Re: [V4.0.0-rc3] Xhci Regression: ERROR Transfer event TRB DMA ptr not part of current TD

From: Lu, Baolu
Date: Wed Mar 11 2015 - 03:05:05 EST

Next message: Konstantin Khlebnikov: "Re: [PATCH RFC v2 1/6] fs: vfs ioctls for managing project id"
Previous message: Ingo Molnar: "Re: [PATCH 3/3] mtrr, mm, x86: Enhance MTRR checks for KVA huge page mapping"
In reply to: Alan Stern: "Re: [V4.0.0-rc3] Xhci Regression: ERROR Transfer event TRB DMA ptr not part of current TD"
Next in thread: Alan Stern: "Re: [V4.0.0-rc3] Xhci Regression: ERROR Transfer event TRB DMA ptr not part of current TD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/11/2015 02:49 AM, Alan Stern wrote:

On Tue, 10 Mar 2015, Mathias Nyman wrote:

Mathias:

Your patch description says this:

The endpoint might already processesed some TRBs on the endpiont ring
before we soft reset the endpoint.
Make sure we set the dequeue pointer to where we were befere soft reset

However, if a driver tries to issue an endpoint reset while there are
still some URBs queued, it is a bug. Host controller drivers shouldn't
have to worry about this -- xhci_endpoint_reset() should simply return
an error if the endpoint ring isn't empty.

I suppose we should check for this in the USB core. I'll write a patch
and CC: you.

Alan Stern

It's possible that there's something in usb core as well,
but I think the following was what happened:

1. First a normal configure endpoint command is issued, it sets endpoint dequeue pointer
to xxx400 = start of ring segment
2. two urbs get queued -> two TDs put on endpoint ring.
3. xhci executes those, ring is in running (idle) state. sw dequeue at xxx430, No TDs queued.
Endpoint dequeue pointer is not written to the endpoint output context as the ring is still
in running state (even if idle, not advancing with no TDs queued) it still shows xxx400
4. -> something happends, xhci_endpoint_reset() is called, we do a new configure endpoint
to 'soft reset' the endpiont, but we copy the dequeue pointer from the old endpoint
output context to the configure endpoint input context, which re-initializes the old
dequeue xxx400 pointer to xhci hardware, and it starts executing the old TDs from the ring.

Is it possible to return an error message up to client driver? The client driver then decides
how to handle this kind of error. It, possibly, unlink all ongoing transfers and ask host driver
to soft reset this endpoint. When xhci_endpoint_reset is called, there should be no ongoing
transfers.

Thanks,
Baolu

Obviously that's bad.

But don't you have to stop the endpoint ring in order to configure it?
When you stop the ring, doesn't the controller store the correct
current value of the dequeue pointer somewhere?

5. xhci driver notices that we get events for old TRBs that do not belong to the TD the driver
thinks we should be handling

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konstantin Khlebnikov: "Re: [PATCH RFC v2 1/6] fs: vfs ioctls for managing project id"
Previous message: Ingo Molnar: "Re: [PATCH 3/3] mtrr, mm, x86: Enhance MTRR checks for KVA huge page mapping"
In reply to: Alan Stern: "Re: [V4.0.0-rc3] Xhci Regression: ERROR Transfer event TRB DMA ptr not part of current TD"
Next in thread: Alan Stern: "Re: [V4.0.0-rc3] Xhci Regression: ERROR Transfer event TRB DMA ptr not part of current TD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]