands to clear the
toggle/sequence state (which should be blank).

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ