linux-stable/drivers/usb/host
Sarah Sharp 678539cfaa USB: xhci: Handle URB cancel, complete and resubmit race.
In the old code, there was a race condition between the stop endpoint
command and the URB submission process.  When the stop endpoint command is
handled by the event handler, the endpoint ring is assumed to be stopped.
When a stop endpoint command is queued, URB submissions are to not ring
the doorbell.  The old code would check the number of pending URBs to be
canceled, and would not ring the doorbell if it was non-zero.

However, the following race condition could occur with the old code:

1. Cancel an URB, add it to the list of URBs to be canceled, queue the stop
   endpoint command, and increment ep->cancels_pending to 1.
2. The URB finishes on the HW, and an event is enqueued to the event ring
   (at the same time as 1).
3. The stop endpoint command finishes, and the endpoint is halted.  An
   event is queued to the event ring.
4. The event handler sees the finished URB, notices it was to be
   canceled, decrements ep->cancels_pending to 0, and removes it from the to
   be canceled list.
5. The event handler drops the lock and gives back the URB.  The
   completion handler requeues the URB (or a different driver enqueues a new
   URB).  This causes the endpoint's doorbell to be rung, since
   ep->cancels_pending == 0.  The endpoint is now running.
6. A second URB is canceled, and it's added to the canceled list.
   Since ep->cancels_pending == 0, a new stop endpoint command is queued, and
   ep->cancels_pending is incremented to 1.
7. The event handler then sees the completed stop endpoint command.  The
   handler assumes the endpoint is stopped, but it isn't.  It attempts to
   move the dequeue pointer or change TDs to cancel the second URB, while the
   hardware is actively accessing the endpoint ring.

To eliminate this race condition, a new endpoint state bit is introduced,
EP_HALT_PENDING.  When this bit is set, a stop endpoint command has been
queued, and the command handler has not begun to process the URB
cancellation list yet.  The endpoint doorbell should not be rung when this
is set.  Set this when a stop endpoint command is queued, clear it when
the handler for that command runs, and check if it's set before ringing a
doorbell.  ep->cancels_pending is eliminated, because it is no longer
used.

Make sure to ring the doorbell for an endpoint when the stop endpoint
command handler runs, even if the canceled URB list is empty.  All
canceled URBs could have completed and new URBs could have been enqueued
without the doorbell being rung before the command was handled.

Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-12-11 11:55:17 -08:00
..
whci USB: wusb: add wusb_phy_rate sysfs file to host controllers 2009-12-11 11:55:16 -08:00
ehci-atmel.c USB: at91: Add USB EHCI driver for at91sam9g45 series 2009-09-23 06:46:30 -07:00
ehci-au1xxx.c USB: au1xxx: add dev_pm_ops 2009-09-23 06:46:29 -07:00
ehci-dbg.c USB: EHCI: split ehci_qh into hw and sw parts 2009-09-23 06:46:29 -07:00
ehci-fsl.c USB: EHCI: use the new clear_tt_buffer interface 2009-07-12 15:16:39 -07:00
ehci-fsl.h
ehci-hcd.c USB: host: ehci: introduce omap ehci-hcd driver 2009-12-11 11:55:16 -08:00
ehci-hub.c USB: ehci-hub: Remove redundant ehci->debug check 2009-12-11 11:55:13 -08:00
ehci-ixp4xx.c USB: EHCI: use the new clear_tt_buffer interface 2009-07-12 15:16:39 -07:00
ehci-mem.c USB: EHCI: split ehci_qh into hw and sw parts 2009-09-23 06:46:29 -07:00
ehci-omap.c USB: host: ehci: introduce omap ehci-hcd driver 2009-12-11 11:55:16 -08:00
ehci-orion.c USB: ehci-orion: Call ehci_reset before ehci_halt 2009-07-28 14:31:10 -07:00
ehci-pci.c USB: work around for EHCI with quirky periodic schedules 2009-11-30 16:43:16 -08:00
ehci-ppc-of.c USB: EHCI: use the new clear_tt_buffer interface 2009-07-12 15:16:39 -07:00
ehci-ps3.c USB: EHCI: use the new clear_tt_buffer interface 2009-07-12 15:16:39 -07:00
ehci-q.c USB: EHCI: don't send Clear-TT-Buffer following a STALL 2009-11-30 16:43:15 -08:00
ehci-sched.c USB: work around for EHCI with quirky periodic schedules 2009-11-30 16:43:16 -08:00
ehci-w90x900.c USB: Add nuvoton Ehci driver for w90p910 platform 2009-09-23 06:46:20 -07:00
ehci-xilinx-of.c USB: Add support for Xilinx USB host controller 2009-12-11 11:55:13 -08:00
ehci.h USB: work around for EHCI with quirky periodic schedules 2009-11-30 16:43:16 -08:00
fhci-dbg.c USB: FHCI: use the new usb debugfs directory 2009-06-15 21:44:43 -07:00
fhci-hcd.c USB: FHCI: use dev_name() in place of bus_id. 2009-03-24 16:38:23 -07:00
fhci-hub.c USB: Driver for Freescale QUICC Engine USB Host Controller 2009-01-27 16:15:38 -08:00
fhci-mem.c USB: Driver for Freescale QUICC Engine USB Host Controller 2009-01-27 16:15:38 -08:00
fhci-q.c USB: Driver for Freescale QUICC Engine USB Host Controller 2009-01-27 16:15:38 -08:00
fhci-sched.c tree-wide: fix assorted typos all over the place 2009-12-04 15:39:55 +01:00
fhci-tds.c USB: Driver for Freescale QUICC Engine USB Host Controller 2009-01-27 16:15:38 -08:00
fhci.h USB: Driver for Freescale QUICC Engine USB Host Controller 2009-01-27 16:15:38 -08:00
hwa-hc.c wusb: hwa-hc: Drop unused pci_suspend/resume hooks. 2009-06-15 21:44:44 -07:00
isp116x-hcd.c USB: make transfer_buffer_lengths in struct urb field u32 2009-03-24 16:20:36 -07:00
isp116x.h USB: add missing KERN_* constants to printks 2009-03-24 16:20:30 -07:00
isp1362-hcd.c USB: isp1362: fix build warnings on 64-bit systems 2009-10-09 13:52:07 -07:00
isp1362.h USB: isp1362: fix build warnings on 64-bit systems 2009-10-09 13:52:07 -07:00
isp1760-hcd.c USB: isp1760: allow platform devices to customize devflags 2009-09-23 06:46:29 -07:00
isp1760-hcd.h USB: isp1760: allow platform devices to customize devflags 2009-09-23 06:46:29 -07:00
isp1760-if.c USB: isp1760: allow platform devices to customize devflags 2009-09-23 06:46:29 -07:00
Kconfig USB: Add support for Xilinx USB host controller 2009-12-11 11:55:13 -08:00
Makefile USB: NXP ISP1362 USB host driver 2009-09-23 06:46:30 -07:00
ohci-at91.c USB: modifications for at91sam9g10 2009-12-11 11:55:15 -08:00
ohci-au1xxx.c USB: au1xxx: add dev_pm_ops 2009-09-23 06:46:29 -07:00
ohci-dbg.c USB: OHCI: use the ohci structure directly in debugfs files. 2009-06-15 21:44:43 -07:00
ohci-ep93xx.c USB: ohci-ep93xx.c: remove unused variable 2009-09-23 06:46:34 -07:00
ohci-hcd.c USB: ohci: quirk AMD prefetch for USB 1.1 ISO transfer 2009-11-17 16:46:33 -08:00
ohci-hub.c
ohci-lh7a404.c
ohci-mem.c
ohci-omap.c omap: headers: Move remaining headers from include/mach to include/plat 2009-10-20 09:40:47 -07:00
ohci-pci.c USB: ohci: quirk AMD prefetch for USB 1.1 ISO transfer 2009-11-17 16:46:33 -08:00
ohci-pnx4008.c USB: Add missing static markers to ohci-pnx4008 2009-12-11 11:55:14 -08:00
ohci-pnx8550.c
ohci-ppc-of.c USB: powerpc: Workaround for the PPC440EPX USBH_23 errata [take 3] 2009-01-07 09:59:52 -08:00
ohci-ppc-soc.c
ohci-ps3.c usb/ps3: Add missing annotations 2009-06-16 14:17:32 +10:00
ohci-pxa27x.c Merge branch 'origin' into for-linus 2009-09-24 21:22:33 +01:00
ohci-q.c USB: ohci: quirk AMD prefetch for USB 1.1 ISO transfer 2009-11-17 16:46:33 -08:00
ohci-s3c2410.c USB: S3C: Move usb-control.h to platform include 2009-03-24 16:20:45 -07:00
ohci-sa1111.c
ohci-sh.c
ohci-sm501.c
ohci-ssb.c
ohci-tmio.c usb: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-07 09:59:52 -08:00
ohci.h USB: ohci: quirk AMD prefetch for USB 1.1 ISO transfer 2009-11-17 16:46:33 -08:00
oxu210hp-hcd.c USB: EHCI: OHCI: Remove unnecessary includes of reboot.h 2009-09-23 06:46:32 -07:00
oxu210hp.h USB: replace uses of __constant_{endian} 2009-03-24 16:20:33 -07:00
pci-quirks.c Revert "USB: Work around BIOS bugs by quiescing USB controllers earlier" 2009-10-11 15:57:57 -07:00
pci-quirks.h
r8a66597-hcd.c USB: r8a66597-hcd: fix cannot detect a device when uses_new_polling is set 2009-10-30 14:57:33 -07:00
r8a66597.h usb: move r8a66597 register defines 2009-07-23 13:04:10 +09:00
sl811-hcd.c USB: sl811-hcd: Fix device disconnect: 2009-09-23 06:46:16 -07:00
sl811.h
sl811_cs.c pcmcia: rework the irq_req_t typedef 2009-11-28 18:03:14 +01:00
u132-hcd.c
uhci-debug.c USB: uhci: don't use pseudo negative values 2009-03-24 16:20:36 -07:00
uhci-hcd.c debugfs: Modified default dir of debugfs for debugging UHCI. 2009-09-15 09:50:49 -07:00
uhci-hcd.h USB: replace uses of __constant_{endian} 2009-03-24 16:20:33 -07:00
uhci-hub.c
uhci-q.c USB: uhci: rm repeatedly evaluation for urbp->qh 2009-09-23 06:46:30 -07:00
xhci-dbg.c USB: xhci: Fix slot and endpoint context debugging. 2009-09-23 06:46:17 -07:00
xhci-ext-caps.h USB: xhci: Support xHCI host controllers and USB 3.0 devices. 2009-06-15 21:44:48 -07:00
xhci-hcd.c USB: xhci: Handle URB cancel, complete and resubmit race. 2009-12-11 11:55:17 -08:00
xhci-hub.c USB: xhci: Root hub support. 2009-06-15 21:44:48 -07:00
xhci-mem.c USB: xhci: Fix scratchpad deallocation. 2009-11-17 16:46:34 -08:00
xhci-pci.c USB: make urb scatter-gather support more generic 2009-12-11 11:55:14 -08:00
xhci-ring.c USB: xhci: Handle URB cancel, complete and resubmit race. 2009-12-11 11:55:17 -08:00
xhci.h USB: xhci: Handle URB cancel, complete and resubmit race. 2009-12-11 11:55:17 -08:00