Re: [PATCH v3 1/2] usb: udc: core: hide struct usb_gadget_driver to gadget driver

All of lore.kernel.org
 help / color / mirror / Atom feed

From: linyyuan@codeaurora.org
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Felipe Balbi <balbi@kernel.org>,
	Thinh Nguyen <Thinh.Nguyen@synopsys.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
	Jack Pham <jackp@codeaurora.org>
Subject: Re: [PATCH v3 1/2] usb: udc: core: hide struct usb_gadget_driver to gadget driver
Date: Mon, 21 Jun 2021 09:37:34 +0800	[thread overview]
Message-ID: <98c2729c25442d6c66131d17cabdda27@codeaurora.org> (raw)
In-Reply-To: <20210620134743.GA377492@rowland.harvard.edu>

On 2021-06-20 21:47, Alan Stern wrote:
> On Sun, Jun 20, 2021 at 11:53:18AM +0800, linyyuan@codeaurora.org 
> wrote:
>> On 2021-06-20 11:46, linyyuan@codeaurora.org wrote:
>> > On 2021-06-20 10:13, Alan Stern wrote:
>> > > On Sat, Jun 19, 2021 at 11:43:08PM +0800, Linyu Yuan wrote:
>> > > > currently most gadget driver have a pointer to save
>> > > > struct usb_gadget_driver from upper layer,
>> > > > it allow upper layer set and unset of the pointer.
>> > > >
>> > > > there is race that upper layer unset the pointer first,
>> > > > but gadget driver use the pointer later,
>> > > > and it cause system crash due to NULL pointer access.
>> > >
>> > > This race has already been fixed in Greg's usb-next branch.  See
>> > > commit
>> > > 7dc0c55e9f30 ("USB: UDC core: Add udc_async_callbacks gadget op") and
>> > > following commits 04145a03db9d ("USB: UDC: Implement
>> > > udc_async_callbacks in dummy-hcd") and b42e8090ba93 ("USB: UDC:
>> > > Implement udc_async_callbacks in net2280").
>> > >
>> > thanks, this is better, lower driver only need change several places.
>> > > You just need to write a corresponding patch implementing the
>> > > async_callbacks op for dwc3.
>> > yes, i will do.
>> > >
>> Alan, i want to discuss your suggestion again in b42e8090ba93 ("USB: 
>> UDC:
>> Implement udc_async_callbacks in net2280")
>> 
>> +                       if (dev->async_callbacks) { ----> if CPU1 saw 
>> this
>> is true
>> +                               spin_unlock(&dev->lock); ---> CPU2 get 
>> lock
>> after this unlock,
>> it will set async_callbacks to false, then follow call also crash, 
>> right ?
>> +                               tmp = dev->driver->setup(&dev->gadget,
>> &u.r);
>> +                               spin_lock(&dev->lock);
>> +                       }
> 
> No, this is okay.  The reason is because usb_gadget_remove_driver (CPU2
> in your example) does this:
> 
>         usb_gadget_disable_async_callbacks(udc);
>         if (udc->gadget->irq)
>                 synchronize_irq(udc->gadget->irq);
>         udc->driver->unbind(udc->gadget);
>         usb_gadget_udc_stop(udc);
> 
> The synchronize_irq call will make CPU2 wait until CPU1 has finished
> handling the interrupt for the setup packet.  The system won't crash,
> because dev->driver->setup will be called before unbind and udc_stop
> instead of after.
still several question,
1. how about suspend calll dev->driver->suspend ?
2. will 04145a03db9d ("USB: UDC: Implement udc_async_callbacks in 
dummy-hcd") backport to LTS branch ?
3. how about coding style ? so following code
if (foo->gadget_driver && foo->gadget_driver->resume)
change to
if (foo->asnyc_callbacks && foo->gadget_driver->resume)
> 
> Alan Stern

next prev parent reply	other threads:[~2021-06-21  1:37 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-19 15:43 [PATCH v3 0/2] usb: udc: indroduce more api for lower gadget driver Linyu Yuan
2021-06-19 15:43 ` [PATCH v3 1/2] usb: udc: core: hide struct usb_gadget_driver to " Linyu Yuan
2021-06-20  2:13   ` Alan Stern
2021-06-20  3:46     ` linyyuan
2021-06-20  3:53       ` linyyuan
2021-06-20 13:47         ` Alan Stern
2021-06-21  1:37           ` linyyuan [this message]
2021-06-21 13:53             ` Alan Stern
2021-06-19 15:43 ` [PATCH v3 2/2] usb: dwc3: fix race of usb_gadget_driver operation Linyu Yuan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=98c2729c25442d6c66131d17cabdda27@codeaurora.org \
    --to=linyyuan@codeaurora.org \
    --cc=Thinh.Nguyen@synopsys.com \
    --cc=balbi@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=jackp@codeaurora.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=stern@rowland.harvard.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.