From: Felipe Balbi <balbi@ti.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: Felipe Balbi <balbi@ti.com>,
Krzysztof Opasiak <k.opasiak@samsung.com>,
"'Robert Baldyga'" <r.baldyga@samsung.com>,
<gregkh@linuxfoundation.org>, <linux-usb@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <mina86@mina86.com>,
<andrzej.p@samsung.com>
Subject: Re: [PATCH] usb: gadget: f_fs: add "zombie" mode
Date: Tue, 7 Oct 2014 12:57:13 -0500 [thread overview]
Message-ID: <20141007175713.GA16781@saruman> (raw)
In-Reply-To: <Pine.LNX.4.44L0.1410071310550.1504-100000@iolanthe.rowland.org>
[-- Attachment #1: Type: text/plain, Size: 2424 bytes --]
Hi,
On Tue, Oct 07, 2014 at 01:15:32PM -0400, Alan Stern wrote:
> > > Here also I agree. Zombie mode should "mock" the function until first
> > > next enumeration or unbind. It should not be possible to bind gadget
> > > with function in zombie mode to UDC. Zombie mode should "pretend" only
> > > as long as gadget is bound and enumerated.
> >
> > Not really. We shouldn't even coonect to host until adbd is running.
> > Now, when adbd crashes we fix adbd. If it gets killed due to OOM we
> > can't even say "ok, we'll buffer USB requests until adbd is restarted"
> > because, well, we're running out of memory.
> >
> > So, OOM we can't fix. Soon enough, another daemon (mtpd, ptpd, whatever)
> > will be killed and another function will be left unusable.
> >
> > As for adbd/mtpd/ptpd crashes, those need to fixed and kernel should not
> > have to deal with them in any way.
>
> It seems to me that we should imitate what an ordinary USB device would
> do. If part of the firmware crashes, generally you would expect none
> of the endpoints associated with that function to work. Either they
> refuse to accept output from the host or they stall everything. But
> endpoints associated with other parts of the firmware might very well
> continue to work okay.
dunno, I have never seen a USB device firmware crash and I don't think
anybody deliberately does anything to make sure other parts of the
device work. If it _does_ work, I'd assume it's really by chance.
> Don't buffer requests. Either allow the internal FIFOs to fill up or
> else reject everything. Any reasonable host will start getting timeout
> expirations and will realize that something is wrong.
Right, but if we allow this, I can already see folks abusing to connect
to the host early and only when necessary do some trickery to e.g. start
adbd (not saying Android will do this, just using it as an easy
example).
Sure, we can deactivate and only activate when files are opened but is
there any guarantee that when a process receives segfault that we will
have, from FFS point of view, any information to know that the thing
crashed ? I mean, a userland application can register its own handler
for SIGSEGV/SIGKILL, right ? And that handler could very well just call
close() on all file descriptors. Then how do we differentiate a normal
close() from a "oh-crap-I-died" close() ?
--
balbi
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2014-10-07 17:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-06 11:25 [PATCH] usb: gadget: f_fs: add "zombie" mode Robert Baldyga
2014-10-06 12:36 ` Michal Nazarewicz
2014-10-06 12:51 ` Robert Baldyga
2014-10-06 14:07 ` Michal Nazarewicz
2014-10-07 2:28 ` Felipe Balbi
2014-10-07 6:33 ` Robert Baldyga
2014-10-07 14:06 ` Felipe Balbi
2014-10-07 15:01 ` Krzysztof Opasiak
2014-10-07 15:28 ` Felipe Balbi
2014-10-07 16:37 ` Krzysztof Opasiak
2014-10-07 16:51 ` Felipe Balbi
2014-10-07 17:15 ` Alan Stern
2014-10-07 17:57 ` Felipe Balbi [this message]
2014-10-07 18:42 ` Alan Stern
2014-10-07 18:57 ` Felipe Balbi
2014-10-07 19:16 ` Alan Stern
2014-10-07 20:08 ` Michal Nazarewicz
2014-10-08 10:09 ` Krzysztof Opasiak
2014-10-08 11:28 ` Michal Nazarewicz
2014-10-08 14:52 ` Alan Stern
2014-10-09 10:56 ` Michal Nazarewicz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141007175713.GA16781@saruman \
--to=balbi@ti.com \
--cc=andrzej.p@samsung.com \
--cc=gregkh@linuxfoundation.org \
--cc=k.opasiak@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=mina86@mina86.com \
--cc=r.baldyga@samsung.com \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).