Date: Mon, 12 Sep 2016 10:20:44 +0000 (UTC) From: Hans Petter Selasky <hselasky@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r305735 - in stable/9/sys: dev/usb dev/usb/template sys Message-ID: <201609121020.u8CAKiYE015383@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hselasky Date: Mon Sep 12 10:20:44 2016 New Revision: 305735 URL: https://svnweb.freebsd.org/changeset/base/305735 Log: MFC r305421: Resolve deadlock between device_detach() and usbd_do_request_flags() by reviving the SX control request lock and refining which lock protects the common scratch area in "struct usb_device". The SX control request lock was removed by r246759 because it caused a lock order reversal with the USB enumeration lock inside usbd_transfer_setup() as a function of r246616. It was thought that reducing the number of locks would resolve the LOR, but because some USB device drivers use usbd_do_request_flags() inside callback functions, like in taskqueues, a deadlock may occur when these are drained from device_detach(). By restoring the SX control request lock usbd_do_request_flags() is allowed to complete its execution when a USB device driver is detaching. By using the SX control request lock to protect the scratch area, the LOR introduced by r246616 is also resolved. Bump the FreeBSD version while at it to force recompilation of all USB kernel modules. Found by: avos@ Modified: stable/9/sys/dev/usb/template/usb_template.c stable/9/sys/dev/usb/usb_device.c stable/9/sys/dev/usb/usb_device.h stable/9/sys/dev/usb/usb_generic.c stable/9/sys/dev/usb/usb_request.c stable/9/sys/dev/usb/usb_transfer.c stable/9/sys/dev/usb/usb_util.c stable/9/sys/sys/param.h Directory Properties: stable/9/sys/ (props changed) stable/9/sys/sys/ (props changed) Modified: stable/9/sys/dev/usb/template/usb_template.c ============================================================================== --- stable/9/sys/dev/usb/template/usb_template.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/template/usb_template.c Mon Sep 12 10:20:44 2016 (r305735) @@ -1240,7 +1240,7 @@ usb_temp_setup(struct usb_device *udev, return (0); /* Protect scratch area */ - do_unlock = usbd_enum_lock(udev); + do_unlock = usbd_ctrl_lock(udev); uts = udev->scratch.temp_setup; @@ -1319,7 +1319,7 @@ done: if (error) usb_temp_unsetup(udev); if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); return (error); } Modified: stable/9/sys/dev/usb/usb_device.c ============================================================================== --- stable/9/sys/dev/usb/usb_device.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_device.c Mon Sep 12 10:20:44 2016 (r305735) @@ -1555,6 +1555,7 @@ usb_alloc_device(device_t parent_dev, st /* initialise our SX-lock */ sx_init_flags(&udev->enum_sx, "USB config SX lock", SX_DUPOK); sx_init_flags(&udev->sr_sx, "USB suspend and resume SX lock", SX_NOWITNESS); + sx_init_flags(&udev->ctrl_sx, "USB control transfer SX lock", SX_DUPOK); cv_init(&udev->ctrlreq_cv, "WCTRL"); cv_init(&udev->ref_cv, "UGONE"); @@ -1740,7 +1741,7 @@ usb_alloc_device(device_t parent_dev, st */ /* Protect scratch area */ - do_unlock = usbd_enum_lock(udev); + do_unlock = usbd_ctrl_lock(udev); scratch_ptr = udev->scratch.data; @@ -1791,7 +1792,7 @@ usb_alloc_device(device_t parent_dev, st } if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); /* assume 100mA bus powered for now. Changed when configured. */ udev->power = USB_MIN_POWER; @@ -2158,6 +2159,7 @@ usb_free_device(struct usb_device *udev, sx_destroy(&udev->enum_sx); sx_destroy(&udev->sr_sx); + sx_destroy(&udev->ctrl_sx); cv_destroy(&udev->ctrlreq_cv); cv_destroy(&udev->ref_cv); @@ -2321,7 +2323,7 @@ usbd_set_device_strings(struct usb_devic uint8_t do_unlock; /* Protect scratch area */ - do_unlock = usbd_enum_lock(udev); + do_unlock = usbd_ctrl_lock(udev); temp_ptr = (char *)udev->scratch.data; temp_size = sizeof(udev->scratch.data); @@ -2381,7 +2383,7 @@ usbd_set_device_strings(struct usb_devic } if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); } /* @@ -2788,6 +2790,40 @@ usbd_enum_is_locked(struct usb_device *u } /* + * The following function is used to serialize access to USB control + * transfers and the USB scratch area. If the lock is already grabbed + * this function returns zero. Else a value of one is returned. + */ +uint8_t +usbd_ctrl_lock(struct usb_device *udev) +{ + if (sx_xlocked(&udev->ctrl_sx)) + return (0); + sx_xlock(&udev->ctrl_sx); + + /* + * We need to allow suspend and resume at this point, else the + * control transfer will timeout if the device is suspended! + */ + if (usbd_enum_is_locked(udev)) + usbd_sr_unlock(udev); + return (1); +} + +void +usbd_ctrl_unlock(struct usb_device *udev) +{ + sx_xunlock(&udev->ctrl_sx); + + /* + * Restore the suspend and resume lock after we have unlocked + * the USB control transfer lock to avoid LOR: + */ + if (usbd_enum_is_locked(udev)) + usbd_sr_lock(udev); +} + +/* * The following function is used to set the per-interface specific * plug and play information. The string referred to by the pnpinfo * argument can safely be freed after calling this function. The Modified: stable/9/sys/dev/usb/usb_device.h ============================================================================== --- stable/9/sys/dev/usb/usb_device.h Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_device.h Mon Sep 12 10:20:44 2016 (r305735) @@ -162,7 +162,7 @@ struct usb_temp_setup { /* * The scratch area for USB devices. Access to this structure is - * protected by the enumeration SX lock. + * protected by the control SX lock. */ union usb_device_scratch { struct usb_hw_ep_scratch hw_ep_scratch[1]; @@ -183,6 +183,7 @@ struct usb_device { struct usb_udev_msg cs_msg[2]; struct sx enum_sx; struct sx sr_sx; + struct sx ctrl_sx; struct mtx device_mtx; struct cv ctrlreq_cv; struct cv ref_cv; @@ -308,6 +309,8 @@ uint8_t usbd_enum_lock_sig(struct usb_de void usbd_enum_unlock(struct usb_device *); void usbd_sr_lock(struct usb_device *); void usbd_sr_unlock(struct usb_device *); +uint8_t usbd_ctrl_lock(struct usb_device *); +void usbd_ctrl_unlock(struct usb_device *); uint8_t usbd_enum_is_locked(struct usb_device *); #if USB_HAVE_TT_SUPPORT Modified: stable/9/sys/dev/usb/usb_generic.c ============================================================================== --- stable/9/sys/dev/usb/usb_generic.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_generic.c Mon Sep 12 10:20:44 2016 (r305735) @@ -706,16 +706,16 @@ ugen_get_cdesc(struct usb_fifo *f, struc return (error); } -/* - * This function is called having the enumeration SX locked which - * protects the scratch area used. - */ static int ugen_get_sdesc(struct usb_fifo *f, struct usb_gen_descriptor *ugd) { void *ptr; uint16_t size; int error; + uint8_t do_unlock; + + /* Protect scratch area */ + do_unlock = usbd_ctrl_lock(f->udev); ptr = f->udev->scratch.data; size = sizeof(f->udev->scratch.data); @@ -736,6 +736,9 @@ ugen_get_sdesc(struct usb_fifo *f, struc error = copyout(ptr, ugd->ugd_data, size); } + if (do_unlock) + usbd_ctrl_unlock(f->udev); + return (error); } Modified: stable/9/sys/dev/usb/usb_request.c ============================================================================== --- stable/9/sys/dev/usb/usb_request.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_request.c Mon Sep 12 10:20:44 2016 (r305735) @@ -453,16 +453,9 @@ usbd_do_request_flags(struct usb_device } /* - * Grab the USB device enumeration SX-lock serialization is - * achieved when multiple threads are involved: + * Serialize access to this function: */ - do_unlock = usbd_enum_lock(udev); - - /* - * We need to allow suspend and resume at this point, else the - * control transfer will timeout if the device is suspended! - */ - usbd_sr_unlock(udev); + do_unlock = usbd_ctrl_lock(udev); hr_func = usbd_get_hr_func(udev); @@ -706,10 +699,8 @@ usbd_do_request_flags(struct usb_device USB_XFER_UNLOCK(xfer); done: - usbd_sr_lock(udev); - if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); if ((mtx != NULL) && (mtx != &Giant)) mtx_lock(mtx); Modified: stable/9/sys/dev/usb/usb_transfer.c ============================================================================== --- stable/9/sys/dev/usb/usb_transfer.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_transfer.c Mon Sep 12 10:20:44 2016 (r305735) @@ -872,7 +872,7 @@ usbd_transfer_setup(struct usb_device *u return (error); /* Protect scratch area */ - do_unlock = usbd_enum_lock(udev); + do_unlock = usbd_ctrl_lock(udev); refcount = 0; info = NULL; @@ -1171,7 +1171,7 @@ done: error = parm->err; if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); return (error); } Modified: stable/9/sys/dev/usb/usb_util.c ============================================================================== --- stable/9/sys/dev/usb/usb_util.c Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/dev/usb/usb_util.c Mon Sep 12 10:20:44 2016 (r305735) @@ -94,7 +94,7 @@ device_set_usb_desc(device_t dev) } /* Protect scratch area */ - do_unlock = usbd_enum_lock(udev); + do_unlock = usbd_ctrl_lock(udev); temp_p = (char *)udev->scratch.data; @@ -111,7 +111,7 @@ device_set_usb_desc(device_t dev) } if (do_unlock) - usbd_enum_unlock(udev); + usbd_ctrl_unlock(udev); device_set_desc_copy(dev, temp_p); device_printf(dev, "<%s> on %s\n", temp_p, Modified: stable/9/sys/sys/param.h ============================================================================== --- stable/9/sys/sys/param.h Mon Sep 12 10:17:25 2016 (r305734) +++ stable/9/sys/sys/param.h Mon Sep 12 10:20:44 2016 (r305735) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 903510 /* Master, propagated to newvers */ +#define __FreeBSD_version 903511 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609121020.u8CAKiYE015383>