Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2079696rda; Tue, 24 Oct 2023 11:36:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG9Zo8uEP9z9HFMVwqHDS3DTcXAnszmJALcYmdGWEJwRWcdSlZGe7nG0GgT/NqNsrWZGdo5 X-Received: by 2002:a05:6300:808b:b0:159:dccb:8bb4 with SMTP id ap11-20020a056300808b00b00159dccb8bb4mr3442252pzc.23.1698172603245; Tue, 24 Oct 2023 11:36:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698172603; cv=none; d=google.com; s=arc-20160816; b=ksfONcaCaAmWWYEHk/rSnOxaMGGQd69iMGfdc2Gxi7POOgxiMaIxQSe1Jb0/TV4kjp OVoj7YGK9oFoufQfBfJrIRDmEUWP2NIobTYy7v5PzyA24ZP7knuTaad+OE3O8UWmxnY1 PJgTOg/6xxpTi2jU42FZJKZfdWeKS74kn3IWkgeyhbu9CC/PIMT+5Xs3wQ6JinI20xwn yoQgxEE1JkDKYx5WFIxIGeNbJjmzmZzG/NZNeLfMbqvq3t5GGAP58fLXsTzwOteSmiPA novPXV2f5Lr9AcILebcgrn2dEV1MqBtdkv6srrlVrL1Lney0Mc/U3K83/Q6RrHUVlKqq eyXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=9pSPStWZfaGxyc7aEXpJ6QS+ToFKtNrTx418c5IJDrY=; fh=mNRU094uygHtWEbbVt2iuJXx5ZS7icP/BgRleDWzkbQ=; b=XTG2cnw+riWvjgzJEWw+HBuMlBJu7zeZHc+EBANRcAHRnqQmhkhKY8oxZl4Hakyf9F 9n+kjg1l6xJx/+qUDipfNxYjWA4OCPpCEGL5whXSHEwGKkm9hUk1j3jK3DE5OzF8qjEy i95KK2M3I1uLp93nF4c+FnxE9BPoaz0UmQ0r6dX3J/iv83qL56pIN5wS1MjpMSL3Rj5Y DRloOgAlXx6eHt/uDxeKjmACs6uz0DuvQVhuq0wdPKaFZj/w0ff+ktYMp/03NirkIWVM aa+dJ5kS3Yyxz6Pixokquf1J9rNGExj96It+Gdp967cmdJL5SbKpnfCtW+MxDSZmZ+oL +1cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=AszNQvyT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id q21-20020a632a15000000b00577f65baa3esi8741050pgq.775.2023.10.24.11.36.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 24 Oct 2023 11:36:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=AszNQvyT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 2AEBB803D8E9; Tue, 24 Oct 2023 11:36:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344169AbjJXSgS (ORCPT + 99 others); Tue, 24 Oct 2023 14:36:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344184AbjJXSgP (ORCPT ); Tue, 24 Oct 2023 14:36:15 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4422810D0 for ; Tue, 24 Oct 2023 11:36:10 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id 41be03b00d2f7-5b837dc4d91so2923582a12.1 for ; Tue, 24 Oct 2023 11:36:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1698172570; x=1698777370; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9pSPStWZfaGxyc7aEXpJ6QS+ToFKtNrTx418c5IJDrY=; b=AszNQvyTG0rBaRm2oTeWgi5f4lPhpY1koStvSI4QRdbXz+0RW1acV/2BruGNejGY4p gRMyD0nKbyuKZAMJ3EJ2WWT1TA6yOINJZOsFJ0sknMk6jplLt5HNeSa/hJct/ZtbhYc7 /12ocCvdcoP7fqyX0Sd+fE6lAsa449kWb4/r5WwrMlUocELP/2g+PgRQZ4fM5ryyVMYU mRhIS4ROEvoBxT0iwIP4+xvJCi8wrPielwItpURAkAkQvHFhDTXyF9oQ1z/Jfl5uRK2n d77P9+7kvTku1ymqH4+YhGQJ0B00ZPVCqbQtQPqwPQwGvWd6iIa33MgYjNgNl09DK6Bl AdpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698172570; x=1698777370; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9pSPStWZfaGxyc7aEXpJ6QS+ToFKtNrTx418c5IJDrY=; b=JE8I/NWnAyS5cu4t9gjuSW1KWRJS0z1q+vze9lqhIQAubKJssLZIt4EYH+kbk+Uwfl 4imbViH3x2JIi2xLOxqrVNx5WQODB5XDYbzjpX1wzkiIuaQh3HtEUAJtjgmuDKCl3+B0 4YDLLc1GlpblIEk139onsAq3i5tQgFwW0QjSOb4S/kmfW/ihGd/xz6t3o0buRnKnddPl P55/mMpAEkPDSonubwTjaCHZcfRVIRbqxQj79tBNJ2yDmon95sl/8bmN/wzzKvWM7B3v ghKoYskICd4NuaDce6iyj9En5mVlZhlR4iREYepu/9wiAWqI4stIHB0eti6R0Ir/dndo +WLQ== X-Gm-Message-State: AOJu0YwGyNY9caPZp4/R+lYVrnUfFOmmslagLhM7pB2jMa/6QZhJ6+3U 5orYmlGfpHku84qkWfv0htoQMEQnel9C X-Received: from hi-h2o-specialist.c.googlers.com ([fda3:e722:ac3:cc00:24:72f4:c0a8:3cef]) (user=arakesh job=sendgmr) by 2002:a63:2012:0:b0:584:cd3d:f91e with SMTP id g18-20020a632012000000b00584cd3df91emr210931pgg.11.1698172569638; Tue, 24 Oct 2023 11:36:09 -0700 (PDT) Date: Tue, 24 Oct 2023 11:36:02 -0700 In-Reply-To: <20231019185319.2714000-1-arakesh@google.com> Mime-Version: 1.0 References: <20231019185319.2714000-1-arakesh@google.com> X-Mailer: git-send-email 2.42.0.758.gaed0368e0e-goog Message-ID: <20231024183605.908253-1-arakesh@google.com> Subject: [PATCH v8 1/4] usb: gadget: uvc: prevent use of disabled endpoint From: Avichal Rakesh To: arakesh@google.com, dan.scally@ideasonboard.com, gregkh@linuxfoundation.org, laurent.pinchart@ideasonboard.com Cc: etalvala@google.com, jchowdhary@google.com, linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org, m.grzeschik@pengutronix.de Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 24 Oct 2023 11:36:39 -0700 (PDT) Currently the set_alt callback immediately disables the endpoint and queues the v4l2 streamoff event. However, as the streamoff event is processed asynchronously, it is possible that the video_pump thread attempts to queue requests to an already disabled endpoint. This change moves disabling usb endpoint to the end of streamoff event callback. As the endpoint's state can no longer be used, video_pump is now guarded by uvc->state as well. To be consistent with the actual streaming state, uvc->state is now toggled between CONNECTED and STREAMING from the v4l2 event callback only. Link: https://lore.kernel.org/20230615171558.GK741@pendragon.ideasonboard.com/ Link: https://lore.kernel.org/20230531085544.253363-1-dan.scally@ideasonboard.com/ Reviewed-by: Michael Grzeschik Tested-by: Michael Grzeschik Signed-off-by: Avichal Rakesh --- v1 -> v2: Rebased to ToT and reworded commit message. v2 -> v3: Fix email threading goof-up v3 -> v4: Address review comments & re-rebase to ToT v4 -> v5: Add Reviewed-by & Tested-by v5 -> v6: No change v6 -> v7: No change v7 -> v8: No change. Getting back in review queue drivers/usb/gadget/function/f_uvc.c | 11 +++++------ drivers/usb/gadget/function/f_uvc.h | 2 +- drivers/usb/gadget/function/uvc.h | 2 +- drivers/usb/gadget/function/uvc_v4l2.c | 20 +++++++++++++++++--- drivers/usb/gadget/function/uvc_video.c | 3 ++- 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/drivers/usb/gadget/function/f_uvc.c b/drivers/usb/gadget/function/f_uvc.c index faa398109431..ae08341961eb 100644 --- a/drivers/usb/gadget/function/f_uvc.c +++ b/drivers/usb/gadget/function/f_uvc.c @@ -263,10 +263,13 @@ uvc_function_setup(struct usb_function *f, const struct usb_ctrlrequest *ctrl) return 0; } -void uvc_function_setup_continue(struct uvc_device *uvc) +void uvc_function_setup_continue(struct uvc_device *uvc, int disable_ep) { struct usb_composite_dev *cdev = uvc->func.config->cdev; + if (disable_ep && uvc->video.ep) + usb_ep_disable(uvc->video.ep); + usb_composite_setup_continue(cdev); } @@ -337,15 +340,11 @@ uvc_function_set_alt(struct usb_function *f, unsigned interface, unsigned alt) if (uvc->state != UVC_STATE_STREAMING) return 0; - if (uvc->video.ep) - usb_ep_disable(uvc->video.ep); - memset(&v4l2_event, 0, sizeof(v4l2_event)); v4l2_event.type = UVC_EVENT_STREAMOFF; v4l2_event_queue(&uvc->vdev, &v4l2_event); - uvc->state = UVC_STATE_CONNECTED; - return 0; + return USB_GADGET_DELAYED_STATUS; case 1: if (uvc->state != UVC_STATE_CONNECTED) diff --git a/drivers/usb/gadget/function/f_uvc.h b/drivers/usb/gadget/function/f_uvc.h index 1db972d4beeb..e7f9f13f14dc 100644 --- a/drivers/usb/gadget/function/f_uvc.h +++ b/drivers/usb/gadget/function/f_uvc.h @@ -11,7 +11,7 @@ struct uvc_device; -void uvc_function_setup_continue(struct uvc_device *uvc); +void uvc_function_setup_continue(struct uvc_device *uvc, int disale_ep); void uvc_function_connect(struct uvc_device *uvc); diff --git a/drivers/usb/gadget/function/uvc.h b/drivers/usb/gadget/function/uvc.h index 6751de8b63ad..989bc6b4e93d 100644 --- a/drivers/usb/gadget/function/uvc.h +++ b/drivers/usb/gadget/function/uvc.h @@ -177,7 +177,7 @@ struct uvc_file_handle { * Functions */ -extern void uvc_function_setup_continue(struct uvc_device *uvc); +extern void uvc_function_setup_continue(struct uvc_device *uvc, int disable_ep); extern void uvc_function_connect(struct uvc_device *uvc); extern void uvc_function_disconnect(struct uvc_device *uvc); diff --git a/drivers/usb/gadget/function/uvc_v4l2.c b/drivers/usb/gadget/function/uvc_v4l2.c index 3f0a9795c0d4..7cb8d027ff0c 100644 --- a/drivers/usb/gadget/function/uvc_v4l2.c +++ b/drivers/usb/gadget/function/uvc_v4l2.c @@ -451,7 +451,7 @@ uvc_v4l2_streamon(struct file *file, void *fh, enum v4l2_buf_type type) * Complete the alternate setting selection setup phase now that * userspace is ready to provide video frames. */ - uvc_function_setup_continue(uvc); + uvc_function_setup_continue(uvc, 0); uvc->state = UVC_STATE_STREAMING; return 0; @@ -463,11 +463,18 @@ uvc_v4l2_streamoff(struct file *file, void *fh, enum v4l2_buf_type type) struct video_device *vdev = video_devdata(file); struct uvc_device *uvc = video_get_drvdata(vdev); struct uvc_video *video = &uvc->video; + int ret = 0; if (type != video->queue.queue.type) return -EINVAL; - return uvcg_video_enable(video, 0); + uvc->state = UVC_STATE_CONNECTED; + ret = uvcg_video_enable(video, 0); + if (ret < 0) + return ret; + + uvc_function_setup_continue(uvc, 1); + return 0; } static int @@ -500,6 +507,14 @@ uvc_v4l2_subscribe_event(struct v4l2_fh *fh, static void uvc_v4l2_disable(struct uvc_device *uvc) { uvc_function_disconnect(uvc); + /* + * Drop uvc->state to CONNECTED if it was streaming before. + * This ensures that the usb_requests are no longer queued + * to the controller. + */ + if (uvc->state == UVC_STATE_STREAMING) + uvc->state = UVC_STATE_CONNECTED; + uvcg_video_enable(&uvc->video, 0); uvcg_free_buffers(&uvc->video.queue); uvc->func_connected = false; @@ -647,4 +662,3 @@ const struct v4l2_file_operations uvc_v4l2_fops = { .get_unmapped_area = uvcg_v4l2_get_unmapped_area, #endif }; - diff --git a/drivers/usb/gadget/function/uvc_video.c b/drivers/usb/gadget/function/uvc_video.c index 91af3b1ef0d4..c334802ac0a4 100644 --- a/drivers/usb/gadget/function/uvc_video.c +++ b/drivers/usb/gadget/function/uvc_video.c @@ -384,13 +384,14 @@ static void uvcg_video_pump(struct work_struct *work) struct uvc_video_queue *queue = &video->queue; /* video->max_payload_size is only set when using bulk transfer */ bool is_bulk = video->max_payload_size; + struct uvc_device *uvc = video->uvc; struct usb_request *req = NULL; struct uvc_buffer *buf; unsigned long flags; bool buf_done; int ret; - while (video->ep->enabled) { + while (uvc->state == UVC_STATE_STREAMING && video->ep->enabled) { /* * Retrieve the first available USB request, protected by the * request lock. -- 2.42.0.758.gaed0368e0e-goog