| Message ID | 20250217120328.2446639-1-prashanth.k@oss.qualcomm.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 40e89ff5750fca2c1d6da93f98a2038716bba86c |
| Headers | show |
| Series | [v2] usb: gadget: Set self-powered based on MaxPower and bmAttributes | expand |
Hi Prashanth, On 02/17/2025, Prashanth K wrote: > Currently the USB gadget will be set as bus-powered based solely > on whether its bMaxPower is greater than 100mA, but this may miss > devices that may legitimately draw less than 100mA but still want > to report as bus-powered. Similarly during suspend & resume, USB > gadget is incorrectly marked as bus/self powered without checking > the bmAttributes field. Fix these by configuring the USB gadget > as self or bus powered based on bmAttributes, and explicitly set > it as bus-powered if it draws more than 100mA. > > Cc: stable@vger.kernel.org > Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") > Signed-off-by: Prashanth K <prashanth.k@oss.qualcomm.com> > --- > Changes in v2: > - Didn't change anything from RFC. > - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualcomm.com/ > > drivers/usb/gadget/composite.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c > index bdda8c74602d..1fb28bbf6c45 100644 > --- a/drivers/usb/gadget/composite.c > +++ b/drivers/usb/gadget/composite.c > @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, > else > usb_gadget_set_remote_wakeup(gadget, 0); > done: > - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) > - usb_gadget_set_selfpowered(gadget); > - else > + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || > + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) > usb_gadget_clear_selfpowered(gadget); > + else > + usb_gadget_set_selfpowered(gadget); > > usb_gadget_vbus_draw(gadget, power); > if (result >= 0 && cdev->delayed_status) > @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) > > cdev->suspended = 1; > > - usb_gadget_set_selfpowered(gadget); > + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) > + usb_gadget_set_selfpowered(gadget); I'm hitting a null pointer derefence here on my Pixel 6 device on suspend. I haven't dug deep into it how we get here, but in my case `cdev->config` is NULL. This happens immediate after booting my device. I verified that just adding a NULL check fixes the issue and dwc3 gadget can successfully suspend. Here is the crash stack: Unable to handle kernel NULL pointer dereference at virtual address 000000000000002a <snip> Modules linked in: tcpci_maxim(E) at24(E) phy_exynos_ufs(E) phy_exynos5_usbdrd(E) dwc3_exynos(E) ufs_exynos(E) i2c_exynos5(E) s3c2410_wdt(E) arm_dsu_pmu(E) simplefb(E) CPU: 0 UID: 0 PID: 885 Comm: irq/118-dwc3 Tainted: G E 6.14.0-rc3-next-20250220-4k-g50a0c754714a-dirty #1 02ae1fc192b79fc15e3493a7f5cb2e58e2817b0a Tainted: [E]=UNSIGNED_MODULE Hardware name: Raven (DT) pstate: a04000c5 (NzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : composite_suspend+0x8c/0xe8 lr : configfs_composite_suspend+0x70/0x80 <snip> Call trace: composite_suspend+0x8c/0xe8 (P) configfs_composite_suspend+0x70/0x80 dwc3_suspend_gadget+0x48/0x64 dwc3_thread_interrupt+0x568/0xbe8 irq_thread_fn+0x30/0xb0 irq_thread+0x174/0x284 kthread+0x130/0x21c ret_from_fork+0x10/0x20 And that decoded at base commit 50a0c754714a (from linux-next): composite_suspend (drivers/usb/gadget/composite.c:2619) (P) configfs_composite_suspend (drivers/usb/gadget/configfs.c:1939) dwc3_suspend_gadget (include/linux/spinlock.h:351 drivers/usb/dwc3/gadget.c:3962 drivers/usb/dwc3/gadget.c:3957) dwc3_thread_interrupt (drivers/usb/dwc3/gadget.c:4466 drivers/usb/dwc3/gadget.c:4494 drivers/usb/dwc3/gadget.c:4514 drivers/usb/dwc3/gadget.c:4535 drivers/usb/dwc3/gadget.c:4577) irq_thread_fn (kernel/irq/manage.c:1191) irq_thread (kernel/irq/manage.c:1318) kthread (kernel/kthread.c:464) ret_from_fork (arch/arm64/kernel/entry.S:863) Thanks, Will > + > usb_gadget_vbus_draw(gadget, 2); > } > > @@ -2649,8 +2652,11 @@ void composite_resume(struct usb_gadget *gadget) > else > maxpower = min(maxpower, 900U); > > - if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW) > + if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW || > + !(cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) > usb_gadget_clear_selfpowered(gadget); > + else > + usb_gadget_set_selfpowered(gadget); > > usb_gadget_vbus_draw(gadget, maxpower); > } else { > -- > 2.25.1 >
On Thu, Feb 20, 2025 at 10:09:38AM -0800, William McVicker wrote: > Hi Prashanth, > > On 02/17/2025, Prashanth K wrote: > > Currently the USB gadget will be set as bus-powered based solely > > on whether its bMaxPower is greater than 100mA, but this may miss > > devices that may legitimately draw less than 100mA but still want > > to report as bus-powered. Similarly during suspend & resume, USB > > gadget is incorrectly marked as bus/self powered without checking > > the bmAttributes field. Fix these by configuring the USB gadget > > as self or bus powered based on bmAttributes, and explicitly set > > it as bus-powered if it draws more than 100mA. > > > > Cc: stable@vger.kernel.org > > Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") > > Signed-off-by: Prashanth K <prashanth.k@oss.qualcomm.com> > > --- > > Changes in v2: > > - Didn't change anything from RFC. > > - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualcomm.com/ > > > > drivers/usb/gadget/composite.c | 16 +++++++++++----- > > 1 file changed, 11 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c > > index bdda8c74602d..1fb28bbf6c45 100644 > > --- a/drivers/usb/gadget/composite.c > > +++ b/drivers/usb/gadget/composite.c > > @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, > > else > > usb_gadget_set_remote_wakeup(gadget, 0); > > done: > > - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) > > - usb_gadget_set_selfpowered(gadget); > > - else > > + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || > > + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) > > usb_gadget_clear_selfpowered(gadget); > > + else > > + usb_gadget_set_selfpowered(gadget); > > > > usb_gadget_vbus_draw(gadget, power); > > if (result >= 0 && cdev->delayed_status) > > @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) > > > > cdev->suspended = 1; > > > > - usb_gadget_set_selfpowered(gadget); > > + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) > > + usb_gadget_set_selfpowered(gadget); > > I'm hitting a null pointer derefence here on my Pixel 6 device on suspend. I > haven't dug deep into it how we get here, but in my case `cdev->config` is > NULL. This happens immediate after booting my device. I verified that just > adding a NULL check fixes the issue and dwc3 gadget can successfully suspend. This was just fixed in my tree today with this commit: https://lore.kernel.org/r/20250220120314.3614330-1-m.szyprowski@samsung.com Hope this helps, greg k-h
On 02/20/2025, Greg Kroah-Hartman wrote: > On Thu, Feb 20, 2025 at 10:09:38AM -0800, William McVicker wrote: > > Hi Prashanth, > > > > On 02/17/2025, Prashanth K wrote: > > > Currently the USB gadget will be set as bus-powered based solely > > > on whether its bMaxPower is greater than 100mA, but this may miss > > > devices that may legitimately draw less than 100mA but still want > > > to report as bus-powered. Similarly during suspend & resume, USB > > > gadget is incorrectly marked as bus/self powered without checking > > > the bmAttributes field. Fix these by configuring the USB gadget > > > as self or bus powered based on bmAttributes, and explicitly set > > > it as bus-powered if it draws more than 100mA. > > > > > > Cc: stable@vger.kernel.org > > > Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") > > > Signed-off-by: Prashanth K <prashanth.k@oss.qualcomm.com> > > > --- > > > Changes in v2: > > > - Didn't change anything from RFC. > > > - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualcomm.com/ > > > > > > drivers/usb/gadget/composite.c | 16 +++++++++++----- > > > 1 file changed, 11 insertions(+), 5 deletions(-) > > > > > > diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c > > > index bdda8c74602d..1fb28bbf6c45 100644 > > > --- a/drivers/usb/gadget/composite.c > > > +++ b/drivers/usb/gadget/composite.c > > > @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, > > > else > > > usb_gadget_set_remote_wakeup(gadget, 0); > > > done: > > > - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) > > > - usb_gadget_set_selfpowered(gadget); > > > - else > > > + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || > > > + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) > > > usb_gadget_clear_selfpowered(gadget); > > > + else > > > + usb_gadget_set_selfpowered(gadget); > > > > > > usb_gadget_vbus_draw(gadget, power); > > > if (result >= 0 && cdev->delayed_status) > > > @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) > > > > > > cdev->suspended = 1; > > > > > > - usb_gadget_set_selfpowered(gadget); > > > + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) > > > + usb_gadget_set_selfpowered(gadget); > > > > I'm hitting a null pointer derefence here on my Pixel 6 device on suspend. I > > haven't dug deep into it how we get here, but in my case `cdev->config` is > > NULL. This happens immediate after booting my device. I verified that just > > adding a NULL check fixes the issue and dwc3 gadget can successfully suspend. > > This was just fixed in my tree today with this commit: > https://lore.kernel.org/r/20250220120314.3614330-1-m.szyprowski@samsung.com > > Hope this helps, > > greg k-h Yup, works for me. Thanks! --Will
diff --git a/drivers/usb/gadget/composite.c b/drivers/usb/gadget/composite.c index bdda8c74602d..1fb28bbf6c45 100644 --- a/drivers/usb/gadget/composite.c +++ b/drivers/usb/gadget/composite.c @@ -1050,10 +1050,11 @@ static int set_config(struct usb_composite_dev *cdev, else usb_gadget_set_remote_wakeup(gadget, 0); done: - if (power <= USB_SELF_POWER_VBUS_MAX_DRAW) - usb_gadget_set_selfpowered(gadget); - else + if (power > USB_SELF_POWER_VBUS_MAX_DRAW || + !(c->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, power); if (result >= 0 && cdev->delayed_status) @@ -2615,7 +2616,9 @@ void composite_suspend(struct usb_gadget *gadget) cdev->suspended = 1; - usb_gadget_set_selfpowered(gadget); + if (cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER) + usb_gadget_set_selfpowered(gadget); + usb_gadget_vbus_draw(gadget, 2); } @@ -2649,8 +2652,11 @@ void composite_resume(struct usb_gadget *gadget) else maxpower = min(maxpower, 900U); - if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW) + if (maxpower > USB_SELF_POWER_VBUS_MAX_DRAW || + !(cdev->config->bmAttributes & USB_CONFIG_ATT_SELFPOWER)) usb_gadget_clear_selfpowered(gadget); + else + usb_gadget_set_selfpowered(gadget); usb_gadget_vbus_draw(gadget, maxpower); } else {
Currently the USB gadget will be set as bus-powered based solely on whether its bMaxPower is greater than 100mA, but this may miss devices that may legitimately draw less than 100mA but still want to report as bus-powered. Similarly during suspend & resume, USB gadget is incorrectly marked as bus/self powered without checking the bmAttributes field. Fix these by configuring the USB gadget as self or bus powered based on bmAttributes, and explicitly set it as bus-powered if it draws more than 100mA. Cc: stable@vger.kernel.org Fixes: 5e5caf4fa8d3 ("usb: gadget: composite: Inform controller driver of self-powered") Signed-off-by: Prashanth K <prashanth.k@oss.qualcomm.com> --- Changes in v2: - Didn't change anything from RFC. - Link to RFC: https://lore.kernel.org/all/20250204105908.2255686-1-prashanth.k@oss.qualcomm.com/ drivers/usb/gadget/composite.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)