NetBSD Problem Report #56386

From mlelstv@tazz.1st.de  Fri Sep  3 14:26:11 2021
Return-Path: <mlelstv@tazz.1st.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1455B1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Sep 2021 14:26:11 +0000 (UTC)
Message-Id: <20210903142535.B7163CCAE5@tazz.1st.de>
Date: Fri,  3 Sep 2021 16:25:35 +0200 (CEST)
From: mlelstv@serpens.de
Reply-To: mlelstv@serpens.de
To: gnats-bugs@NetBSD.org
Subject: unplugging ugenif while in use causes panic
X-Send-Pr-Version: 3.95

>Number:         56386
>Category:       kern
>Synopsis:       unplugging ugenif while in use causes panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 03 14:30:00 +0000 2021
>Originator:     Michael van Elst
>Release:        NetBSD 9.99.88
>Organization:

>Environment:


System: NetBSD tazz 9.99.88 NetBSD 9.99.88 (GENERIC) #101: Fri Sep 3 13:56:56 UTC 2021 mlelstv@slowpoke:/scratch2/obj.amd64/scratch/netbsd-current/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
A Yubikey attaches as multiple uhidev and a ugenif device like:

[    83.095953] uhidev0 at uhub2 port 2 configuration 1 interface 0
[    83.095953] uhidev0: Yubico (0x1050) YubiKey OTP+FIDO+CCID (0x0407), rev 2.00/5.24, addr 4, iclass 3/1
[    83.095953] ukbd0 at uhidev0
[    83.505965] wskbd1 at ukbd0 mux 1
[    83.505965] wskbd1: connecting to wsdisplay0
[    83.505965] uhidev1 at uhub2 port 2 configuration 1 interface 1
[    83.505965] uhidev1: Yubico (0x1050) YubiKey OTP+FIDO+CCID (0x0407), rev 2.00/5.24, addr 4, iclass 3/0
[    83.505965] uhid0 at uhidev1: input=64, output=64, feature=0

When you unplug you get:

[    89.166113] wskbd1: disconnecting from wsdisplay0
[    89.166113] wskbd1: detached
[    89.166113] ukbd0: detached
[    89.166113] uhidev0: detached
[    89.166113] uhidev0: at uhub2 port 2 (addr 4) disconnected
[    89.166113] uhid0: detached
[    89.166113] uhidev1: detached
[    89.166113] uhidev1: at uhub2 port 2 (addr 4) disconnected
[    89.166113] ugenif0: detached
[    89.166113] ugenif0: at uhub2 port 2 (addr 4) disconnected


If the yubikey is in use by a running pcsc-lite daemon, which happens automatically
after plugging in the yubikey, this triggers the kernel assertion in usbd_iface_exlock():

        KASSERTMSG(iface->ui_busy == 0, "interface is not idle,"
            " busy=%"PRId64, iface->ui_busy);

This happens as the userland process still has USB pipes open (they get closed when
closing the file descriptor), so that the ui_busy reference count is != 0.

>How-To-Repeat:
Run pcsc-lite and unplug a Yubikey.
>Fix:
ugen_detach() only aborts running transfers on open pipes. It might
be sufficient to also close the pipes before killing access with
vdevgone(). ugenclose() then needs to handle this situation and
free only transfers and buffers.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.