[PATCH v2 0/6] usb: gadget: add mechanism to asynchronously validate data stage of ctrl out request

From: Paul Elder
Date: Mon Dec 17 2018 - 01:02:55 EST

This patch series adds a mechanism to allow asynchronously validating
the data stage of a control OUT request, and for stalling or suceeding
the request accordingly. This mechanism is implemented for MUSB, and is
used by UVC. At the same time, UVC packages the setup stage and data
stage data together to send to userspace to save on a pair of context
switches per control out request.

This patch series does change the userspace API. We however believe that
it is justified because the current API is broken, and because it isn't
being used (because it's broken).

The current API is broken such that it is subject to race conditions
that cause fatal errors with a high frequency. This is actually what
motivated this patch series in the first place. In the current API, not
only is there no way to asynchronously validate the data stage of a
control OUT request, but an empty buffer is expected to be provided to
hold the data stage data -- which is more likely than not to be late.
There is even a warning in musb_g_ep0_queue:

/* else for sequence #2 (OUT), caller provides a buffer
* before the next packet arrives. deferred responses
* (after SETUP is acked) are racey.

This problem has never been reported in years, which is a sign that the
API isn't used. Furthermore, the vendor kernels that we have seen using
the UVC gadget driver (such as QC and Huawei) are heavily patched with
local changes to the API. This corroborates the suspicion that the
current mainline API is not being used.

Additionally, this API isn't meant to be used by generic applications,
but by a dedicated userspace helper. uvc-gadget is one such example, but
it has bitrotten and isn't compatible with the current kernel API. The
fact that nobody has submitted patches nor complained for a long time
again shows that it isn't being used.

The conclusion is that since the API hasn't been used for a long time,
it is safe to fix it.

Changes in v2:

Overhaul of status stage delay mechanism/API. Now if a function driver
desires an explicit/delayed status stage, it specifies so in a flag in
the usb_request that is queued for the data stage. The function driver
later enqueues another usb_request for the status stage, also with the
explicit_status flag set, and with the zero flag acting as the status.
If a function driver does not desire an explicit status stage, then it
can set (or ignore) the explicit_status flag in the usb_request that
is queued for the data stage.

To allow the optional explicit status stage, a UDC driver should call
the newly added usb_gadget_control_complete right after
usb_gadget_giveback_request, and in its queue function should check if
the usb_request is for the status stage and if it has been requested to
be explicit, and if so check the status that should be sent. (See 5/6
"usb: musb: gadget: implement optional explicit status stage" for an
implementation for MUSB)

Paul Elder (6):
usb: uvc: include videodev2.h in g_uvc.h
usb: gadget: uvc: enqueue usb request in setup handler for control OUT
usb: gadget: uvc: package setup and data for control OUT requests
usb: gadget: add mechanism to specify an explicit status stage
usb: musb: gadget: implement optional explicit status stage
usb: gadget: uvc: allow ioctl to send response in status stage

drivers/usb/gadget/function/f_uvc.c | 32 ++++++++++++++++++-------
drivers/usb/gadget/function/uvc.h | 1 +
drivers/usb/gadget/function/uvc_v4l2.c | 20 ++++++++++++++++
drivers/usb/gadget/udc/core.c | 33 ++++++++++++++++++++++++++
drivers/usb/musb/musb_gadget.c | 1 +
drivers/usb/musb/musb_gadget_ep0.c | 28 ++++++++++++++++++++++
include/linux/usb/gadget.h | 10 ++++++++
include/uapi/linux/usb/g_uvc.h | 4 +++-
8 files changed, 120 insertions(+), 9 deletions(-)