* [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions
@ 2017-01-30 15:36 Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 1/4] xhci: only free completed transfers Gerd Hoffmann
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2017-01-30 15:36 UTC (permalink / raw)
To: qemu-devel; +Cc: 1653384, fabian, Gerd Hoffmann
Hi,
Commit 94b037f2a451b3dc855f9f2c346e5049a361bd55 caused some regressions,
partly plain bugs in that commit, partly it seems to have uncovered
other issues lurking in the xhci code. This series fixes the isses
which poped up so far.
cheers,
Gerd
Gerd Hoffmann (4):
xhci: only free completed transfers
xhci: rename xhci_complete_packet to xhci_try_complete_packet
xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer
xhci: guard xhci_kick_epctx against recursive calls
hw/usb/hcd-xhci.c | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
--
1.8.3.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 1/4] xhci: only free completed transfers
2017-01-30 15:36 [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions Gerd Hoffmann
@ 2017-01-30 15:36 ` Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 2/4] xhci: rename xhci_complete_packet to xhci_try_complete_packet Gerd Hoffmann
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2017-01-30 15:36 UTC (permalink / raw)
To: qemu-devel; +Cc: 1653384, fabian, Gerd Hoffmann
Most callsites check already, one was missed.
Cc: 1653384@bugs.launchpad.net
Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
Reported-by: Fabian Lesniak <fabian@lesniak-it.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index e0b5169..dd429dc 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -2198,7 +2198,9 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
xhci_complete_packet(xfer);
}
assert(!xfer->running_retry);
- xhci_ep_free_xfer(epctx->retry);
+ if (xfer->complete) {
+ xhci_ep_free_xfer(epctx->retry);
+ }
epctx->retry = NULL;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 2/4] xhci: rename xhci_complete_packet to xhci_try_complete_packet
2017-01-30 15:36 [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 1/4] xhci: only free completed transfers Gerd Hoffmann
@ 2017-01-30 15:36 ` Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 3/4] xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 4/4] xhci: guard xhci_kick_epctx against recursive calls Gerd Hoffmann
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2017-01-30 15:36 UTC (permalink / raw)
To: qemu-devel; +Cc: 1653384, fabian, Gerd Hoffmann
Make clear that this isn't guaranteed to actually complete the transfer,
the usb packet can still be in flight after calling that function.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index dd429dc..4e2807e 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1897,7 +1897,7 @@ static int xhci_setup_packet(XHCITransfer *xfer)
return 0;
}
-static int xhci_complete_packet(XHCITransfer *xfer)
+static int xhci_try_complete_packet(XHCITransfer *xfer)
{
if (xfer->packet.status == USB_RET_ASYNC) {
trace_usb_xhci_xfer_async(xfer);
@@ -2002,7 +2002,7 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
- xhci_complete_packet(xfer);
+ xhci_try_complete_packet(xfer);
if (!xfer->running_async && !xfer->running_retry) {
xhci_kick_epctx(xfer->epctx, 0);
}
@@ -2106,7 +2106,7 @@ static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx
}
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
- xhci_complete_packet(xfer);
+ xhci_try_complete_packet(xfer);
if (!xfer->running_async && !xfer->running_retry) {
xhci_kick_epctx(xfer->epctx, xfer->streamid);
}
@@ -2185,7 +2185,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
}
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
assert(xfer->packet.status != USB_RET_NAK);
- xhci_complete_packet(xfer);
+ xhci_try_complete_packet(xfer);
} else {
/* retry nak'ed transfer */
if (xhci_setup_packet(xfer) < 0) {
@@ -2195,7 +2195,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
if (xfer->packet.status == USB_RET_NAK) {
return;
}
- xhci_complete_packet(xfer);
+ xhci_try_complete_packet(xfer);
}
assert(!xfer->running_retry);
if (xfer->complete) {
@@ -3492,7 +3492,7 @@ static void xhci_complete(USBPort *port, USBPacket *packet)
xhci_ep_nuke_one_xfer(xfer, 0);
return;
}
- xhci_complete_packet(xfer);
+ xhci_try_complete_packet(xfer);
xhci_kick_epctx(xfer->epctx, xfer->streamid);
if (xfer->complete) {
xhci_ep_free_xfer(xfer);
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 3/4] xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer
2017-01-30 15:36 [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 1/4] xhci: only free completed transfers Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 2/4] xhci: rename xhci_complete_packet to xhci_try_complete_packet Gerd Hoffmann
@ 2017-01-30 15:36 ` Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 4/4] xhci: guard xhci_kick_epctx against recursive calls Gerd Hoffmann
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2017-01-30 15:36 UTC (permalink / raw)
To: qemu-devel; +Cc: 1653384, fabian, Gerd Hoffmann
xhci_submit and xhci_fire_ctl_transfer are is called from
xhci_kick_epctx processing loop only, so there is no need to call
xhci_kick_epctx make sure processing continues. Also eecursive calls
into xhci_kick_epctx can cause trouble.
Drop the xhci_kick_epctx calls.
Cc: 1653384@bugs.launchpad.net
Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
Reported-by: Fabian Lesniak <fabian@lesniak-it.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 4e2807e..899a410 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -2001,11 +2001,7 @@ static int xhci_fire_ctl_transfer(XHCIState *xhci, XHCITransfer *xfer)
xfer->packet.parameter = trb_setup->parameter;
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
-
xhci_try_complete_packet(xfer);
- if (!xfer->running_async && !xfer->running_retry) {
- xhci_kick_epctx(xfer->epctx, 0);
- }
return 0;
}
@@ -2105,11 +2101,7 @@ static int xhci_submit(XHCIState *xhci, XHCITransfer *xfer, XHCIEPContext *epctx
return -1;
}
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
-
xhci_try_complete_packet(xfer);
- if (!xfer->running_async && !xfer->running_retry) {
- xhci_kick_epctx(xfer->epctx, xfer->streamid);
- }
return 0;
}
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH 4/4] xhci: guard xhci_kick_epctx against recursive calls
2017-01-30 15:36 [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions Gerd Hoffmann
` (2 preceding siblings ...)
2017-01-30 15:36 ` [Qemu-devel] [PATCH 3/4] xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer Gerd Hoffmann
@ 2017-01-30 15:36 ` Gerd Hoffmann
3 siblings, 0 replies; 5+ messages in thread
From: Gerd Hoffmann @ 2017-01-30 15:36 UTC (permalink / raw)
To: qemu-devel; +Cc: 1653384, fabian, Gerd Hoffmann
Track xhci_kick_epctx processing being active in a variable. Check the
variable before calling xhci_kick_epctx from xhci_kick_ep. Add an
assert to make sure we don't call recursively into xhci_kick_epctx.
Cc: 1653384@bugs.launchpad.net
Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
Reported-by: Fabian Lesniak <fabian@lesniak-it.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 899a410..12cac89 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -390,6 +390,7 @@ struct XHCIEPContext {
dma_addr_t pctx;
unsigned int max_psize;
uint32_t state;
+ uint32_t kick_active;
/* streams */
unsigned int max_pstreams;
@@ -2131,6 +2132,9 @@ static void xhci_kick_ep(XHCIState *xhci, unsigned int slotid,
return;
}
+ if (!epctx->kick_active) {
+ return;
+ }
xhci_kick_epctx(epctx, streamid);
}
@@ -2155,6 +2159,9 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
return;
}
+ assert(!epctx->kick_active);
+ epctx->kick_active++;
+
if (epctx->retry) {
XHCITransfer *xfer = epctx->retry;
@@ -2253,6 +2260,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
break;
}
}
+ epctx->kick_active--;
ep = xhci_epid_to_usbep(epctx);
if (ep) {
--
1.8.3.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-01-30 15:36 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-30 15:36 [Qemu-devel] [PATCH 0/4] xhci: fix misc regressions Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 1/4] xhci: only free completed transfers Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 2/4] xhci: rename xhci_complete_packet to xhci_try_complete_packet Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 3/4] xhci: don't kick in xhci_submit and xhci_fire_ctl_transfer Gerd Hoffmann
2017-01-30 15:36 ` [Qemu-devel] [PATCH 4/4] xhci: guard xhci_kick_epctx against recursive calls Gerd Hoffmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).