CVE-2021-46941

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: dwc3: core: Do core softreset when switch mode<br /> <br /> <br /> According to the programming guide, to switch mode for DRD controller,<br /> the driver needs to do the following.<br /> <br /> To switch from device to host:<br /> 1. Reset controller with GCTL.CoreSoftReset<br /> 2. Set GCTL.PrtCapDir(host mode)<br /> 3. Reset the host with USBCMD.HCRESET<br /> 4. Then follow up with the initializing host registers sequence<br /> <br /> To switch from host to device:<br /> 1. Reset controller with GCTL.CoreSoftReset<br /> 2. Set GCTL.PrtCapDir(device mode)<br /> 3. Reset the device with DCTL.CSftRst<br /> 4. Then follow up with the initializing registers sequence<br /> <br /> Currently we&amp;#39;re missing step 1) to do GCTL.CoreSoftReset and step 3) of<br /> switching from host to device. John Stult reported a lockup issue seen<br /> with HiKey960 platform without these steps[1]. Similar issue is observed<br /> with Ferry&amp;#39;s testing platform[2].<br /> <br /> So, apply the required steps along with some fixes to Yu Chen&amp;#39;s and John<br /> Stultz&amp;#39;s version. The main fixes to their versions are the missing wait<br /> for clocks synchronization before clearing GCTL.CoreSoftReset and only<br /> apply DCTL.CSftRst when switching from host to device.<br /> <br /> [1] https://lore.kernel.org/linux-usb/20210108015115.27920-1-john.stultz@linaro.org/<br /> [2] https://lore.kernel.org/linux-usb/0ba7a6ba-e6a7-9cd4-0695-64fc927e01f1@gmail.com/