From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
To: "stern@rowland.harvard.edu" <stern@rowland.harvard.edu>
Cc: Mathias Nyman <mathias.nyman@linux.intel.com>,
Thinh Nguyen <Thinh.Nguyen@synopsys.com>,
"linux-usb@vger.kernel.org" <linux-usb@vger.kernel.org>,
"michal.pecio@gmail.com" <michal.pecio@gmail.com>,
"oneukum@suse.com" <oneukum@suse.com>,
"niklas.neronin@linux.intel.com" <niklas.neronin@linux.intel.com>
Subject: Re: [RFC PATCH 1/2] xhci: prevent automatic endpoint restart after stall or error
Date: Fri, 3 Apr 2026 01:59:58 +0000 [thread overview]
Message-ID: <20260403015950.lx4n4zdqki37dy27@synopsys.com> (raw)
In-Reply-To: <07351d72-5cdb-45e8-90af-311a0dc49718@rowland.harvard.edu>
On Wed, Apr 01, 2026, stern@rowland.harvard.edu wrote:
> On Thu, Apr 02, 2026 at 01:08:31AM +0300, Mathias Nyman wrote:
> > On 3/31/26 18:31, stern@rowland.harvard.edu wrote:
> > >
> > > How about this instead? We add a "halted" flag to the usb_host_endpoint
> > > structure, and the core will set this flag whenever a bulk or interrupt
> > > URB gets a status other than 0 (before putting the URB on the bh list).
> > > If an URB has one of these statuses, when its completion handler returns
> > > the core will unlink all the URBs queued to the same endpoint. Finally,
> > > the "halted" flag should be cleared after a completion handler returns
> > > if there are no more unlinked URBs still in the queue or URBs waiting on
> > > the bh list to be given back.
> > >
> > > The result of this is that any URB remaining in the queue when the flag
> > > is cleared must have been submitted by the class driver _after_ the
> > > failing URB's completion handler has run. We can assume the class
> > > driver knows what it's doing in this case.
> > >
> > > The endpoint queue shouldn't be restarted until the "halted" flag is
> > > cleared. Either right away, if there are any URBs in the queue, or not
> > > until the next URB is submitted. Doing this might require a new HCD
> > > callback. (It would also mean the kerneldoc for usb_unlink_urb() would
> > > need to be updated, because the endpoint might restart before all the
> > > completion handlers for the unlinked URBs have run.)
> > >
> > > What I'm trying to do here is come up with a single, consistent proposal
> > > for exactly when halted endpoint queues should restart. Maybe someone
> > > else has a better suggestion.
> >
> > Sounds like a possible solution to me.
> >
> > Just to clarify, core should unlink the remaining URBs queued to that endpoint
> > after setting the "halted" flag, but before URB completion is called.
>
> Above I wrote that the remaining URBs should be unlinked _after_ the
> completion handler is called. If we did the unlinks before then the
> class driver might submit a new URB after the unlinks were finished and
> before the completion handler learned about the transaction error, and
> this new URB then wouldn't get unlinked.
>
> It's a race between completion of one URB and submission of another.
>
> > "Halted" flag should be cleared after URB completion returns, and endpoint
> > should be restarted if there are any pending URBs.
>
> To be clear, the flag should be cleared after the completion handlers
> for _all_ the unlinked URBs (as well as the URB getting the original
> error) have returned.
>
> > This allows the class driver URB completion handler to re-queue the halted URB
> > without core unlinking it.
>
> The completion handler shouldn't do this, because it would mean
> resubmitting without doing a clear-halt first. (Completion handlers
> can't do clear-halts because they run in atomic context.) If it does
> try to do this anyway, I see nothing wrong with the core unlinking the
> resubmitted URB.
>
> (Are you going to ask about verification tests that set the endpoint's
> Halt feature, submit an URB, wait for it to fail with -EPIPE, and then
> submit another URB from within the completion handler? :-) )
>
How about this:
Introduce a halted flag the following conditions:
* Introduce the halted flag in usb_host_endpoint
* The halted flag must be implemented as a bit in a unsigned long so
we can use atomic bit operation
* Only the HCD may set the halted flag, and only upon checking the
first URB completing with a halted status
* Only the USB core may clear the halted flag, and only after
usb_reset_endpoint returns (this makes sure the HCD drained and reset
the endpoint before the flag is cleared and new URBs are accepted)
* The usb_reset_endpoint must be called after clear-halt, SetInterface,
and SetConfiguration.
* The USB core will not attempt to unlink pending URBs due to halted
condition
* The HCD is responsible for completing or canceling queued URBs
when the halted flag is set. Cancelled and newly submitted URBs will
be returned with -EPIPE as long as the halted flag is set
* The class driver is responsible to check the halted flag to
determine whether to initiate error recovery via usb_clear_halt
I'm trying to keep a clear separation of responsibilities between HCD
and the USB core. Also, I try to keep the halted flag more closely match
the state of the endpoint.
Let me know what you think?
BR,
Thinh
next prev parent reply other threads:[~2026-04-03 2:00 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-23 12:25 [RFC PATCH 0/2] fix xhci endpoint restart at EPROTO Mathias Nyman
2026-03-23 12:25 ` [RFC PATCH 1/2] xhci: prevent automatic endpoint restart after stall or error Mathias Nyman
2026-03-25 1:52 ` Thinh Nguyen
2026-03-25 9:38 ` Mathias Nyman
2026-03-26 1:19 ` Thinh Nguyen
2026-03-26 11:25 ` Mathias Nyman
2026-03-26 23:24 ` Thinh Nguyen
2026-03-30 12:51 ` Mathias Nyman
2026-03-30 14:17 ` stern
2026-03-31 9:34 ` Mathias Nyman
2026-03-31 15:31 ` stern
2026-04-01 22:08 ` Mathias Nyman
2026-04-02 2:36 ` stern
2026-04-03 1:59 ` Thinh Nguyen [this message]
2026-04-03 2:42 ` stern
2026-04-03 8:51 ` Michal Pecio
2026-04-03 14:55 ` stern
2026-04-03 19:13 ` xhci-hcd and URB_SHORT_NOT_OK Michal Pecio
2026-04-03 20:17 ` stern
2026-04-04 1:15 ` [RFC PATCH 1/2] xhci: prevent automatic endpoint restart after stall or error Thinh Nguyen
2026-04-04 1:54 ` stern
2026-04-04 20:41 ` Thinh Nguyen
2026-04-04 21:54 ` Alan Stern
2026-04-04 22:15 ` Thinh Nguyen
2026-04-04 22:28 ` Thinh Nguyen
2026-04-05 1:30 ` Alan Stern
2026-04-05 3:10 ` Thinh Nguyen
2026-04-07 15:23 ` Alan Stern
2026-04-07 20:24 ` Mathias Nyman
2026-04-17 17:38 ` Alan Stern
2026-04-17 21:48 ` Michal Pecio
2026-04-18 2:34 ` Alan Stern
2026-04-18 9:21 ` Michal Pecio
2026-04-18 14:56 ` Alan Stern
2026-04-01 22:08 ` Thinh Nguyen
2026-04-01 22:34 ` Mathias Nyman
2026-04-01 22:47 ` Thinh Nguyen
2026-03-23 12:25 ` [RFC PATCH 2/2] xhci: Ensure URB is given back when endpoint halts on a multi-TD URB Mathias Nyman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260403015950.lx4n4zdqki37dy27@synopsys.com \
--to=thinh.nguyen@synopsys.com \
--cc=linux-usb@vger.kernel.org \
--cc=mathias.nyman@linux.intel.com \
--cc=michal.pecio@gmail.com \
--cc=niklas.neronin@linux.intel.com \
--cc=oneukum@suse.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox