lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f6bba9d1-2221-4bad-a7d7-564a5a311de1@rowland.harvard.edu>
Date: Thu, 20 Nov 2025 22:08:08 -0500
From: Alan Stern <stern@...land.harvard.edu>
To: Thinh Nguyen <Thinh.Nguyen@...opsys.com>
Cc: Selvarasu Ganesan <selvarasu.g@...sung.com>,
	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"linux-usb@...r.kernel.org" <linux-usb@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"jh0801.jung@...sung.com" <jh0801.jung@...sung.com>,
	"dh10.jung@...sung.com" <dh10.jung@...sung.com>,
	"naushad@...sung.com" <naushad@...sung.com>,
	"akash.m5@...sung.com" <akash.m5@...sung.com>,
	"h10.kim@...sung.com" <h10.kim@...sung.com>,
	"eomji.oh@...sung.com" <eomji.oh@...sung.com>,
	"alim.akhtar@...sung.com" <alim.akhtar@...sung.com>,
	"thiagu.r@...sung.com" <thiagu.r@...sung.com>,
	"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH v2] usb: dwc3: gadget: Prevent EPs resource conflict
 during StartTransfer

On Fri, Nov 21, 2025 at 02:22:02AM +0000, Thinh Nguyen wrote:
> On Wed, Nov 19, 2025, Alan Stern wrote:
> > ->set_alt() is called by the composite core when a Set-Interface or 
> > Set-Config control request arrives from the host.  It happens within the 
> > composite_setup() handler, which is called by the UDC driver when a 
> > control request arrives, which means it happens in the context of the 
> > UDC driver's interrupt handler.  Therefore ->set_alt() callbacks must 
> > not sleep.
> 
> This should be changed. I don't think we can expect set_alt() to
> be in interrupt context only.

Agreed.

> > To do this right, I can't think of any approach other than to make the 
> > composite core use a work queue or other kernel thread for handling 
> > Set-Interface and Set-Config calls.  
> 
> Sounds like it should've been like this initially.

I guess the nobody thought through the issues very carefully at the time 
the composite framework was designed.  Maybe the UDCs that existed back 
did not require a lot of time to flush endpoints; I can't remember.

> > Without that ability, we will have to audit every function driver to 
> > make sure the ->set_alt() callbacks do ensure that endpoints are flushed 
> > before they are re-enabled.
> > 
> > There does not seem to be any way to fix the problem just by changing 
> > the gadget core.
> > 
> 
> We can have a workaround in dwc3 that can temporarily "work" with what
> we have. However, eventually, we will need to properly rework this and
> audit the gadget drivers.

Clearly, the first step is to change the composite core.  That can be 
done without messing up anything else.  But yes, eventually the gadget 
drivers will have to be audited.

Alan Stern

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ