| Message ID | 20240815064836.1491-1-selvarasu.g@samsung.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v3] usb: dwc3: core: Prevent USB core invalid event buffer address access | expand |
On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: > This commit addresses an issue where the USB core could access an > invalid event buffer address during runtime suspend, potentially causing > SMMU faults and other memory issues in Exynos platforms. The problem > arises from the following sequence. > 1. In dwc3_gadget_suspend, there is a chance of a timeout when > moving the USB core to the halt state after clearing the > run/stop bit by software. > 2. In dwc3_core_exit, the event buffer is cleared regardless of > the USB core's status, which may lead to an SMMU faults and > other memory issues. if the USB core tries to access the event > buffer address. > > To prevent this hardware quirk on Exynos platforms, this commit ensures > that the event buffer address is not cleared by software when the USB > core is active during runtime suspend by checking its status before > clearing the buffer address. > > Cc: stable@vger.kernel.org # v6.1+ Any hint as to what commit id this fixes? thanks, greg k-h
On 8/16/2024 3:25 PM, Greg KH wrote: > On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: >> This commit addresses an issue where the USB core could access an >> invalid event buffer address during runtime suspend, potentially causing >> SMMU faults and other memory issues in Exynos platforms. The problem >> arises from the following sequence. >> 1. In dwc3_gadget_suspend, there is a chance of a timeout when >> moving the USB core to the halt state after clearing the >> run/stop bit by software. >> 2. In dwc3_core_exit, the event buffer is cleared regardless of >> the USB core's status, which may lead to an SMMU faults and >> other memory issues. if the USB core tries to access the event >> buffer address. >> >> To prevent this hardware quirk on Exynos platforms, this commit ensures >> that the event buffer address is not cleared by software when the USB >> core is active during runtime suspend by checking its status before >> clearing the buffer address. >> >> Cc: stable@vger.kernel.org # v6.1+ > Any hint as to what commit id this fixes? > > thanks, > > greg k-h Hi Greg, This issue is not related to any particular commit. The given fix is address a hardware quirk on the Exynos platform. And we require it to be backported on stable kernel 6.1 and above all stable kernel. Thanks, Selva >
On Thu, Aug 15, 2024, Selvarasu Ganesan wrote: > This commit addresses an issue where the USB core could access an > invalid event buffer address during runtime suspend, potentially causing > SMMU faults and other memory issues in Exynos platforms. The problem > arises from the following sequence. > 1. In dwc3_gadget_suspend, there is a chance of a timeout when > moving the USB core to the halt state after clearing the > run/stop bit by software. > 2. In dwc3_core_exit, the event buffer is cleared regardless of > the USB core's status, which may lead to an SMMU faults and > other memory issues. if the USB core tries to access the event > buffer address. > > To prevent this hardware quirk on Exynos platforms, this commit ensures > that the event buffer address is not cleared by software when the USB > core is active during runtime suspend by checking its status before > clearing the buffer address. > > Cc: stable@vger.kernel.org # v6.1+ Usually there's no "v" to indicate version. I'm not sure if it'll be an issue. Regardless, Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com> Thanks, Thinh > Signed-off-by: Selvarasu Ganesan <selvarasu.g@samsung.com> > ---
On Fri, Aug 16, 2024 at 09:13:09PM +0530, Selvarasu Ganesan wrote: > > On 8/16/2024 3:25 PM, Greg KH wrote: > > On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: > >> This commit addresses an issue where the USB core could access an > >> invalid event buffer address during runtime suspend, potentially causing > >> SMMU faults and other memory issues in Exynos platforms. The problem > >> arises from the following sequence. > >> 1. In dwc3_gadget_suspend, there is a chance of a timeout when > >> moving the USB core to the halt state after clearing the > >> run/stop bit by software. > >> 2. In dwc3_core_exit, the event buffer is cleared regardless of > >> the USB core's status, which may lead to an SMMU faults and > >> other memory issues. if the USB core tries to access the event > >> buffer address. > >> > >> To prevent this hardware quirk on Exynos platforms, this commit ensures > >> that the event buffer address is not cleared by software when the USB > >> core is active during runtime suspend by checking its status before > >> clearing the buffer address. > >> > >> Cc: stable@vger.kernel.org # v6.1+ > > Any hint as to what commit id this fixes? > > > > thanks, > > > > greg k-h > > > Hi Greg, > > This issue is not related to any particular commit. The given fix is > address a hardware quirk on the Exynos platform. And we require it to be > backported on stable kernel 6.1 and above all stable kernel. If it's a hardware quirk issue, why are you restricting it to a specific kernel release and not a specific kernel commit? Why not 5.15? 5.4? thanks, greg k-h
On 8/17/2024 10:47 AM, Greg KH wrote: > On Fri, Aug 16, 2024 at 09:13:09PM +0530, Selvarasu Ganesan wrote: >> On 8/16/2024 3:25 PM, Greg KH wrote: >>> On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: >>>> This commit addresses an issue where the USB core could access an >>>> invalid event buffer address during runtime suspend, potentially causing >>>> SMMU faults and other memory issues in Exynos platforms. The problem >>>> arises from the following sequence. >>>> 1. In dwc3_gadget_suspend, there is a chance of a timeout when >>>> moving the USB core to the halt state after clearing the >>>> run/stop bit by software. >>>> 2. In dwc3_core_exit, the event buffer is cleared regardless of >>>> the USB core's status, which may lead to an SMMU faults and >>>> other memory issues. if the USB core tries to access the event >>>> buffer address. >>>> >>>> To prevent this hardware quirk on Exynos platforms, this commit ensures >>>> that the event buffer address is not cleared by software when the USB >>>> core is active during runtime suspend by checking its status before >>>> clearing the buffer address. >>>> >>>> Cc: stable@vger.kernel.org # v6.1+ >>> Any hint as to what commit id this fixes? >>> >>> thanks, >>> >>> greg k-h >> >> Hi Greg, >> >> This issue is not related to any particular commit. The given fix is >> address a hardware quirk on the Exynos platform. And we require it to be >> backported on stable kernel 6.1 and above all stable kernel. > If it's a hardware quirk issue, why are you restricting it to a specific > kernel release and not a specific kernel commit? Why not 5.15? 5.4? Hi Greg, I mentioned a specific kernel because our platform is set to be tested and functioning with kernels 6.1 and above, and the issue was reported with these kernel versions. However, we would be fine if all stable kernels, such as 5.4 and 5.15, were backported. In this case, if you need a new patch version to update the Cc tag for all stable kernels, please suggest the Cc tag to avoid confusion in next version. Thanks, Selva > > thanks, > > greg k-h > >
On 8/17/2024 7:13 PM, Selvarasu Ganesan wrote: > On 8/17/2024 10:47 AM, Greg KH wrote: >> On Fri, Aug 16, 2024 at 09:13:09PM +0530, Selvarasu Ganesan wrote: >>> On 8/16/2024 3:25 PM, Greg KH wrote: >>>> On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: >>>>> This commit addresses an issue where the USB core could access an >>>>> invalid event buffer address during runtime suspend, potentially causing >>>>> SMMU faults and other memory issues in Exynos platforms. The problem >>>>> arises from the following sequence. >>>>> 1. In dwc3_gadget_suspend, there is a chance of a timeout when >>>>> moving the USB core to the halt state after clearing the >>>>> run/stop bit by software. >>>>> 2. In dwc3_core_exit, the event buffer is cleared regardless of >>>>> the USB core's status, which may lead to an SMMU faults and >>>>> other memory issues. if the USB core tries to access the event >>>>> buffer address. >>>>> >>>>> To prevent this hardware quirk on Exynos platforms, this commit ensures >>>>> that the event buffer address is not cleared by software when the USB >>>>> core is active during runtime suspend by checking its status before >>>>> clearing the buffer address. >>>>> >>>>> Cc: stable@vger.kernel.org # v6.1+ >>>> Any hint as to what commit id this fixes? >>>> >>>> thanks, >>>> >>>> greg k-h >>> Hi Greg, >>> >>> This issue is not related to any particular commit. The given fix is >>> address a hardware quirk on the Exynos platform. And we require it to be >>> backported on stable kernel 6.1 and above all stable kernel. >> If it's a hardware quirk issue, why are you restricting it to a specific >> kernel release and not a specific kernel commit? Why not 5.15? 5.4? > Hi Greg, > > I mentioned a specific kernel because our platform is set to be tested > and functioning with kernels 6.1 and above, and the issue was reported > with these kernel versions. However, we would be fine if all stable > kernels, such as 5.4 and 5.15, were backported. In this case, if you > need a new patch version to update the Cc tag for all stable kernels, > please suggest the Cc tag to avoid confusion in next version. > > Thanks, > Selva Hi Greg, Would you like to provide any feedback or suggestions regarding the my last comments mentioned above? Thanks, Selva >> thanks, >> >> greg k-h >> >> >
On Sat, Aug 17, 2024 at 07:13:53PM +0530, Selvarasu Ganesan wrote: > > On 8/17/2024 10:47 AM, Greg KH wrote: > > On Fri, Aug 16, 2024 at 09:13:09PM +0530, Selvarasu Ganesan wrote: > >> On 8/16/2024 3:25 PM, Greg KH wrote: > >>> On Thu, Aug 15, 2024 at 12:18:31PM +0530, Selvarasu Ganesan wrote: > >>>> This commit addresses an issue where the USB core could access an > >>>> invalid event buffer address during runtime suspend, potentially causing > >>>> SMMU faults and other memory issues in Exynos platforms. The problem > >>>> arises from the following sequence. > >>>> 1. In dwc3_gadget_suspend, there is a chance of a timeout when > >>>> moving the USB core to the halt state after clearing the > >>>> run/stop bit by software. > >>>> 2. In dwc3_core_exit, the event buffer is cleared regardless of > >>>> the USB core's status, which may lead to an SMMU faults and > >>>> other memory issues. if the USB core tries to access the event > >>>> buffer address. > >>>> > >>>> To prevent this hardware quirk on Exynos platforms, this commit ensures > >>>> that the event buffer address is not cleared by software when the USB > >>>> core is active during runtime suspend by checking its status before > >>>> clearing the buffer address. > >>>> > >>>> Cc: stable@vger.kernel.org # v6.1+ > >>> Any hint as to what commit id this fixes? > >>> > >>> thanks, > >>> > >>> greg k-h > >> > >> Hi Greg, > >> > >> This issue is not related to any particular commit. The given fix is > >> address a hardware quirk on the Exynos platform. And we require it to be > >> backported on stable kernel 6.1 and above all stable kernel. > > If it's a hardware quirk issue, why are you restricting it to a specific > > kernel release and not a specific kernel commit? Why not 5.15? 5.4? > > Hi Greg, > > I mentioned a specific kernel because our platform is set to be tested > and functioning with kernels 6.1 and above, and the issue was reported > with these kernel versions. However, we would be fine if all stable > kernels, such as 5.4 and 5.15, were backported. In this case, if you > need a new patch version to update the Cc tag for all stable kernels, > please suggest the Cc tag to avoid confusion in next version. I'll fix it up when applying it, thanks. greg k-h
diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 734de2a8bd21..ccc3895dbd7f 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -564,9 +564,17 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc) void dwc3_event_buffers_cleanup(struct dwc3 *dwc) { struct dwc3_event_buffer *evt; + u32 reg; if (!dwc->ev_buf) return; + /* + * Exynos platforms may not be able to access event buffer if the + * controller failed to halt on dwc3_core_exit(). + */ + reg = dwc3_readl(dwc->regs, DWC3_DSTS); + if (!(reg & DWC3_DSTS_DEVCTRLHLT)) + return; evt = dwc->ev_buf;
This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this hardware quirk on Exynos platforms, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address. Cc: stable@vger.kernel.org # v6.1+ Signed-off-by: Selvarasu Ganesan <selvarasu.g@samsung.com> --- Changes in v3: - Added comment on why we need this fix. - Included platform name in commit message. - Removed Fixes tag as no issue on the previous commits, and updated Cc tag. - Link to v2: https://lore.kernel.org/lkml/20240808120507.1464-1-selvarasu.g@samsung.com/ Changes in v2: - Added separate check for USB controller status before cleaning the event buffer. - Link to v1: https://lore.kernel.org/lkml/20240722145617.537-1-selvarasu.g@samsung.com/ --- drivers/usb/dwc3/core.c | 8 ++++++++ 1 file changed, 8 insertions(+)