From: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
To: Alan Stern <stern@rowland.harvard.edu>,
Greg KH <gregkh@linuxfoundation.org>
Cc: Mathias Nyman <mathias.nyman@linux.intel.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Mathias Nyman <mathias.nyman@intel.com>,
linux-usb@vger.kernel.org, lukaszx.szulc@intel.com,
Christoph Hellwig <hch@lst.de>,
Marek Szyprowski <m.szyprowski@samsung.com>,
iommu@lists.linux-foundation.org
Subject: usb HC busted?
Date: Tue, 17 Jul 2018 16:10:17 +0100 [thread overview]
Message-ID: <20180717151017.yk5d4glzwqcrxpqc@debian> (raw)
Hi Alan, Greg,
On Tue, Jul 17, 2018 at 03:49:18PM +0100, Sudip Mukherjee wrote:
> On Tue, Jul 17, 2018 at 03:40:22PM +0100, Sudip Mukherjee wrote:
> > Hi Alan,
> >
> > On Tue, Jul 17, 2018 at 10:28:14AM -0400, Alan Stern wrote:
> > > On Tue, 17 Jul 2018, Sudip Mukherjee wrote:
> > >
> > > > I did some more debugging. Tested with a KASAN enabled kernel and that
> > > > shows the problem. The report is attached.
> > > >
> > > > To my understanding:
> > > >
> > > > btusb_work() is calling usb_set_interface() with alternate = 0. which
> > > > again calls usb_hcd_alloc_bandwidth() and that frees the rings by
> > > > xhci_free_endpoint_ring().
> > >
> > > That doesn't sound like the right thing to do. The rings shouldn't be
> > > freed until xhci_endpoint_disable() is called.
> > >
> > > On the other hand, there doesn't appear to be any
> > > xhci_endpoint_disable() routine, although a comment refers to it.
> > > Maybe this is the real problem?
> >
> > one of your old mail might help :)
> >
> > https://www.spinics.net/lists/linux-usb/msg98123.html
>
> Wrote too soon.
>
> Is it the one you are looking for -
> usb_disable_endpoint() is in drivers/usb/core/message.c
I think now I understand what the problem is.
usb_set_interface() calls usb_disable_interface() which again calls
usb_disable_endpoint(). This usb_disable_endpoint() gets the pointer
to 'ep', marks it as NULL and sends the pointer to usb_hcd_flush_endpoint().
After flushing the endpoints usb_disable_endpoint() calls
usb_hcd_disable_endpoint() which tries to do:
if (hcd->driver->endpoint_disable)
hcd->driver->endpoint_disable(hcd, ep);
but there is no endpoint_disable() callback in xhci, so the endpoint is
never marked as disabled. So, next time usb_hcd_flush_endpoint() is
called I get this corruption.
And this is exactly where I used to see the problem happening.
And, my hacky patch worked as I prevented it from calling
usb_disable_interface() in this particular case.
Greg - answering your question here. My hacky patch was based on the
fact that usb_hcd_alloc_bandwidth() is calling hcd->driver->drop_endpoint()
and hcd->driver->add_endpoint() if (cur_alt && new_alt). So, I prevented
usb_disable_interface() to be called for that same condition. And that
worked as the call to usb_hcd_flush_endpoint() was not executed.
I know it is not correct and I might be having memory leaks for this, but
I have the system working till we get the actual fix.
---
Regards
Sudip
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next reply other threads:[~2018-07-17 15:10 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-17 15:10 Sudip Mukherjee [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-07-21 10:55 usb HC busted? Sudip Mukherjee
2018-07-20 14:09 Alan Stern
2018-07-20 12:54 Sudip Mukherjee
2018-07-20 11:46 Mathias Nyman
2018-07-20 11:10 Mathias Nyman
2018-07-19 17:32 Sudip Mukherjee
2018-07-19 15:42 Mathias Nyman
2018-07-19 14:57 Alan Stern
2018-07-19 11:34 Sudip Mukherjee
2018-07-19 10:59 Mathias Nyman
2018-07-17 17:01 Sudip Mukherjee
2018-07-17 15:59 Sudip Mukherjee
2018-07-17 15:52 Greg Kroah-Hartman
2018-07-17 15:08 Alan Stern
2018-07-17 14:49 Sudip Mukherjee
2018-07-17 14:40 Sudip Mukherjee
2018-07-17 14:31 Alan Stern
2018-07-17 14:28 Alan Stern
2018-07-17 13:53 Greg Kroah-Hartman
2018-07-17 13:20 Sudip Mukherjee
2018-07-17 12:04 Greg Kroah-Hartman
2018-07-17 11:41 Sudip Mukherjee
2018-06-30 21:07 Sudip Mukherjee
2018-06-29 11:41 Mathias Nyman
2018-06-27 12:20 Sudip Mukherjee
2018-06-27 11:59 Sudip Mukherjee
2018-06-25 16:15 Sudip Mukherjee
2018-06-21 11:01 Mathias Nyman
2018-06-21 0:53 Sudip Mukherjee
2018-06-08 9:07 Sudip Mukherjee
2018-06-07 7:40 Mathias Nyman
2018-06-06 16:45 Sudip Mukherjee
2018-06-06 16:42 Sudip Mukherjee
2018-06-06 15:36 Andy Shevchenko
2018-06-06 14:12 Mathias Nyman
2018-06-04 15:28 Sudip Mukherjee
2018-06-03 19:37 Sudip Mukherjee
2018-05-24 13:35 Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180717151017.yk5d4glzwqcrxpqc@debian \
--to=sudipm.mukherjee@gmail.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=andy.shevchenko@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=hch@lst.de \
--cc=iommu@lists.linux-foundation.org \
--cc=linux-usb@vger.kernel.org \
--cc=lukaszx.szulc@intel.com \
--cc=m.szyprowski@samsung.com \
--cc=mathias.nyman@intel.com \
--cc=mathias.nyman@linux.intel.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox