On 7/4/20 12:09 PM, Alan Stern wrote:
It looks to me as though the user is reformatting the USB drive on the microcontroller while it is mounted on the host. At least, the log message: [40864.285807] FAT-fs (sdc1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. seems to indicate that a FAT filesystem was mounted, and the circuitpython command storage.erase_filesystem() completely reinitializes the device's filesystem. This is definitely a user error: It is forbidden for a device to manipulate data that it is exporting to a host as a USB drive. And it's not surprising that doing so would cause the host to crash. If you really want to call storage.erase_filesystem() while the device is connected to the host, you should at least unmount the drive on the host beforehand.
Thanks for your observations, which are very helpful in my thinking about this. That's correct, that code does reformat the filesystem, but it also does a USB reset, so the host should ideally not make an assumption that its idea of what is on the drive is correct when it re-enumerates.
We cannot tell the host from the MSC side that we want to unmount cleanly from the drive. We could disconnect from USB first.
I just confirmed with one of our users that he has also seen crashes on simple unplug of the mounted device.
I would hope that the host would not crash when the MSC device does something untoward, and that it would be more robust. It is a potential kernel attack mechanism otherwise.
The first crash trace I mentioned in my reply to Greg does seem to be inside the USB stack, not in the filesystem code. It's possible there are two problems here, or it's possible the filesystem code gets confused and is making the USB stack confused as well.
Dan
