On Thu, Aug 12, 2021 at 08:16:45PM +0300, Sam Protsenko wrote:
> This patch series pulls the patch ae7e86108b12 ("usb: dwc3: Stop active
> transfers before halting the controller") and some fixes/dependencies
> for that patch. It's needed to fix the actual panic I observed when
> doing role switch with USB2.0 Dual Role Device controller. Next
> procedure can be used to reproduce the panic:
>
> 1. Boot in peripheral role
> 2. Configure RNDIS gadget, perform ping, stop ping
> 3. Switch to host role
> 4. Kernel panic occurs
>
> Kernel panic happens because gadget->udc->driver->disconnect() (which
> is configfs_composite_disconnect()) is not called from
> usb_gadget_disconnect() function, due to timeout condition in
> dwc3_gadget_run_stop(), which leads to not called rndis_disable(). And
> although previously created endpoints are not valid anymore,
> eth_start_xmit() gets called and tries to use those, which leads to
> invalid memory access. This patch fixes timeout condition, so next
> call chain doesn't fail anymore, and RNDIS uninitialized properly on
> gadget to host role switch:
>
> <<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>
> usb_role_switch_set_role()
> v
> dwc3_usb_role_switch_set()
> v
> dwc3_set_mode()
> v
> __dwc3_set_mode()
> v
> dwc3_gadget_exit()
> v
> usb_del_gadget_udc()
> v
> usb_gadget_remove_driver()
> v
> usb_gadget_disconnect()
> v
> // THIS IS NOT CALLED because gadget->ops->pullup() =
> // dwc3_gadget_pullup() returns -ETIMEDOUT (-110)
> gadget->udc->driver->disconnect()
> // = configfs_composite_disconnect()
> v
> composite_disconnect()
> v
> reset_config()
> v
> foreach (f : function) : f->disable
> v
> rndis_disable()
> v
> gether_disconnect()
> v
> usb_ep_disable(),
> dev->port_usb = NULL
> <<<<<<<<<<<<<<<<<<<< cut here >>>>>>>>>>>>>>>>>>>
>
> Most of these patches are already applied in stable-5.10.
>
> Wesley Cheng (7):
> usb: dwc3: Stop active transfers before halting the controller
> usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
> usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
> usb: dwc3: gadget: Prevent EP queuing while stopping transfers
> usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable
> usb: dwc3: gadget: Disable gadget IRQ during pullup disable
> usb: dwc3: gadget: Avoid runtime resume if disabling pullup
>
> drivers/usb/dwc3/ep0.c | 2 +-
> drivers/usb/dwc3/gadget.c | 118 +++++++++++++++++++++++++++++++-------
> 2 files changed, 99 insertions(+), 21 deletions(-)
>
> --
> 2.30.2
Now queued up. In the future, please put your own signed-off-by on
these patches, as you were forwarding them on to us.
thanks,
greg k-h
