usb: core: stop USB enumeration if too many retries

When a broken USB accessory connects to a USB host, usbcore might
keep doing enumeration retries. If the host has a watchdog mechanism,
the kernel panic will happen on the host.

This patch provides an attribute early_stop to limit the numbers of retries
for each port of a hub. If a port was marked with early_stop attribute,
unsuccessful connection attempts will fail quickly. In addition, if an
early_stop port has failed to initialize, it will ignore all future
connection events until early_stop attribute is clear.

Signed-off-by: Ray Chi <raychi@google.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20221107072754.3336357-1-raychi@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/Documentation/ABI/testing/sysfs-bus-usb b/Documentation/ABI/testing/sysfs-bus-usb
index 568103d..545c2dd 100644 (file)
--- a/Documentation/ABI/testing/sysfs-bus-usb
+++ b/Documentation/ABI/testing/sysfs-bus-usb
@@ -264,6 +264,17 @@ Description:
                attached to the port will not be detected, initialized,
                or enumerated.
 
+What:          /sys/bus/usb/devices/.../<hub_interface>/port<X>/early_stop
+Date:          Sep 2022
+Contact:       Ray Chi <raychi@google.com>
+Description:
+               Some USB hosts have some watchdog mechanisms so that the device
+               may enter ramdump if it takes a long time during port initialization.
+               This attribute allows each port just has two attempts so that the
+               port initialization will be failed quickly. In addition, if a port
+               which is marked with early_stop has failed to initialize, it will ignore
+               all future connections until this attribute is clear.
+
 What:          /sys/bus/usb/devices/.../power/usb2_lpm_l1_timeout
 Date:          May 2013
 Contact:       Mathias Nyman <mathias.nyman@linux.intel.com>

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index bbab424..77e73fc 100644 (file)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -3081,6 +3081,48 @@ done:
        return status;
 }
 
+/*
+ * hub_port_stop_enumerate - stop USB enumeration or ignore port events
+ * @hub: target hub
+ * @port1: port num of the port
+ * @retries: port retries number of hub_port_init()
+ *
+ * Return:
+ *    true: ignore port actions/events or give up connection attempts.
+ *    false: keep original behavior.
+ *
+ * This function will be based on retries to check whether the port which is
+ * marked with early_stop attribute would stop enumeration or ignore events.
+ *
+ * Note:
+ * This function didn't change anything if early_stop is not set, and it will
+ * prevent all connection attempts when early_stop is set and the attempts of
+ * the port are more than 1.
+ */
+static bool hub_port_stop_enumerate(struct usb_hub *hub, int port1, int retries)
+{
+       struct usb_port *port_dev = hub->ports[port1 - 1];
+
+       if (port_dev->early_stop) {
+               if (port_dev->ignore_event)
+                       return true;
+
+               /*
+                * We want unsuccessful attempts to fail quickly.
+                * Since some devices may need one failure during
+                * port initialization, we allow two tries but no
+                * more.
+                */
+               if (retries < 2)
+                       return false;
+
+               port_dev->ignore_event = 1;
+       } else
+               port_dev->ignore_event = 0;
+
+       return port_dev->ignore_event;
+}
+
 /* Check if a port is power on */
 int usb_port_is_power_on(struct usb_hub *hub, unsigned int portstatus)
 {
@@ -4796,6 +4838,11 @@ hub_port_init(struct usb_hub *hub, struct usb_device *udev, int port1,
        do_new_scheme = use_new_scheme(udev, retry_counter, port_dev);
 
        for (retries = 0; retries < GET_DESCRIPTOR_TRIES; (++retries, msleep(100))) {
+               if (hub_port_stop_enumerate(hub, port1, retries)) {
+                       retval = -ENODEV;
+                       break;
+               }
+
                if (do_new_scheme) {
                        struct usb_device_descriptor *buf;
                        int r = 0;
@@ -5246,6 +5293,11 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
        status = 0;
 
        for (i = 0; i < PORT_INIT_TRIES; i++) {
+               if (hub_port_stop_enumerate(hub, port1, i)) {
+                       status = -ENODEV;
+                       break;
+               }
+
                usb_lock_port(port_dev);
                mutex_lock(hcd->address0_mutex);
                retry_locked = true;
@@ -5614,6 +5666,10 @@ static void port_event(struct usb_hub *hub, int port1)
        if (!pm_runtime_active(&port_dev->dev))
                return;
 
+       /* skip port actions if ignore_event and early_stop are true */
+       if (port_dev->ignore_event && port_dev->early_stop)
+               return;
+
        if (hub_handle_remote_wakeup(hub, port1, portstatus, portchange))
                connect_change = 1;
 
@@ -5927,6 +5983,10 @@ static int usb_reset_and_verify_device(struct usb_device *udev)
        mutex_lock(hcd->address0_mutex);
 
        for (i = 0; i < PORT_INIT_TRIES; ++i) {
+               if (hub_port_stop_enumerate(parent_hub, port1, i)) {
+                       ret = -ENODEV;
+                       break;
+               }
 
                /* ep0 maxpacket size may change; let the HCD know about it.
                 * Other endpoints will be handled by re-enumeration. */

diff --git a/drivers/usb/core/hub.h b/drivers/usb/core/hub.h
index b292585..e238335 100644 (file)
--- a/drivers/usb/core/hub.h
+++ b/drivers/usb/core/hub.h
@@ -90,6 +90,8 @@ struct usb_hub {
  * @is_superspeed cache super-speed status
  * @usb3_lpm_u1_permit: whether USB3 U1 LPM is permitted.
  * @usb3_lpm_u2_permit: whether USB3 U2 LPM is permitted.
+ * @early_stop: whether port initialization will be stopped earlier.
+ * @ignore_event: whether events of the port are ignored.
  */
 struct usb_port {
        struct usb_device *child;
@@ -103,6 +105,8 @@ struct usb_port {
        u32 over_current_count;
        u8 portnum;
        u32 quirks;
+       unsigned int early_stop:1;
+       unsigned int ignore_event:1;
        unsigned int is_superspeed:1;
        unsigned int usb3_lpm_u1_permit:1;
        unsigned int usb3_lpm_u2_permit:1;

diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c
index 015204f..06a8f1f 100644 (file)
--- a/drivers/usb/core/port.c
+++ b/drivers/usb/core/port.c
@@ -18,6 +18,32 @@ static int usb_port_block_power_off;
 
 static const struct attribute_group *port_dev_group[];
 
+static ssize_t early_stop_show(struct device *dev,
+                           struct device_attribute *attr, char *buf)
+{
+       struct usb_port *port_dev = to_usb_port(dev);
+
+       return sysfs_emit(buf, "%s\n", port_dev->early_stop ? "yes" : "no");
+}
+
+static ssize_t early_stop_store(struct device *dev, struct device_attribute *attr,
+                               const char *buf, size_t count)
+{
+       struct usb_port *port_dev = to_usb_port(dev);
+       bool value;
+
+       if (kstrtobool(buf, &value))
+               return -EINVAL;
+
+       if (value)
+               port_dev->early_stop = 1;
+       else
+               port_dev->early_stop = 0;
+
+       return count;
+}
+static DEVICE_ATTR_RW(early_stop);
+
 static ssize_t disable_show(struct device *dev,
                              struct device_attribute *attr, char *buf)
 {
@@ -237,6 +263,7 @@ static struct attribute *port_dev_attrs[] = {
        &dev_attr_quirks.attr,
        &dev_attr_over_current_count.attr,
        &dev_attr_disable.attr,
+       &dev_attr_early_stop.attr,
        NULL,
 };