Public bug reported:
SRU Justification:
[ Impact ]
xhci_endpoint_disable() clears host_ep->hcpriv = NULL, which breaks
xhci_endpoint_reset(). When a USB driver (e.g. uvcvideo) calls
usb_set_interface(), submits URBs that make host sequence state non-zero,
then calls usb_clear_halt(), the device clears its sequence state but
xhci_endpoint_reset() bails out because hcpriv is NULL. The next URB
malfunctions: USB2 loses one packet, USB3 gets Transaction Error or may
not complete at all on some host controllers from ASMedia and AMD.
This is triggered by uvcvideo on bulk video devices.
[ Fix ]
Cherry-pick upstream mainline commit:
- 25e531b422dc ("usb: xhci: Make usb_host_endpoint.hcpriv survive
endpoint_disable()")
Fixes: 18b74067ac78 ("xhci: Fix use-after-free regression in xhci clear hub TT
implementation")
Cc: [email protected]
[ Test Plan ]
1. System with USB3 bulk video device (e.g. USB webcam using uvcvideo)
2. Use the camera with an application (e.g. cheese, guvcview)
3. Trigger usb_set_interface + usb_clear_halt sequence
4. Verify no Transaction Errors or packet loss in dmesg
5. Verify endpoint_reset works correctly after endpoint_disable
[ Where problems could occur ]
The fix removes one line (host_ep->hcpriv = NULL) from xhci_endpoint_disable().
Risk is very low — the commit message explains hcpriv should only be NULL on
emulated root hub endpoints, and core should not try to reset dropped endpoints.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux-oem-6.17 (Ubuntu)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: linux-oem-6.17 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: linux-oem-6.17 (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: linux (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: linux-oem-6.17 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: linux-oem-6.17 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: linux-oem-6.17 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: linux-oem-6.17 (Ubuntu Resolute)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2153966
Title:
usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable()
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2153966/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
