kern/56386: unplugging ugenif while in use causes panic

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/56386: unplugging ugenif while in use causes panic
From: mlelstv%serpens.de@localhost
Date: Fri, 3 Sep 2021 14:30:00 +0000 (UTC)

>Number:         56386
>Category:       kern
>Synopsis:       unplugging ugenif while in use causes panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 03 14:30:00 +0000 2021
>Originator:     Michael van Elst
>Release:        NetBSD 9.99.88
>Organization:
	
>Environment:
	
	
System: NetBSD tazz 9.99.88 NetBSD 9.99.88 (GENERIC) #101: Fri Sep 3 13:56:56 UTC 2021 mlelstv@slowpoke:/scratch2/obj.amd64/scratch/netbsd-current/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
A Yubikey attaches as multiple uhidev and a ugenif device like:

[    83.095953] uhidev0 at uhub2 port 2 configuration 1 interface 0
[    83.095953] uhidev0: Yubico (0x1050) YubiKey OTP+FIDO+CCID (0x0407), rev 2.00/5.24, addr 4, iclass 3/1
[    83.095953] ukbd0 at uhidev0
[    83.505965] wskbd1 at ukbd0 mux 1
[    83.505965] wskbd1: connecting to wsdisplay0
[    83.505965] uhidev1 at uhub2 port 2 configuration 1 interface 1
[    83.505965] uhidev1: Yubico (0x1050) YubiKey OTP+FIDO+CCID (0x0407), rev 2.00/5.24, addr 4, iclass 3/0
[    83.505965] uhid0 at uhidev1: input=64, output=64, feature=0

When you unplug you get:

[    89.166113] wskbd1: disconnecting from wsdisplay0
[    89.166113] wskbd1: detached
[    89.166113] ukbd0: detached
[    89.166113] uhidev0: detached
[    89.166113] uhidev0: at uhub2 port 2 (addr 4) disconnected
[    89.166113] uhid0: detached
[    89.166113] uhidev1: detached
[    89.166113] uhidev1: at uhub2 port 2 (addr 4) disconnected
[    89.166113] ugenif0: detached
[    89.166113] ugenif0: at uhub2 port 2 (addr 4) disconnected


If the yubikey is in use by a running pcsc-lite daemon, which happens automatically
after plugging in the yubikey, this triggers the kernel assertion in usbd_iface_exlock():

        KASSERTMSG(iface->ui_busy == 0, "interface is not idle,"
            " busy=%"PRId64, iface->ui_busy);

This happens as the userland process still has USB pipes open (they get closed when
closing the file descriptor), so that the ui_busy reference count is != 0.

>How-To-Repeat:
Run pcsc-lite and unplug a Yubikey.
>Fix:
ugen_detach() only aborts running transfers on open pipes. It might
be sufficient to also close the pipes before killing access with
vdevgone(). ugenclose() then needs to handle this situation and
free only transfers and buffers.

>Unformatted:

Prev by Date: PR/56366 CVS commit: [netbsd-9] src/sys/dev/usb
Next by Date: bin/56387: Wrong uptime output: returns all but the uptime
Previous by Thread: PR/56366 CVS commit: [netbsd-9] src/sys/dev/usb
Next by Thread: bin/56387: Wrong uptime output: returns all but the uptime
Indexes:

Home | Main Index | Thread Index | Old Index