On Mon, Jul 22, 2024, Selvarasu Ganesan wrote:
> This commit addresses an issue where the USB core could access an
> invalid event buffer address during runtime suspend, potentially causing
> SMMU faults and other memory issues. The problem arises from the
> following sequence.
> 1. In dwc3_gadget_suspend, there is a chance of a timeout when
> moving the USB core to the halt state after clearing the
> run/stop bit by software.
> 2. In dwc3_core_exit, the event buffer is cleared regardless of
> the USB core's status, which may lead to an SMMU faults and
> other memory issues. if the USB core tries to access the event
> buffer address.
>
> To prevent this issue, this commit ensures that the event buffer address
> is not cleared by software when the USB core is active during runtime
> suspend by checking its status before clearing the buffer address.
What happen after adding this check? Can the device resume and function
properly afterward? If not, do you know if a soft-reset will recover the
issue?
Thanks,
Thinh
>
> Signed-off-by: Selvarasu Ganesan <selvarasu.g@xxxxxxxxxxx>
> ---
> drivers/usb/dwc3/core.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
> index cb82557678dd..c7c1a253862e 100644
> --- a/drivers/usb/dwc3/core.c
> +++ b/drivers/usb/dwc3/core.c
> @@ -559,8 +559,10 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc)
> void dwc3_event_buffers_cleanup(struct dwc3 *dwc)
> {
> struct dwc3_event_buffer *evt;
> + u32 reg;
>
> - if (!dwc->ev_buf)
> + reg = dwc3_readl(dwc->regs, DWC3_DSTS);
> + if (!dwc->ev_buf || !(reg & DWC3_DSTS_DEVCTRLHLT))
> return;
>
> evt = dwc->ev_buf;
> --
> 2.17.1
>
