Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 May 2007 20:22:16 GMT
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        Perforce Change Reviews <perforce@FreeBSD.org>
Subject:   PERFORCE change 119690 for review
Message-ID:  <200705112022.l4BKMG3i091127@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=119690

Change 119690 by hselasky@hselasky_mini_itx on 2007/05/11 20:22:08

	Resolve some locking issues in the USB network stack
	when passing packets up via "if_input".

Affected files ...

.. //depot/projects/usb/src/sys/dev/usb/if_aue.c#24 edit
.. //depot/projects/usb/src/sys/dev/usb/if_axe.c#23 edit
.. //depot/projects/usb/src/sys/dev/usb/if_cdce.c#16 edit
.. //depot/projects/usb/src/sys/dev/usb/if_cue.c#19 edit
.. //depot/projects/usb/src/sys/dev/usb/if_kue.c#21 edit
.. //depot/projects/usb/src/sys/dev/usb/if_rue.c#20 edit
.. //depot/projects/usb/src/sys/dev/usb/if_rum.c#3 edit
.. //depot/projects/usb/src/sys/dev/usb/if_udav.c#20 edit
.. //depot/projects/usb/src/sys/dev/usb/if_ural.c#26 edit
.. //depot/projects/usb/src/sys/dev/usb/usb_port.h#14 edit

Differences ...

==== //depot/projects/usb/src/sys/dev/usb/if_aue.c#24 (text+ko) ====

@@ -1079,7 +1079,7 @@
 {
 	struct aue_softc *sc = xfer->priv_sc;
 	struct ifnet *ifp = sc->sc_ifp;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -1142,8 +1142,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & AUE_FLAG_READ_STALL) {
@@ -1151,6 +1149,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_axe.c#23 (text+ko) ====

@@ -1059,6 +1059,11 @@
 	struct axe_sframe_hdr hdr;
 	struct ifnet *ifp = sc->sc_ifp;
 	struct mbuf *m;
+	struct { /* mini-queue */
+	  struct mbuf *ifq_head;
+	  struct mbuf *ifq_tail;
+	  uint16_t ifq_len;
+	} mq = { NULL, NULL, 0 };
 	uint16_t pos;
 	uint16_t len;
 	uint16_t adjust;
@@ -1117,7 +1122,6 @@
 	    }
 
 	    m = usbd_ether_get_mbuf();
-
 	    if (m == NULL) {
 	        /* we are out of memory */
 	        break;
@@ -1133,7 +1137,8 @@
 	    m->m_pkthdr.rcvif = ifp;
 	    m->m_pkthdr.len = m->m_len;
 
-	    (ifp->if_input)(ifp, m);
+	    /* enqueue */
+	    _IF_ENQUEUE(&(mq), m);
 
 	skip:
 
@@ -1159,6 +1164,27 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (mq.ifq_head) {
+
+	    mtx_unlock(&(sc->sc_mtx));
+
+	    while (1) {
+
+	      _IF_DEQUEUE(&(mq), m);
+
+	      if (m == NULL) break;
+
+	      (ifp->if_input)(ifp, m);
+	    }
+
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_cdce.c#16 (text+ko) ====

@@ -717,7 +717,7 @@
 {
 	struct cdce_softc *sc = xfer->priv_sc;
 	struct ifnet *ifp = sc->sc_ifp;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -761,8 +761,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & CDCE_FLAG_READ_STALL) {
@@ -770,6 +768,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_cue.c#19 (text+ko) ====

@@ -650,7 +650,7 @@
 {
 	struct cue_softc *sc = xfer->priv_sc;
 	struct ifnet *ifp = sc->sc_ifp;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 	u_int8_t buf[2];
 	u_int16_t len;
 
@@ -695,8 +695,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & CUE_FLAG_READ_STALL) {
@@ -704,6 +702,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_kue.c#21 (text+ko) ====

@@ -690,7 +690,7 @@
 {
 	struct kue_softc *sc = xfer->priv_sc;
 	struct ifnet *ifp = sc->sc_ifp;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 	u_int8_t buf[2];
 	u_int16_t len;
 
@@ -735,8 +735,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & KUE_FLAG_READ_STALL) {
@@ -744,6 +742,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_rue.c#20 (text+ko) ====

@@ -968,7 +968,7 @@
 	struct rue_softc *sc = xfer->priv_sc;
 	struct ifnet *ifp = sc->sc_ifp;
 	u_int16_t status;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -1023,8 +1023,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & RUE_FLAG_READ_STALL) {
@@ -1032,6 +1030,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_rum.c#3 (text+ko) ====

@@ -1009,11 +1009,11 @@
 	struct rum_softc *sc = xfer->priv_sc;
 	struct ieee80211com *ic = &(sc->sc_ic);
 	struct ifnet *ifp = ic->ic_ifp;
-	struct ieee80211_node *ni;
+	struct ieee80211_node *ni = NULL;
 	struct mbuf *m = NULL;
 	uint32_t flags;
 	uint32_t max_len;
-	uint8_t rssi;
+	uint8_t rssi = 0;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -1074,6 +1074,8 @@
 		    "descriptor, %u bytes, received %u bytes\n",
 		    m->m_len, max_len);
 	    ifp->if_ierrors++;
+	    m_freem(m);
+	    m = NULL;
 	    goto tr_setup;
 	}
 
@@ -1096,34 +1098,30 @@
 
 	ni = ieee80211_find_rxnode(ic, (void *)(m->m_data));
 
-	mtx_unlock(&(sc->sc_mtx));
+ tr_setup:
+
+	if (sc->sc_flags & RUM_FLAG_READ_STALL) {
+	    usbd_transfer_start(sc->sc_xfer[3]);
+	} else {
+	    usbd_start_hardware(xfer);
+	}
 
-	/* XXX it is possibly not safe 
-	 * to do the following unlocked:
-	 * --hps
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "ieee80211_input" here, and not
+	 * some lines up!
 	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
 
-	/* send the frame to the 802.11 layer */
-	ieee80211_input(ic, m, ni, rssi, 0);
+	    /* send the frame to the 802.11 layer */
+	    ieee80211_input(ic, m, ni, rssi, 0);
 
-	mtx_lock(&(sc->sc_mtx));
+	    mtx_lock(&(sc->sc_mtx));
 
-	/* node is no longer needed */
-	ieee80211_free_node(ni);
-
-	m = NULL;
-
- tr_setup:
-	if (m) {
-	    m_freem(m);
+	    /* node is no longer needed */
+	    ieee80211_free_node(ni);
 	}
-
-	if (sc->sc_flags & RUM_FLAG_READ_STALL) {
-	    usbd_transfer_start(sc->sc_xfer[3]);
-	    return;
-	}
-
-	usbd_start_hardware(xfer);
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_udav.c#20 (text+ko) ====

@@ -1009,7 +1009,7 @@
 	struct ifnet *ifp = sc->sc_ifp;
 	u_int8_t status;
 	u_int16_t total_len;
-	struct mbuf *m;
+	struct mbuf *m = NULL;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -1074,8 +1074,6 @@
 	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.len = m->m_len = xfer->actlen;
 
-	(ifp->if_input)(ifp, m);
-
  tr_setup:
 
 	if (sc->sc_flags & UDAV_FLAG_READ_STALL) {
@@ -1083,6 +1081,17 @@
 	} else {
 	    usbd_start_hardware(xfer);
 	}
+
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "if_input" here, and not
+	 * some lines up!
+	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
+	    (ifp->if_input)(ifp, m);
+	    mtx_lock(&(sc->sc_mtx));
+	}
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/if_ural.c#26 (text+ko) ====

@@ -1090,11 +1090,11 @@
 	struct ural_softc *sc = xfer->priv_sc;
 	struct ieee80211com *ic = &(sc->sc_ic);
 	struct ifnet *ifp = ic->ic_ifp;
-	struct ieee80211_node *ni;
+	struct ieee80211_node *ni = NULL;
 	struct mbuf *m = NULL;
 	u_int32_t flags;
 	u_int32_t max_len;
-	uint8_t rssi;
+	uint8_t rssi = 0;
 
 	USBD_CHECK_STATUS(xfer);
 
@@ -1142,6 +1142,8 @@
 	     */
 	    DPRINTF(sc, 5, "PHY or CRC error\n");
 	    ifp->if_ierrors++;
+	    m_freem(m);
+	    m = NULL;
 	    goto tr_setup;
 	}
 
@@ -1155,6 +1157,8 @@
 		    "descriptor, %u bytes, received %u bytes\n",
 		    m->m_len, max_len);
 	    ifp->if_ierrors++;
+	    m_freem(m);
+	    m = NULL;
 	    goto tr_setup;
 	}
 
@@ -1177,35 +1181,30 @@
 
 	ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)
 				   (m->m_data));
+ tr_setup:
 
-	mtx_unlock(&(sc->sc_mtx));
+	if (sc->sc_flags & URAL_FLAG_READ_STALL) {
+	    usbd_transfer_start(sc->sc_xfer[3]);
+	} else {
+	    usbd_start_hardware(xfer);
+	}
 
-	/* XXX it is possibly not safe 
-	 * to do the following unlocked:
-	 * --hps
+	/* At the end of a USB callback it is always safe
+	 * to unlock the private mutex of a device! That
+	 * is why we do the "ieee80211_input" here, and not
+	 * some lines up!
 	 */
+	if (m) {
+	    mtx_unlock(&(sc->sc_mtx));
 
-	/* send the frame to the 802.11 layer */
-	ieee80211_input(ic, m, ni, rssi, 0);
+	    /* send the frame to the 802.11 layer */
+	    ieee80211_input(ic, m, ni, rssi, 0);
 
-	mtx_lock(&(sc->sc_mtx));
+	    mtx_lock(&(sc->sc_mtx));
 
-	/* node is no longer needed */
-	ieee80211_free_node(ni);
-
-	m = NULL;
-
- tr_setup:
-	if (m) {
-	    m_freem(m);
+	    /* node is no longer needed */
+	    ieee80211_free_node(ni);
 	}
-
-	if (sc->sc_flags & URAL_FLAG_READ_STALL) {
-	    usbd_transfer_start(sc->sc_xfer[3]);
-	    return;
-	}
-
-	usbd_start_hardware(xfer);
 	return;
 }
 

==== //depot/projects/usb/src/sys/dev/usb/usb_port.h#14 (text+ko) ====

@@ -111,7 +111,6 @@
 #endif
 
 #define Ether_ifattach ether_ifattach
-#define IF_INPUT(ifp, m) (*(ifp)->if_input)((ifp), (m))
 
 #elif defined(__OpenBSD__)
 /*
@@ -167,13 +166,6 @@
 
 #define Ether_ifattach(ifp, eaddr) ether_ifattach(ifp)
 #define if_deactivate(x)
-#define IF_INPUT(ifp, m) do {						\
-	struct ether_header *eh;					\
-									\
-	eh = mtod(m, struct ether_header *);				\
-	m_adj(m, sizeof(struct ether_header));				\
-	ether_input((ifp), (eh), (m));					\
-} while (0)
 
 #define powerhook_establish(fn, sc) (fn)
 #define powerhook_disestablish(hdl)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705112022.l4BKMG3i091127>