Re: [PATCH 1/2] usb: xhci: fix uninitialized completion when USB3 port got wrong status

From: Mathias Nyman
Date: Tue Oct 23 2018 - 06:36:15 EST

Next message: Shilpasri G Bhat: "[PATCH v2] powernv: sensor-groups: Add debugfs file to enable/disable sensor groups"
Previous message: Milian Wolff: "Re: Broken dwarf unwinding - wrong stack pointer register value?"
In reply to: Aaron Ma: "Re: [PATCH 1/2] usb: xhci: fix uninitialized completion when USB3 port got wrong status"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22.10.2018 20:53, Aaron Ma wrote:

On 10/22/18 9:12 PM, Mathias Nyman wrote:

On 21.10.2018 20:08, Aaron Ma wrote:

Realtek USB3.0 Card Reader [0bda:0328] reports wrong port status on
Cannon lake PCH USB3.1 xHCI [8086:a36d] after resume from S3,
after clear port reset it works fine.

Since this device is registered on USB3 roothub at boot,
when port status reports not superspeed, xhci_get_port_status will call
an uninitialized completion in bus_state[0].
Kernel will hang because of NULL pointer.

Restrict the USB2 resume status check in USB2 roothub to fix hang issue.
No harm to initialize USB3 bus_state[0] in case it is called.

Signed-off-by: Aaron Ma <aaron.ma@xxxxxxxxxxxxx>
---
Â drivers/usb/host/xhci-hub.cÂ | 2 +-
Â drivers/usb/host/xhci-mem.cÂ | 1 >>> Â drivers/usb/host/xhci-ring.c | 2 +-
Â 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 7e2a531ba321..d30ca6ceffc9 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -876,7 +876,7 @@ static u32 xhci_get_port_status(struct usb_hcd *hcd,
ÂÂÂÂÂÂÂÂÂÂÂÂÂ status |= USB_PORT_STAT_SUSPEND;
ÂÂÂÂÂ }
ÂÂÂÂÂ if ((raw_port_status & PORT_PLS_MASK) == XDEV_RESUME &&
-ÂÂÂÂÂÂÂ !DEV_SUPERSPEED_ANY(raw_port_status)) {
+ÂÂÂÂÂÂÂ !DEV_SUPERSPEED_ANY(raw_port_status) && 1 == hcd_index(hcd)) {
ÂÂÂÂÂÂÂÂÂ if ((raw_port_status & PORT_RESET) ||
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ !(raw_port_status & PORT_PE))
ÂÂÂÂÂÂÂÂÂÂÂÂÂ return 0xffffffff;

The original !DEV_SUPERSPEED_ANY() check was not suitable here.
It checks the port-speed field of portsc register (bits 13:10), which
are only valid for USB3
ports if all link training is done and port reached its "enabled" state.
Otherwise it will return 0, and USB3 ports may be mistaken for USB2 ports.

PORT_ENABLE should be already set to one.
The same device ID card reader doesn't have issue on Sunrise Point.
Maybe it is related to Cannon lake PCH USB controller?

Ok, thanks for the info

V2 sent out. Cc-ed stable.

Any chance you to check if the refactored code works with the Realtek
device?
I just created a "get_port_status_refactor" branch for it:

git://git.kernel.org/pub/scm/linux/kernel/git/mnyman/xhci.git
get_port_status_refactor

The hang issue is not reproduced on this kernel branch.

Great, thanks for testing it

-Mathias

Next message: Shilpasri G Bhat: "[PATCH v2] powernv: sensor-groups: Add debugfs file to enable/disable sensor groups"
Previous message: Milian Wolff: "Re: Broken dwarf unwinding - wrong stack pointer register value?"
In reply to: Aaron Ma: "Re: [PATCH 1/2] usb: xhci: fix uninitialized completion when USB3 port got wrong status"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]