[PATCH openEuler-1.0-LTS 1/3] usb: dwc3: core: Do core softreset when switch mode

2 Mar 2024

From: Yu Chen chenyu56@huawei.com
mainline inclusion
from mainline-v5.13-rc1
commit f88359e1588b85cf0e8209ab7d6620085f3441d9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I949BN
CVE: CVE-2021-46941
---------------------------
From: John Stultz john.stultz@linaro.org
According to the programming guide, to switch mode for DRD controller,
the driver needs to do the following.
To switch from device to host:
1. Reset controller with GCTL.CoreSoftReset
2. Set GCTL.PrtCapDir(host mode)
3. Reset the host with USBCMD.HCRESET
4. Then follow up with the initializing host registers sequence
To switch from host to device:
1. Reset controller with GCTL.CoreSoftReset
2. Set GCTL.PrtCapDir(device mode)
3. Reset the device with DCTL.CSftRst
4. Then follow up with the initializing registers sequence
Currently we're missing step 1) to do GCTL.CoreSoftReset and step 3) of
switching from host to device. John Stult reported a lockup issue seen
with HiKey960 platform without these steps[1]. Similar issue is observed
with Ferry's testing platform[2].
So, apply the required steps along with some fixes to Yu Chen's and John
Stultz's version. The main fixes to their versions are the missing wait
for clocks synchronization before clearing GCTL.CoreSoftReset and only
apply DCTL.CSftRst when switching from host to device.
[1] https://lore.kernel.org/linux-usb/20210108015115.27920-1-john.stultz@linaro....
[2] https://lore.kernel.org/linux-usb/0ba7a6ba-e6a7-9cd4-0695-64fc927e01f1@gmail...
Fixes: 41ce1456e1db ("usb: dwc3: core: make dwc3_set_mode() work properly")
Cc: Andy Shevchenko andy.shevchenko@gmail.com
Cc: Ferry Toth fntoth@gmail.com
Cc: Wesley Cheng wcheng@codeaurora.org
Cc: stable@vger.kernel.org
Tested-by: John Stultz john.stultz@linaro.org
Tested-by: Wesley Cheng wcheng@codeaurora.org
Signed-off-by: Yu Chen chenyu56@huawei.com
Signed-off-by: John Stultz john.stultz@linaro.org
Signed-off-by: Thinh Nguyen Thinh.Nguyen@synopsys.com
Link: https://lore.kernel.org/r/374440f8dcd4f06c02c2caf4b1efde86774e02d9.161852166...
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Zhang Xiaoxu zhangxiaoxu5@huawei.com
Conflicts:
    drivers/usb/dwc3/core.c
---
 drivers/usb/dwc3/core.c | 37 +++++++++++++++++++++++++++++++++----
 drivers/usb/dwc3/core.h |  5 +++++
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index f52fcbc5c971..3f605ca8a8c3 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -111,26 +111,31 @@ void dwc3_set_prtcap(struct dwc3 *dwc, u32 mode)
    dwc->current_dr_role = mode;
 }
+static int dwc3_core_soft_reset(struct dwc3 *dwc);
+
 static void __dwc3_set_mode(struct work_struct *work)
 {
    struct dwc3 *dwc = work_to_dwc(work);
    unsigned long flags;
    int ret;
+	u32 reg;
+
+	mutex_lock(&dwc->mutex);
if (dwc->dr_mode != USB_DR_MODE_OTG)
-		return;
+		goto out;
if (dwc->current_dr_role == DWC3_GCTL_PRTCAP_OTG)
    	dwc3_otg_update(dwc, 0);
if (!dwc->desired_dr_role)
-		return;
+		goto out;
if (dwc->desired_dr_role == dwc->current_dr_role)
-		return;
+		goto out;
if (dwc->desired_dr_role == DWC3_GCTL_PRTCAP_OTG && dwc->edev)
-		return;
+		goto out;
switch (dwc->current_dr_role) {
    case DWC3_GCTL_PRTCAP_HOST:
@@ -151,6 +156,25 @@ static void __dwc3_set_mode(struct work_struct *work)
    	break;
    }
+	/* For DRD host or device mode only */
+	if (dwc->desired_dr_role != DWC3_GCTL_PRTCAP_OTG) {
+		reg = dwc3_readl(dwc->regs, DWC3_GCTL);
+		reg |= DWC3_GCTL_CORESOFTRESET;
+		dwc3_writel(dwc->regs, DWC3_GCTL, reg);
+
+		/*
+		 * Wait for internal clocks to synchronized. DWC_usb31 and
+		 * DWC_usb32 may need at least 50ms (less for DWC_usb3). To
+		 * keep it consistent across different IPs, let's wait up to
+		 * 100ms before clearing GCTL.CORESOFTRESET.
+		 */
+		msleep(100);
+
+		reg = dwc3_readl(dwc->regs, DWC3_GCTL);
+		reg &= ~DWC3_GCTL_CORESOFTRESET;
+		dwc3_writel(dwc->regs, DWC3_GCTL, reg);
+	}
+
    spin_lock_irqsave(&dwc->lock, flags);
dwc3_set_prtcap(dwc, dwc->desired_dr_role);
@@ -171,6 +195,8 @@ static void __dwc3_set_mode(struct work_struct *work)
    	}
    	break;
    case DWC3_GCTL_PRTCAP_DEVICE:
+		dwc3_core_soft_reset(dwc);
+
    	dwc3_event_buffers_setup(dwc);
if (dwc->usb2_phy)
@@ -190,6 +216,8 @@ static void __dwc3_set_mode(struct work_struct *work)
    	break;
    }
+out:
+	mutex_unlock(&dwc->mutex);
 }
void dwc3_set_mode(struct dwc3 *dwc, u32 mode)
@@ -1453,6 +1481,7 @@ static int dwc3_probe(struct platform_device *pdev)
    dwc3_cache_hwparams(dwc);
spin_lock_init(&dwc->lock);
+	mutex_init(&dwc->mutex);
pm_runtime_set_active(dev);
    pm_runtime_use_autosuspend(dev);
diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h
index 131028501752..a5d3004ae388 100644
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -13,6 +13,7 @@
#include <linux/device.h>
 #include <linux/spinlock.h>
+#include <linux/mutex.h>
 #include <linux/ioport.h>
 #include <linux/list.h>
 #include <linux/bitops.h>
@@ -896,6 +897,7 @@ struct dwc3_scratchpad_array {
  * @scratch_addr: dma address of scratchbuf
  * @ep0_in_setup: one control transfer is completed and enter setup phase
  * @lock: for synchronizing
+ * @mutex: for mode switching
  * @dev: pointer to our struct device
  * @sysdev: pointer to the DMA-capable device
  * @xhci: pointer to our xHCI child
@@ -1017,6 +1019,9 @@ struct dwc3 {
    /* device lock */
    spinlock_t		lock;
+	/* mode switching lock */
+	struct mutex		mutex;
+
    struct device		*dev;
    struct device		*sysdev;
-- 
2.34.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-1.0-LTS 1/3] usb: dwc3: core: Do core softreset when switch mode