Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:  usb: cdns3: gadget: fix state inconsistency on gadget init failure  When cdns3_gadget_start() fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency.  When switching to host mode via sysfs:   echo host > /sys/class/usb_role/13180000.usb-role-switch/role  The role state is not set to CDNS_ROLE_STATE_ACTIVE due to the error, so cdns_role_stop() skips cleanup because state is still INACTIVE. This violates the DRD controller design specification (Figure22), which requires returning to idle state before switching roles.  This leads to a synchronous external abort in xhci_gen_setup() when setting up the host controller:  [  516.440698] configfs-gadget 13180000.usb: failed to start g1: -19 [  516.442035] cdns-usb3 13180000.usb: Failed to add gadget [  516.443278] cdns-usb3 13180000.usb: set role 2 has failed ... [ 1301.375722] xhci-hcd xhci-hcd.1.auto: xHCI Host Controller [ 1301.377716] Internal error: synchronous external abort: 96000010 [#1] PREEMPT SMP [ 1301.382485] pc : xhci_gen_setup+0xa4/0x408 [ 1301.393391] backtrace:     ...     xhci_gen_setup+0xa4/0x408    <-- CRASH     xhci_plat_setup+0x44/0x58     usb_add_hcd+0x284/0x678     ...     cdns_role_set+0x9c/0xbc        <-- Role switch  Fix by calling cdns_drd_gadget_off() in the error path to properly clean up the DRD gadget state.