Received: by 2002:a19:f614:0:0:0:0:0 with SMTP id x20csp36394lfe; Fri, 15 Apr 2022 18:14:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJysJ9FLkpQBjm0Iql30Eo+pipef+66yM/eiMXis92kmAi68VscWERrg0bGF9wt+ZCOhrrTH X-Received: by 2002:a05:6a02:283:b0:342:703e:1434 with SMTP id bk3-20020a056a02028300b00342703e1434mr1244375pgb.74.1650071659310; Fri, 15 Apr 2022 18:14:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650071659; cv=none; d=google.com; s=arc-20160816; b=OH/YCV0UgB2NfHZfaMeBSB/7gW07HxP5TOjZ3tj1UcksJYx6fkBUocay8SfiPwIZTM CB7kANdhhm1eQYTqBWQM7VqWqsYHp9ky0WG2p1PICvOwcqpDd41JqqQTRY62Yuyy2sg3 ACoO1+AGum8tlrzRS4YTiOTUvdi/q9cw7cCZ0HGKGKQa4hzmDkGPXmkWh+WNVIFSeLYF 0wlqodLg+COqE2MfaM43iSsM/XCvEKSkN/gmmGS2wXuqsM/nPOPYNGJPMdppmXD+DgoP ZLjCtL3w5OQZRIMWWQExTdpzWyof9/WaVTFhZte8oraE2u+KuUAejNOnHHoy9XZuq8/I ALQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :content-language:references:cc:to:subject:from:user-agent :mime-version:date:message-id:dkim-signature; bh=rq7yUoLN5kZ74ztwyG29HHmd6+Kid7Wc5fWXZhevA0E=; b=fsUeih0JroOKzQM3maSeu39MSE3nh1pg0f+TwKXRsxSn2hJ4BRnyNttBu9V/Qcg7Er wtLieyLLO7vtd4hs9jumMdAUprfd8qN997lc41ew8piU9fppEpReyC9yu7YIGXCKqII2 f1LVfiaPKO4LoKIAR598UnYUO2EiWHMNUgwrtF+V8vgyjDXBXjskAwIsqyZ1VQI50kCi wS4YrduKtmTQNITEiP7ijkp4S0RSigoCx9VcVzV+nY/57U7Z1syvgS+h42SQod+34L4j /CHCd1k72x3oUM8b/ZR2c02/Jo2MTRgLpY1CuEcl+53/RVyA9PxDpt94kInH7V2AhW5E gkGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=ctHaCHRU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id u8-20020a17090341c800b00156a80ba52esi2894042ple.274.2022.04.15.18.14.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 18:14:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcdkim header.b=ctHaCHRU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A95A0A996C; Fri, 15 Apr 2022 17:51:07 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346056AbiDNVrZ (ORCPT + 99 others); Thu, 14 Apr 2022 17:47:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241439AbiDNVrW (ORCPT ); Thu, 14 Apr 2022 17:47:22 -0400 Received: from alexa-out.qualcomm.com (alexa-out.qualcomm.com [129.46.98.28]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B50F13633E; Thu, 14 Apr 2022 14:44:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; i=@quicinc.com; q=dns/txt; s=qcdkim; t=1649972696; x=1681508696; h=message-id:date:mime-version:from:subject:to:cc: references:in-reply-to:content-transfer-encoding; bh=rq7yUoLN5kZ74ztwyG29HHmd6+Kid7Wc5fWXZhevA0E=; b=ctHaCHRU3YF5OiAcXN5Qu8ufatuiR4+LZFXmievZErVeQjBQXy1njkLk xs2KEFWzBcVBdq8YMojfVSV6YPmtfm1gQKRc8xrrtkN3BI3v0BYDgMZWs GcFjmnOtLVsKrdzvogOd/E9VqQ5RNQ80unIHnGMjtXGVpPRaC6rejPjA3 0=; Received: from ironmsg08-lv.qualcomm.com ([10.47.202.152]) by alexa-out.qualcomm.com with ESMTP; 14 Apr 2022 14:44:55 -0700 X-QCInternal: smtphost Received: from nasanex01c.na.qualcomm.com ([10.47.97.222]) by ironmsg08-lv.qualcomm.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Apr 2022 14:44:55 -0700 Received: from nalasex01b.na.qualcomm.com (10.47.209.197) by nasanex01c.na.qualcomm.com (10.47.97.222) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 14 Apr 2022 14:44:55 -0700 Received: from [10.110.74.74] (10.80.80.8) by nalasex01b.na.qualcomm.com (10.47.209.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Thu, 14 Apr 2022 14:44:54 -0700 Message-ID: <10f77fe4-a1a7-60a2-af98-a6060318ab0d@quicinc.com> Date: Thu, 14 Apr 2022 14:44:53 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 From: Wesley Cheng Subject: Re: [PATCH] usb: dwc3: EP clear halt leading to incorrect submission of delayed_status To: Pavan Kondeti CC: , , , References: <20220407015336.19455-1-quic_wcheng@quicinc.com> <20220411154803.GA26372@hu-pkondeti-hyd.qualcomm.com> Content-Language: en-US In-Reply-To: <20220411154803.GA26372@hu-pkondeti-hyd.qualcomm.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nalasex01b.na.qualcomm.com (10.47.209.197) X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Pavan, On 4/11/2022 8:48 AM, Pavan Kondeti wrote: > Hi Wesley, > > On Wed, Apr 06, 2022 at 06:53:36PM -0700, Wesley Cheng wrote: >> The usb_ep_clear_halt() API can be called from the function driver, and >> translates to dwc3_gadget_ep_set_halt(). This routine is shared with when >> the host issues a clear feature ENDPOINT_HALT, and is differentiated by the >> protocol argument. If the following sequence occurs, there can be a >> situation where the delayed_status flag is improperly cleared for the wrong >> SETUP transaction: >> >> 1. Vendor specific control transfer returns USB_GADGET_DELAYED_STATUS. >> 2. DWC3 gadget sets dwc->delayed_status to '1'. >> 3. Another function driver issues a usb_ep_clear_halt() call. >> 4. DWC3 gadget issues dwc3_stop_active_transfer() and sets >> DWC3_EP_PENDING_CLEAR_STALL. >> 5. EP command complete interrupt triggers for the end transfer, and >> dwc3_ep0_send_delayed_status() is allowed to run, as delayed_status >> is '1' due to step#1. >> 6. STATUS phase is sent, and delayed_status is cleared. >> 7. Vendor specific control transfer is finished being handled, and issues >> usb_composite_setup_continue(). This results in queuing of a data >> phase. >> >> Cache the protocol flag so that DWC3 gadget is aware of when the clear halt >> is due to a SETUP request from the host versus when it is sourced from a >> function driver. This allows for the EP command complete interrupt to know >> if it needs to issue a delayed status phase. >> >> Signed-off-by: Wesley Cheng >> --- >> drivers/usb/dwc3/core.h | 1 + >> drivers/usb/dwc3/ep0.c | 1 + >> drivers/usb/dwc3/gadget.c | 3 ++- >> 3 files changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h >> index 5c9d467195a6..55f98485c54c 100644 >> --- a/drivers/usb/dwc3/core.h >> +++ b/drivers/usb/dwc3/core.h >> @@ -1272,6 +1272,7 @@ struct dwc3 { >> unsigned connected:1; >> unsigned softconnect:1; >> unsigned delayed_status:1; >> + unsigned clear_stall_protocol:1; >> unsigned ep0_bounced:1; >> unsigned ep0_expect_in:1; >> unsigned has_hibernation:1; >> diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c >> index 1064be5518f6..aa8476da222d 100644 >> --- a/drivers/usb/dwc3/ep0.c >> +++ b/drivers/usb/dwc3/ep0.c >> @@ -1080,6 +1080,7 @@ void dwc3_ep0_send_delayed_status(struct dwc3 *dwc) >> unsigned int direction = !dwc->ep0_expect_in; >> >> dwc->delayed_status = false; >> + dwc->clear_stall_protocol = 0; >> >> if (dwc->ep0state != EP0_STATUS_PHASE) >> return; >> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c >> index ab725d2262d6..c427ddae016f 100644 >> --- a/drivers/usb/dwc3/gadget.c >> +++ b/drivers/usb/dwc3/gadget.c >> @@ -2152,6 +2152,7 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) >> if (dep->flags & DWC3_EP_END_TRANSFER_PENDING || >> (dep->flags & DWC3_EP_DELAY_STOP)) { >> dep->flags |= DWC3_EP_PENDING_CLEAR_STALL; >> + dwc->clear_stall_protocol = protocol; >> return 0; >> } >> >> @@ -3483,7 +3484,7 @@ static void dwc3_gadget_endpoint_command_complete(struct dwc3_ep *dep, >> } >> >> dep->flags &= ~(DWC3_EP_STALL | DWC3_EP_WEDGE); >> - if (dwc->delayed_status) >> + if (dwc->clear_stall_protocol) >> dwc3_ep0_send_delayed_status(dwc); >> } >> > > Is it safe to maintain clear_stall_protocol per dwc3 instance? What if > CLEAR_FEATURE(halt_endpoint) and usb_ep_clear_halt() are interleaved and > We come here as part of usb_ep_clear_halt()'s endpoint command complete. > We may simply send the delayed status corresponding to the protocol clear > stall. > > We can still maintain a global flag if we cache endpoint number in it so > that we can cross check against the endpoint for which completion received. > > Thanks, > Pavan > Thanks for the comments/feedback. I agree with what you mentioned, and will fix that potential condition. Will resubmit a new rev, after some testing. Thanks Wesley Cheng