2017-11-03 11:28:30 +01:00
// SPDX-License-Identifier: GPL-1.0+
2005-04-16 15:20:36 -07:00
/*
2011-06-15 16:32:46 -04:00
* Open Host Controller Interface ( OHCI ) driver for USB .
*
* Maintainer : Alan Stern < stern @ rowland . harvard . edu >
2005-04-16 15:20:36 -07:00
*
* ( C ) Copyright 1999 Roman Weissgaerber < weissg @ vienna . at >
* ( C ) Copyright 2000 - 2004 David Brownell < dbrownell @ users . sourceforge . net >
2006-12-05 03:18:31 -08:00
*
2005-04-16 15:20:36 -07:00
* [ Initialisation is based on Linus ' ]
* [ uhci code and gregs ohci fragments ]
* [ ( C ) Copyright 1999 Linus Torvalds ]
* [ ( C ) Copyright 1999 Gregory P . Smith ]
2006-12-05 03:18:31 -08:00
*
*
2005-04-16 15:20:36 -07:00
* OHCI is the main " non-Intel/VIA " standard for USB 1.1 host controller
* interfaces ( though some non - x86 Intel chips use it ) . It supports
* smarter hardware than UHCI . A download link for the spec available
2020-07-13 11:23:14 +02:00
* through the https : //www.usb.org website.
2005-04-16 15:20:36 -07:00
*
* This file is licenced under the GPL .
*/
2006-12-05 03:18:31 -08:00
2005-04-16 15:20:36 -07:00
# include <linux/module.h>
# include <linux/moduleparam.h>
# include <linux/pci.h>
# include <linux/kernel.h>
# include <linux/delay.h>
# include <linux/ioport.h>
# include <linux/sched.h>
# include <linux/slab.h>
# include <linux/errno.h>
# include <linux/init.h>
# include <linux/timer.h>
# include <linux/list.h>
# include <linux/usb.h>
2006-06-29 12:27:23 -07:00
# include <linux/usb/otg.h>
2010-04-24 23:21:52 +02:00
# include <linux/usb/hcd.h>
2006-12-05 03:18:31 -08:00
# include <linux/dma-mapping.h>
2005-04-23 12:49:16 -07:00
# include <linux/dmapool.h>
2007-05-31 23:34:27 +02:00
# include <linux/workqueue.h>
2007-09-11 14:07:31 -07:00
# include <linux/debugfs.h>
2019-05-29 13:28:40 +03:00
# include <linux/genalloc.h>
2005-04-16 15:20:36 -07:00
# include <asm/io.h>
# include <asm/irq.h>
# include <asm/unaligned.h>
# include <asm/byteorder.h>
# define DRIVER_AUTHOR "Roman Weissgaerber, David Brownell"
# define DRIVER_DESC "USB 1.1 'Open' Host Controller (OHCI) Driver"
/*-------------------------------------------------------------------------*/
/* For initializing controller (mask in an HCFS mode too) */
2006-08-04 11:31:55 -07:00
# define OHCI_CONTROL_INIT OHCI_CTRL_CBSR
2005-04-16 15:20:36 -07:00
# define OHCI_INTR_INIT \
2006-08-04 11:31:55 -07:00
( OHCI_INTR_MIE | OHCI_INTR_RHSC | OHCI_INTR_UE \
| OHCI_INTR_RD | OHCI_INTR_WDH )
2005-04-16 15:20:36 -07:00
# ifdef __hppa__
/* On PA-RISC, PDC can leave IR set incorrectly; ignore it there. */
# define IR_DISABLE
# endif
# ifdef CONFIG_ARCH_OMAP
/* OMAP doesn't support IR (no SMM; not needed) */
# define IR_DISABLE
# endif
/*-------------------------------------------------------------------------*/
static const char hcd_name [ ] = " ohci_hcd " ;
2006-08-04 11:31:55 -07:00
# define STATECHANGE_DELAY msecs_to_jiffies(300)
2016-10-17 08:54:46 -04:00
# define IO_WATCHDOG_DELAY msecs_to_jiffies(275)
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
# define IO_WATCHDOG_OFF 0xffffff00
2006-08-04 11:31:55 -07:00
2005-04-16 15:20:36 -07:00
# include "ohci.h"
2011-03-01 14:57:05 +08:00
# include "pci-quirks.h"
2005-04-16 15:20:36 -07:00
2014-07-17 16:32:26 -04:00
static void ohci_dump ( struct ohci_hcd * ohci ) ;
static void ohci_stop ( struct usb_hcd * hcd ) ;
treewide: setup_timer() -> timer_setup()
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.
Casting from unsigned long:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
setup_timer(&ptr->my_timer, my_callback, ptr);
and forced object casts:
void my_callback(struct something *ptr)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, (unsigned long)ptr);
become:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
Direct function assignments:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
ptr->my_timer.function = my_callback;
have a temporary cast added, along with converting the args:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
ptr->my_timer.function = (TIMER_FUNC_TYPE)my_callback;
And finally, callbacks without a data assignment:
void my_callback(unsigned long data)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, 0);
have their argument renamed to verify they're unused during conversion:
void my_callback(struct timer_list *unused)
{
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
The conversion is done with the following Coccinelle script:
spatch --very-quiet --all-includes --include-headers \
-I ./arch/x86/include -I ./arch/x86/include/generated \
-I ./include -I ./arch/x86/include/uapi \
-I ./arch/x86/include/generated/uapi -I ./include/uapi \
-I ./include/generated/uapi --include ./include/linux/kconfig.h \
--dir . \
--cocci-file ~/src/data/timer_setup.cocci
@fix_address_of@
expression e;
@@
setup_timer(
-&(e)
+&e
, ...)
// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@
(
-setup_timer(&_E->_timer, NULL, _E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E->_timer, NULL, (_cast_data)_E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, &_E);
+timer_setup(&_E._timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, (_cast_data)&_E);
+timer_setup(&_E._timer, NULL, 0);
)
@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@
(
-setup_timer(&_E->_timer, _callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
_E->_timer@_stl.function = _callback;
|
_E->_timer@_stl.function = &_callback;
|
_E->_timer@_stl.function = (_cast_func)_callback;
|
_E->_timer@_stl.function = (_cast_func)&_callback;
|
_E._timer@_stl.function = _callback;
|
_E._timer@_stl.function = &_callback;
|
_E._timer@_stl.function = (_cast_func)_callback;
|
_E._timer@_stl.function = (_cast_func)&_callback;
)
// callback(unsigned long arg)
@change_callback_handle_cast
depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
(
... when != _origarg
_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
)
}
// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
depends on change_timer_function_usage &&
!change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
+ _handletype *_origarg = from_timer(_origarg, t, _timer);
+
... when != _origarg
- (_handletype *)_origarg
+ _origarg
... when != _origarg
}
// Avoid already converted callbacks.
@match_callback_converted
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@
void _callback(struct timer_list *t)
{ ... }
// callback(struct something *handle)
@change_callback_handle_arg
depends on change_timer_function_usage &&
!match_callback_converted &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@
void _callback(
-_handletype *_handle
+struct timer_list *t
)
{
+ _handletype *_handle = from_timer(_handle, t, _timer);
...
}
// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
depends on change_timer_function_usage &&
change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@
void _callback(struct timer_list *t)
{
- _handletype *_handle = from_timer(_handle, t, _timer);
}
// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg &&
!change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@
(
-timer_setup(&_E->_timer, _callback, 0);
+setup_timer(&_E->_timer, _callback, (_cast_data)_E);
|
-timer_setup(&_E._timer, _callback, 0);
+setup_timer(&_E._timer, _callback, (_cast_data)&_E);
)
// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@
(
_E->_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-&_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
)
// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@
_callback(
(
-(_cast_data)_E
+&_E->_timer
|
-(_cast_data)&_E
+&_E._timer
|
-_E
+&_E->_timer
)
)
// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@
(
-setup_timer(&_E->_timer, _callback, 0);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0L);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0UL);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0L);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0UL);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0L);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0UL);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)
@change_callback_unused_data
depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@
void _callback(
-_origtype _origarg
+struct timer_list *unused
)
{
... when != _origarg
}
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-10-16 14:43:17 -07:00
static void io_watchdog_func ( struct timer_list * t ) ;
2008-08-08 15:03:31 +08:00
2005-04-16 15:20:36 -07:00
# include "ohci-hub.c"
# include "ohci-dbg.c"
# include "ohci-mem.c"
# include "ohci-q.c"
/*
* On architectures with edge - triggered interrupts we must never return
* IRQ_NONE .
*/
# if defined(CONFIG_SA1111) /* ... or other edge-triggered systems */
# define IRQ_NOTMINE IRQ_HANDLED
# else
# define IRQ_NOTMINE IRQ_NONE
# endif
/* Some boards misreport power switching/overcurrent */
2020-09-11 09:25:12 +12:00
static bool distrust_firmware ;
2005-04-16 15:20:36 -07:00
module_param ( distrust_firmware , bool , 0 ) ;
MODULE_PARM_DESC ( distrust_firmware ,
" true to distrust firmware power/overcurrent setup " ) ;
/* Some boards leave IR set wrongly, since they fail BIOS/SMM handshakes */
2015-12-02 20:25:23 -03:00
static bool no_handshake ;
2005-04-16 15:20:36 -07:00
module_param ( no_handshake , bool , 0 ) ;
MODULE_PARM_DESC ( no_handshake , " true (not default) disables BIOS handshake " ) ;
/*-------------------------------------------------------------------------*/
2014-07-17 16:30:01 -04:00
static int number_of_tds ( struct urb * urb )
{
int len , i , num , this_sg_len ;
struct scatterlist * sg ;
len = urb - > transfer_buffer_length ;
i = urb - > num_mapped_sgs ;
if ( len > 0 & & i > 0 ) { /* Scatter-gather transfer */
num = 0 ;
sg = urb - > sg ;
for ( ; ; ) {
this_sg_len = min_t ( int , sg_dma_len ( sg ) , len ) ;
num + = DIV_ROUND_UP ( this_sg_len , 4096 ) ;
len - = this_sg_len ;
if ( - - i < = 0 | | len < = 0 )
break ;
sg = sg_next ( sg ) ;
}
} else { /* Non-SG transfer */
/* one TD for every 4096 Bytes (could be up to 8K) */
num = DIV_ROUND_UP ( len , 4096 ) ;
}
return num ;
}
2005-04-16 15:20:36 -07:00
/*
* queue up an urb for anything except the root hub
*/
static int ohci_urb_enqueue (
struct usb_hcd * hcd ,
struct urb * urb ,
2005-10-21 03:21:58 -04:00
gfp_t mem_flags
2005-04-16 15:20:36 -07:00
) {
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
struct ed * ed ;
urb_priv_t * urb_priv ;
unsigned int pipe = urb - > pipe ;
int i , size = 0 ;
unsigned long flags ;
int retval = 0 ;
2006-12-05 03:18:31 -08:00
2005-04-16 15:20:36 -07:00
/* every endpoint has a ed, locate and maybe (re)initialize it */
2015-04-30 11:33:00 +02:00
ed = ed_get ( ohci , urb - > ep , urb - > dev , pipe , urb - > interval ) ;
if ( ! ed )
2005-04-16 15:20:36 -07:00
return - ENOMEM ;
/* for the private part of the URB we need the number of TDs (size) */
switch ( ed - > type ) {
case PIPE_CONTROL :
/* td_submit_urb() doesn't yet handle these */
if ( urb - > transfer_buffer_length > 4096 )
return - EMSGSIZE ;
/* 1 TD for setup, 1 for ACK, plus ... */
size = 2 ;
2020-11-10 17:47:14 -08:00
fallthrough ;
2005-04-16 15:20:36 -07:00
// case PIPE_INTERRUPT:
// case PIPE_BULK:
default :
2014-07-17 16:30:01 -04:00
size + = number_of_tds ( urb ) ;
/* maybe a zero-length packet to wrap it up */
2005-04-16 15:20:36 -07:00
if ( size = = 0 )
size + + ;
else if ( ( urb - > transfer_flags & URB_ZERO_PACKET ) ! = 0
& & ( urb - > transfer_buffer_length
2022-03-17 12:55:11 +09:00
% usb_maxpacket ( urb - > dev , pipe ) ) = = 0 )
2005-04-16 15:20:36 -07:00
size + + ;
break ;
case PIPE_ISOCHRONOUS : /* number of packets from URB */
size = urb - > number_of_packets ;
break ;
}
/* allocate the private part of the URB */
2021-09-11 13:26:31 +02:00
urb_priv = kzalloc ( struct_size ( urb_priv , td , size ) , mem_flags ) ;
2005-04-16 15:20:36 -07:00
if ( ! urb_priv )
return - ENOMEM ;
INIT_LIST_HEAD ( & urb_priv - > pending ) ;
urb_priv - > length = size ;
2006-12-05 03:18:31 -08:00
urb_priv - > ed = ed ;
2005-04-16 15:20:36 -07:00
/* allocate the TDs (deferring hash chain updates) */
for ( i = 0 ; i < size ; i + + ) {
urb_priv - > td [ i ] = td_alloc ( ohci , mem_flags ) ;
if ( ! urb_priv - > td [ i ] ) {
urb_priv - > length = i ;
urb_free_priv ( ohci , urb_priv ) ;
return - ENOMEM ;
}
2006-12-05 03:18:31 -08:00
}
2005-04-16 15:20:36 -07:00
spin_lock_irqsave ( & ohci - > lock , flags ) ;
/* don't submit to a dead HC */
2010-06-22 16:39:10 -04:00
if ( ! HCD_HW_ACCESSIBLE ( hcd ) ) {
[PATCH] USB: Fix USB suspend/resume crasher (#2)
This patch closes the IRQ race and makes various other OHCI & EHCI code
path safer vs. suspend/resume.
I've been able to (finally !) successfully suspend and resume various
Mac models, with or without USB mouse plugged, or plugging while asleep,
or unplugging while asleep etc... all without a crash.
Alan, please verify the UHCI bit I did, I only verified that it builds.
It's very simple so I wouldn't expect any issue there. If you aren't
confident, then just drop the hunks that change uhci-hcd.c
I also made the patch a little bit more "safer" by making sure the store
to the interrupt register that disables interrupts is not posted before
I set the flag and drop the spinlock.
Without this patch, you cannot reliably sleep/wakeup any recent Mac, and
I suspect PCs have some more sneaky issues too (they don't frankly crash
with machine checks because x86 tend to silently swallow PCI errors but
that won't last afaik, at least PCI Express will blow up in those
situations, but the USB code may still misbehave).
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2005-11-25 09:59:46 +11:00
retval = - ENODEV ;
goto fail ;
}
2011-11-17 16:41:56 -05:00
if ( ohci - > rh_state ! = OHCI_RH_RUNNING ) {
2005-04-16 15:20:36 -07:00
retval = - ENODEV ;
goto fail ;
}
2007-08-08 11:48:02 -04:00
retval = usb_hcd_link_urb_to_ep ( hcd , urb ) ;
if ( retval )
2005-04-16 15:20:36 -07:00
goto fail ;
/* schedule the ed if needed */
if ( ed - > state = = ED_IDLE ) {
retval = ed_schedule ( ohci , ed ) ;
2007-08-08 11:48:02 -04:00
if ( retval < 0 ) {
usb_hcd_unlink_urb_from_ep ( hcd , urb ) ;
goto fail ;
}
2014-07-18 16:26:12 -04:00
/* Start up the I/O watchdog timer, if it's not running */
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
if ( ohci - > prev_frame_no = = IO_WATCHDOG_OFF & &
2017-03-20 09:11:49 +01:00
list_empty ( & ohci - > eds_in_use ) & &
! ( ohci - > flags & OHCI_QUIRK_QEMU ) ) {
2014-07-18 16:26:17 -04:00
ohci - > prev_frame_no = ohci_frame_no ( ohci ) ;
2014-07-18 16:26:12 -04:00
mod_timer ( & ohci - > io_watchdog ,
jiffies + IO_WATCHDOG_DELAY ) ;
2014-07-18 16:26:17 -04:00
}
2014-07-18 16:26:12 -04:00
list_add ( & ed - > in_use_list , & ohci - > eds_in_use ) ;
2005-04-16 15:20:36 -07:00
if ( ed - > type = = PIPE_ISOCHRONOUS ) {
u16 frame = ohci_frame_no ( ohci ) ;
/* delay a few frames before the first TD */
frame + = max_t ( u16 , 8 , ed - > interval ) ;
frame & = ~ ( ed - > interval - 1 ) ;
frame | = ed - > branch ;
urb - > start_frame = frame ;
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
ed - > last_iso = frame + ed - > interval * ( size - 1 ) ;
2012-10-01 10:32:15 -04:00
}
} else if ( ed - > type = = PIPE_ISOCHRONOUS ) {
2013-05-14 13:57:19 -04:00
u16 next = ohci_frame_no ( ohci ) + 1 ;
2012-10-01 10:32:15 -04:00
u16 frame = ed - > last_iso + ed - > interval ;
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
u16 length = ed - > interval * ( size - 1 ) ;
2012-10-01 10:32:15 -04:00
/* Behind the scheduling threshold? */
if ( unlikely ( tick_before ( frame , next ) ) ) {
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
/* URB_ISO_ASAP: Round up to the first available slot */
2013-05-14 13:57:51 -04:00
if ( urb - > transfer_flags & URB_ISO_ASAP ) {
2012-10-01 10:32:15 -04:00
frame + = ( next - frame + ed - > interval - 1 ) &
- ed - > interval ;
2005-04-16 15:20:36 -07:00
2012-10-01 10:32:15 -04:00
/*
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
* Not ASAP : Use the next slot in the stream ,
* no matter what .
2005-04-16 15:20:36 -07:00
*/
2013-05-14 13:57:51 -04:00
} else {
/*
* Some OHCI hardware doesn ' t handle late TDs
* correctly . After retiring them it proceeds
* to the next ED instead of the next TD .
* Therefore we have to omit the late TDs
* entirely .
*/
urb_priv - > td_cnt = DIV_ROUND_UP (
( u16 ) ( next - frame ) ,
ed - > interval ) ;
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
if ( urb_priv - > td_cnt > = urb_priv - > length ) {
+ + urb_priv - > td_cnt ; /* Mark it */
ohci_dbg ( ohci , " iso underrun %p (%u+%u < %u) \n " ,
urb , frame , length ,
next ) ;
}
2012-10-01 10:32:15 -04:00
}
2005-04-16 15:20:36 -07:00
}
2012-10-01 10:32:15 -04:00
urb - > start_frame = frame ;
USB: OHCI: accept very late isochronous URBs
Commit 24f531371de1 (USB: EHCI: accept very late isochronous URBs)
changed the isochronous API provided by ehci-hcd. URBs submitted too
late, so that the time slots for all their packets have already
expired, are no longer rejected outright. Instead the submission is
accepted, and the URB completes normally with a -EXDEV error for each
packet. This is what client drivers expect.
This patch implements the same policy in ohci-hcd. The change is more
complicated than it was in ehci-hcd, because ohci-hcd doesn't scan for
isochronous completions in the same way as ehci-hcd does. Rather, it
depends on the hardware adding completed TDs to a "done queue". Some
OHCI controller don't handle this properly when a TD's time slot has
already expired, so we have to avoid adding such TDs to the schedule
in the first place. As a result, if the URB was submitted too late
then none of its TDs will get put on the schedule, so none of them
will end up on the done queue, so the driver will never realize that
the URB should be completed.
To solve this problem, the patch adds one to urb_priv->td_cnt for such
URBs, making it larger than urb_priv->length (td_cnt already gets set
to the number of TD's that had to be skipped because their slots have
expired). Each time an URB is given back, the finish_urb() routine
looks to see if urb_priv->td_cnt for the next URB on the same endpoint
is marked in this way. If so, it gives back the next URB right away.
This should be applied to all kernels containing commit 815fa7b91761
(USB: OHCI: fix logic for scheduling isochronous URBs).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-09-24 15:46:45 -04:00
ed - > last_iso = frame + length ;
2012-10-01 10:32:15 -04:00
}
2005-04-16 15:20:36 -07:00
/* fill the TDs and link them to the ed; and
* enable that part of the schedule , if needed
* and update count of queued periodic urbs
*/
urb - > hcpriv = urb_priv ;
td_submit_urb ( ohci , urb ) ;
fail :
if ( retval )
urb_free_priv ( ohci , urb_priv ) ;
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
return retval ;
}
/*
2007-08-24 15:40:34 -04:00
* decouple the URB from the HC queues ( TDs , urb_priv ) .
* reporting is always done
2005-04-16 15:20:36 -07:00
* asynchronously , and we might be dealing with an urb that ' s
* partially transferred , or an ED with other urbs being unlinked .
*/
2007-08-08 11:48:02 -04:00
static int ohci_urb_dequeue ( struct usb_hcd * hcd , struct urb * urb , int status )
2005-04-16 15:20:36 -07:00
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
unsigned long flags ;
2007-08-08 11:48:02 -04:00
int rc ;
2014-07-18 16:25:49 -04:00
urb_priv_t * urb_priv ;
2006-12-05 03:18:31 -08:00
2005-04-16 15:20:36 -07:00
spin_lock_irqsave ( & ohci - > lock , flags ) ;
2007-08-08 11:48:02 -04:00
rc = usb_hcd_check_unlink_urb ( hcd , urb , status ) ;
2014-07-18 16:25:49 -04:00
if ( rc = = 0 ) {
2005-04-16 15:20:36 -07:00
/* Unless an IRQ completed the unlink while it was being
* handed to us , flag it for unlink and giveback , and force
* some upcoming INTR_SF to call finish_unlinks ( )
*/
urb_priv = urb - > hcpriv ;
2014-07-18 16:25:49 -04:00
if ( urb_priv - > ed - > state = = ED_OPER )
start_ed_unlink ( ohci , urb_priv - > ed ) ;
if ( ohci - > rh_state ! = OHCI_RH_RUNNING ) {
/* With HC dead, we can clean up right away */
2014-07-18 16:26:07 -04:00
ohci_work ( ohci ) ;
2005-04-16 15:20:36 -07:00
}
}
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
2007-08-08 11:48:02 -04:00
return rc ;
2005-04-16 15:20:36 -07:00
}
/*-------------------------------------------------------------------------*/
/* frees config/altsetting state for endpoints,
* including ED memory , dummy TD , and bulk / intr data toggle
*/
static void
ohci_endpoint_disable ( struct usb_hcd * hcd , struct usb_host_endpoint * ep )
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
unsigned long flags ;
struct ed * ed = ep - > hcpriv ;
unsigned limit = 1000 ;
/* ASSERT: any requests/urbs are being unlinked */
/* ASSERT: nobody can be submitting urbs for this any more */
if ( ! ed )
return ;
rescan :
spin_lock_irqsave ( & ohci - > lock , flags ) ;
2011-11-17 16:41:56 -05:00
if ( ohci - > rh_state ! = OHCI_RH_RUNNING ) {
2005-04-16 15:20:36 -07:00
sanitize :
ed - > state = ED_IDLE ;
2014-07-18 16:26:07 -04:00
ohci_work ( ohci ) ;
2005-04-16 15:20:36 -07:00
}
switch ( ed - > state ) {
case ED_UNLINK : /* wait for hw to finish? */
/* major IRQ delivery trouble loses INTR_SF too... */
if ( limit - - = = 0 ) {
2007-08-01 13:24:30 -07:00
ohci_warn ( ohci , " ED unlink timeout \n " ) ;
2005-04-16 15:20:36 -07:00
goto sanitize ;
}
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
2005-08-15 11:30:11 -07:00
schedule_timeout_uninterruptible ( 1 ) ;
2005-04-16 15:20:36 -07:00
goto rescan ;
case ED_IDLE : /* fully unlinked */
if ( list_empty ( & ed - > td_list ) ) {
td_free ( ohci , ed - > dummy ) ;
ed_free ( ohci , ed ) ;
break ;
}
2020-07-07 14:53:51 -05:00
fallthrough ;
2005-04-16 15:20:36 -07:00
default :
/* caller was supposed to have unlinked any requests;
* that ' s not our job . can ' t recover ; must leak ed .
*/
ohci_err ( ohci , " leak ed %p (#%02x) state %d%s \n " ,
ed , ep - > desc . bEndpointAddress , ed - > state ,
list_empty ( & ed - > td_list ) ? " " : " (has tds) " ) ;
td_free ( ohci , ed - > dummy ) ;
break ;
}
ep - > hcpriv = NULL ;
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
}
static int ohci_get_frame ( struct usb_hcd * hcd )
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
return ohci_frame_no ( ohci ) ;
}
static void ohci_usb_reset ( struct ohci_hcd * ohci )
{
ohci - > hc_control = ohci_readl ( ohci , & ohci - > regs - > control ) ;
ohci - > hc_control & = OHCI_CTRL_RWC ;
ohci_writel ( ohci , ohci - > hc_control , & ohci - > regs - > control ) ;
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2005-04-16 15:20:36 -07:00
}
USB: Properly unregister reboot notifier in case of failure in ehci hcd
If some problem occurs during ehci startup, for instance, request_irq fails,
echi hcd driver tries it best to cleanup, but fails to unregister reboot
notifier, which in turn leads to crash on reboot/poweroff.
The following patch resolves this problem by not using reboot notifiers
anymore, but instead making ehci/ohci driver get its own shutdown method. For
PCI, it is done through pci glue, for everything else through platform driver
glue.
One downside: sa1111 does not use platform driver stuff, and does not have its
own shutdown hook, so no 'shutdown' is called for it now. I'm not sure if it
is really necessary on that platform, though.
Signed-off-by: Aleks Gorelov <dared1st@yahoo.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-08-08 17:24:08 -07:00
/* ohci_shutdown forcibly disables IRQs and DMA, helping kexec and
2005-04-23 12:49:16 -07:00
* other cases where the next software may expect clean state from the
* " firmware " . this is bus - neutral , unlike shutdown ( ) methods .
*/
2019-08-27 12:51:50 +09:00
static void _ohci_shutdown ( struct usb_hcd * hcd )
2005-04-23 12:49:16 -07:00
{
struct ohci_hcd * ohci ;
USB: Properly unregister reboot notifier in case of failure in ehci hcd
If some problem occurs during ehci startup, for instance, request_irq fails,
echi hcd driver tries it best to cleanup, but fails to unregister reboot
notifier, which in turn leads to crash on reboot/poweroff.
The following patch resolves this problem by not using reboot notifiers
anymore, but instead making ehci/ohci driver get its own shutdown method. For
PCI, it is done through pci glue, for everything else through platform driver
glue.
One downside: sa1111 does not use platform driver stuff, and does not have its
own shutdown hook, so no 'shutdown' is called for it now. I'm not sure if it
is really necessary on that platform, though.
Signed-off-by: Aleks Gorelov <dared1st@yahoo.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-08-08 17:24:08 -07:00
ohci = hcd_to_ohci ( hcd ) ;
2011-11-17 16:41:45 -05:00
ohci_writel ( ohci , ( u32 ) ~ 0 , & ohci - > regs - > intrdisable ) ;
2010-09-10 16:37:05 -04:00
2011-11-17 16:41:45 -05:00
/* Software reset, after which the controller goes into SUSPEND */
ohci_writel ( ohci , OHCI_HCR , & ohci - > regs - > cmdstatus ) ;
ohci_readl ( ohci , & ohci - > regs - > cmdstatus ) ; /* flush the writes */
udelay ( 10 ) ;
2010-09-10 16:37:05 -04:00
2011-11-17 16:41:45 -05:00
ohci_writel ( ohci , ohci - > fminterval , & ohci - > regs - > fminterval ) ;
2014-07-18 16:26:12 -04:00
ohci - > rh_state = OHCI_RH_HALTED ;
2005-04-23 12:49:16 -07:00
}
2019-08-27 12:51:50 +09:00
static void ohci_shutdown ( struct usb_hcd * hcd )
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
unsigned long flags ;
spin_lock_irqsave ( & ohci - > lock , flags ) ;
_ohci_shutdown ( hcd ) ;
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
}
2005-04-16 15:20:36 -07:00
/*-------------------------------------------------------------------------*
* HC functions
* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
/* init memory, and kick BIOS/SMM off */
static int ohci_init ( struct ohci_hcd * ohci )
{
int ret ;
2006-01-23 15:28:07 -08:00
struct usb_hcd * hcd = ohci_to_hcd ( ohci ) ;
2005-04-16 15:20:36 -07:00
2014-07-17 16:30:01 -04:00
/* Accept arbitrarily long scatter-gather lists */
2019-05-29 13:28:43 +03:00
if ( ! hcd - > localmem_pool )
2018-03-09 18:34:34 +01:00
hcd - > self . sg_tablesize = ~ 0 ;
2014-07-17 16:30:01 -04:00
2008-07-06 23:35:01 +04:00
if ( distrust_firmware )
ohci - > flags | = OHCI_QUIRK_HUB_POWER ;
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2006-01-23 15:28:07 -08:00
ohci - > regs = hcd - > regs ;
2005-04-16 15:20:36 -07:00
2006-01-23 15:28:07 -08:00
/* REVISIT this BIOS handshake is now moved into PCI "quirks", and
* was never needed for most non - PCI systems . . . remove the code ?
*/
2005-04-16 15:20:36 -07:00
# ifndef IR_DISABLE
/* SMM owns the HC? not for long! */
if ( ! no_handshake & & ohci_readl ( ohci ,
& ohci - > regs - > control ) & OHCI_CTRL_IR ) {
u32 temp ;
ohci_dbg ( ohci , " USB HC TakeOver from BIOS/SMM \n " ) ;
/* this timeout is arbitrary. we make it long, so systems
* depending on usb keyboards may be usable even if the
* BIOS / SMM code seems pretty broken .
*/
temp = 500 ; /* arbitrary: five seconds */
ohci_writel ( ohci , OHCI_INTR_OC , & ohci - > regs - > intrenable ) ;
ohci_writel ( ohci , OHCI_OCR , & ohci - > regs - > cmdstatus ) ;
while ( ohci_readl ( ohci , & ohci - > regs - > control ) & OHCI_CTRL_IR ) {
msleep ( 10 ) ;
if ( - - temp = = 0 ) {
ohci_err ( ohci , " USB HC takeover failed! "
" (BIOS/SMM bug) \n " ) ;
return - EBUSY ;
}
}
ohci_usb_reset ( ohci ) ;
}
# endif
/* Disable HC interrupts */
ohci_writel ( ohci , OHCI_INTR_MIE , & ohci - > regs - > intrdisable ) ;
2006-01-23 15:28:07 -08:00
/* flush the writes, and save key bits like RWC */
if ( ohci_readl ( ohci , & ohci - > regs - > control ) & OHCI_CTRL_RWC )
ohci - > hc_control | = OHCI_CTRL_RWC ;
2005-04-16 15:20:36 -07:00
2005-08-31 11:52:57 -07:00
/* Read the number of ports unless overridden */
if ( ohci - > num_ports = = 0 )
ohci - > num_ports = roothub_a ( ohci ) & RH_A_NDP ;
2005-04-16 15:20:36 -07:00
if ( ohci - > hcca )
return 0 ;
treewide: setup_timer() -> timer_setup()
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.
Casting from unsigned long:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
setup_timer(&ptr->my_timer, my_callback, ptr);
and forced object casts:
void my_callback(struct something *ptr)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, (unsigned long)ptr);
become:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
Direct function assignments:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
ptr->my_timer.function = my_callback;
have a temporary cast added, along with converting the args:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
ptr->my_timer.function = (TIMER_FUNC_TYPE)my_callback;
And finally, callbacks without a data assignment:
void my_callback(unsigned long data)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, 0);
have their argument renamed to verify they're unused during conversion:
void my_callback(struct timer_list *unused)
{
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
The conversion is done with the following Coccinelle script:
spatch --very-quiet --all-includes --include-headers \
-I ./arch/x86/include -I ./arch/x86/include/generated \
-I ./include -I ./arch/x86/include/uapi \
-I ./arch/x86/include/generated/uapi -I ./include/uapi \
-I ./include/generated/uapi --include ./include/linux/kconfig.h \
--dir . \
--cocci-file ~/src/data/timer_setup.cocci
@fix_address_of@
expression e;
@@
setup_timer(
-&(e)
+&e
, ...)
// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@
(
-setup_timer(&_E->_timer, NULL, _E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E->_timer, NULL, (_cast_data)_E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, &_E);
+timer_setup(&_E._timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, (_cast_data)&_E);
+timer_setup(&_E._timer, NULL, 0);
)
@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@
(
-setup_timer(&_E->_timer, _callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
_E->_timer@_stl.function = _callback;
|
_E->_timer@_stl.function = &_callback;
|
_E->_timer@_stl.function = (_cast_func)_callback;
|
_E->_timer@_stl.function = (_cast_func)&_callback;
|
_E._timer@_stl.function = _callback;
|
_E._timer@_stl.function = &_callback;
|
_E._timer@_stl.function = (_cast_func)_callback;
|
_E._timer@_stl.function = (_cast_func)&_callback;
)
// callback(unsigned long arg)
@change_callback_handle_cast
depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
(
... when != _origarg
_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
)
}
// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
depends on change_timer_function_usage &&
!change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
+ _handletype *_origarg = from_timer(_origarg, t, _timer);
+
... when != _origarg
- (_handletype *)_origarg
+ _origarg
... when != _origarg
}
// Avoid already converted callbacks.
@match_callback_converted
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@
void _callback(struct timer_list *t)
{ ... }
// callback(struct something *handle)
@change_callback_handle_arg
depends on change_timer_function_usage &&
!match_callback_converted &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@
void _callback(
-_handletype *_handle
+struct timer_list *t
)
{
+ _handletype *_handle = from_timer(_handle, t, _timer);
...
}
// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
depends on change_timer_function_usage &&
change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@
void _callback(struct timer_list *t)
{
- _handletype *_handle = from_timer(_handle, t, _timer);
}
// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg &&
!change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@
(
-timer_setup(&_E->_timer, _callback, 0);
+setup_timer(&_E->_timer, _callback, (_cast_data)_E);
|
-timer_setup(&_E._timer, _callback, 0);
+setup_timer(&_E._timer, _callback, (_cast_data)&_E);
)
// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@
(
_E->_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-&_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
)
// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@
_callback(
(
-(_cast_data)_E
+&_E->_timer
|
-(_cast_data)&_E
+&_E._timer
|
-_E
+&_E->_timer
)
)
// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@
(
-setup_timer(&_E->_timer, _callback, 0);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0L);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0UL);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0L);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0UL);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0L);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0UL);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)
@change_callback_unused_data
depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@
void _callback(
-_origtype _origarg
+struct timer_list *unused
)
{
... when != _origarg
}
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-10-16 14:43:17 -07:00
timer_setup ( & ohci - > io_watchdog , io_watchdog_func , 0 ) ;
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
ohci - > prev_frame_no = IO_WATCHDOG_OFF ;
2014-07-18 16:26:12 -04:00
2019-05-29 13:28:40 +03:00
if ( hcd - > localmem_pool )
usb: host: Fix excessive alignment restriction for local memory allocations
The PAGE_SHIFT alignment restriction to devm_gen_pool_create() quickly
exhaust local memory because most allocations are much smaller than
PAGE_SIZE. This causes USB device failures such as
usb 1-2.1: reset full-speed USB device number 4 using sm501-usb
sd 1:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x03 driverbyte=0x00
sd 1:0:0:0: [sda] tag#0 CDB: opcode=0x28 28 00 00 00 08 7c 00 00 f0 00
print_req_error: I/O error, dev sda, sector 2172 flags 80700
when trying to boot from the SM501 USB controller on SH4 with QEMU.
Align allocations as required but not necessarily much more than that.
The HCCA, TD and ED structures align with 256, 32 and 16 byte memory
boundaries, as specified by the Open HCI[1]. The min_alloc_order argument
to devm_gen_pool_create is now somewhat arbitrarily set to 4 (16 bytes).
Perhaps it could be somewhat lower for general buffer allocations.
Reference:
[1] "Open Host Controller Interface Specification for USB",
release 1.0a, Compaq, Microsoft, National Semiconductor, 1999,
pp. 16, 19, 33.
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Fredrik Noring <noring@nocrew.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-06-25 17:08:23 +02:00
ohci - > hcca = gen_pool_dma_alloc_align ( hcd - > localmem_pool ,
2019-05-29 13:28:40 +03:00
sizeof ( * ohci - > hcca ) ,
usb: host: Fix excessive alignment restriction for local memory allocations
The PAGE_SHIFT alignment restriction to devm_gen_pool_create() quickly
exhaust local memory because most allocations are much smaller than
PAGE_SIZE. This causes USB device failures such as
usb 1-2.1: reset full-speed USB device number 4 using sm501-usb
sd 1:0:0:0: [sda] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x03 driverbyte=0x00
sd 1:0:0:0: [sda] tag#0 CDB: opcode=0x28 28 00 00 00 08 7c 00 00 f0 00
print_req_error: I/O error, dev sda, sector 2172 flags 80700
when trying to boot from the SM501 USB controller on SH4 with QEMU.
Align allocations as required but not necessarily much more than that.
The HCCA, TD and ED structures align with 256, 32 and 16 byte memory
boundaries, as specified by the Open HCI[1]. The min_alloc_order argument
to devm_gen_pool_create is now somewhat arbitrarily set to 4 (16 bytes).
Perhaps it could be somewhat lower for general buffer allocations.
Reference:
[1] "Open Host Controller Interface Specification for USB",
release 1.0a, Compaq, Microsoft, National Semiconductor, 1999,
pp. 16, 19, 33.
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Fredrik Noring <noring@nocrew.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Christoph Hellwig <hch@lst.de>
2019-06-25 17:08:23 +02:00
& ohci - > hcca_dma , 256 ) ;
2019-05-29 13:28:40 +03:00
else
ohci - > hcca = dma_alloc_coherent ( hcd - > self . controller ,
sizeof ( * ohci - > hcca ) ,
& ohci - > hcca_dma ,
GFP_KERNEL ) ;
2005-04-16 15:20:36 -07:00
if ( ! ohci - > hcca )
return - ENOMEM ;
if ( ( ret = ohci_mem_init ( ohci ) ) < 0 )
2006-01-23 15:28:07 -08:00
ohci_stop ( hcd ) ;
else {
create_debug_files ( ohci ) ;
}
2005-04-16 15:20:36 -07:00
return ret ;
}
/*-------------------------------------------------------------------------*/
/* Start an OHCI controller, set the BUS operational
* resets USB and controller
2006-12-05 03:18:31 -08:00
* enable interrupts
2005-04-16 15:20:36 -07:00
*/
static int ohci_run ( struct ohci_hcd * ohci )
{
2009-04-22 16:18:59 -04:00
u32 mask , val ;
2005-04-16 15:20:36 -07:00
int first = ohci - > fminterval = = 0 ;
2006-01-23 15:28:07 -08:00
struct usb_hcd * hcd = ohci_to_hcd ( ohci ) ;
2005-04-16 15:20:36 -07:00
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2005-04-16 15:20:36 -07:00
/* boot firmware should have set this up (5.1.1.3.1) */
if ( first ) {
2009-04-22 16:18:59 -04:00
val = ohci_readl ( ohci , & ohci - > regs - > fminterval ) ;
ohci - > fminterval = val & 0x3fff ;
2005-04-16 15:20:36 -07:00
if ( ohci - > fminterval ! = FI )
ohci_dbg ( ohci , " fminterval delta %d \n " ,
ohci - > fminterval - FI ) ;
ohci - > fminterval | = FSMP ( ohci - > fminterval ) < < 16 ;
/* also: power/overcurrent flags in roothub.a */
}
2008-12-17 17:20:38 -05:00
/* Reset USB nearly "by the book". RemoteWakeupConnected has
* to be checked in case boot firmware ( BIOS / SMM / . . . ) has set up
* wakeup in a way the bus isn ' t aware of ( e . g . , legacy PCI PM ) .
* If the bus glue detected wakeup capability then it should
2009-01-13 11:35:54 -05:00
* already be enabled ; if so we ' ll just enable it again .
2005-04-16 15:20:36 -07:00
*/
2009-01-13 11:35:54 -05:00
if ( ( ohci - > hc_control & OHCI_CTRL_RWC ) ! = 0 )
device_set_wakeup_capable ( hcd - > self . controller , 1 ) ;
2005-04-16 15:20:36 -07:00
switch ( ohci - > hc_control & OHCI_CTRL_HCFS ) {
case OHCI_USB_OPER :
2009-04-22 16:18:59 -04:00
val = 0 ;
2005-04-16 15:20:36 -07:00
break ;
case OHCI_USB_SUSPEND :
case OHCI_USB_RESUME :
ohci - > hc_control & = OHCI_CTRL_RWC ;
ohci - > hc_control | = OHCI_USB_RESUME ;
2009-04-22 16:18:59 -04:00
val = 10 /* msec wait */ ;
2005-04-16 15:20:36 -07:00
break ;
// case OHCI_USB_RESET:
default :
ohci - > hc_control & = OHCI_CTRL_RWC ;
ohci - > hc_control | = OHCI_USB_RESET ;
2009-04-22 16:18:59 -04:00
val = 50 /* msec wait */ ;
2005-04-16 15:20:36 -07:00
break ;
}
ohci_writel ( ohci , ohci - > hc_control , & ohci - > regs - > control ) ;
// flush the writes
( void ) ohci_readl ( ohci , & ohci - > regs - > control ) ;
2009-04-22 16:18:59 -04:00
msleep ( val ) ;
2007-05-04 11:52:40 -04:00
2005-04-16 15:20:36 -07:00
memset ( ohci - > hcca , 0 , sizeof ( struct ohci_hcca ) ) ;
/* 2msec timelimit here means no irqs/preempt */
spin_lock_irq ( & ohci - > lock ) ;
retry :
/* HC Reset requires max 10 us delay */
ohci_writel ( ohci , OHCI_HCR , & ohci - > regs - > cmdstatus ) ;
2009-04-22 16:18:59 -04:00
val = 30 ; /* ... allow extra time */
2005-04-16 15:20:36 -07:00
while ( ( ohci_readl ( ohci , & ohci - > regs - > cmdstatus ) & OHCI_HCR ) ! = 0 ) {
2009-04-22 16:18:59 -04:00
if ( - - val = = 0 ) {
2005-04-16 15:20:36 -07:00
spin_unlock_irq ( & ohci - > lock ) ;
ohci_err ( ohci , " USB HC reset timed out! \n " ) ;
return - 1 ;
}
udelay ( 1 ) ;
}
/* now we're in the SUSPEND state ... must go OPERATIONAL
* within 2 msec else HC enters RESUME
*
* . . . but some hardware won ' t init fmInterval " by the book "
* ( SiS , OPTi . . . ) , so reset again instead . SiS doesn ' t need
* this if we write fmInterval after we ' re OPERATIONAL .
* Unclear about ALi , ServerWorks , and others . . . this could
* easily be a longstanding bug in chip init on Linux .
*/
if ( ohci - > flags & OHCI_QUIRK_INITRESET ) {
ohci_writel ( ohci , ohci - > hc_control , & ohci - > regs - > control ) ;
// flush those writes
( void ) ohci_readl ( ohci , & ohci - > regs - > control ) ;
}
/* Tell the controller where the control and bulk lists are
* The lists are empty now . */
ohci_writel ( ohci , 0 , & ohci - > regs - > ed_controlhead ) ;
ohci_writel ( ohci , 0 , & ohci - > regs - > ed_bulkhead ) ;
/* a reset clears this */
ohci_writel ( ohci , ( u32 ) ohci - > hcca_dma , & ohci - > regs - > hcca ) ;
periodic_reinit ( ohci ) ;
/* some OHCI implementations are finicky about how they init.
* bogus values here mean not even enumeration could work .
*/
if ( ( ohci_readl ( ohci , & ohci - > regs - > fminterval ) & 0x3fff0000 ) = = 0
| | ! ohci_readl ( ohci , & ohci - > regs - > periodicstart ) ) {
if ( ! ( ohci - > flags & OHCI_QUIRK_INITRESET ) ) {
ohci - > flags | = OHCI_QUIRK_INITRESET ;
ohci_dbg ( ohci , " enabling initreset quirk \n " ) ;
goto retry ;
}
spin_unlock_irq ( & ohci - > lock ) ;
ohci_err ( ohci , " init err (%08x %04x) \n " ,
ohci_readl ( ohci , & ohci - > regs - > fminterval ) ,
ohci_readl ( ohci , & ohci - > regs - > periodicstart ) ) ;
return - EOVERFLOW ;
}
2014-09-19 17:32:23 +02:00
/* use rhsc irqs after hub_wq is allocated */
2010-06-22 16:39:10 -04:00
set_bit ( HCD_FLAG_POLL_RH , & hcd - > flags ) ;
2006-08-04 11:31:55 -07:00
hcd - > uses_new_polling = 1 ;
/* start controller operations */
2005-04-16 15:20:36 -07:00
ohci - > hc_control & = OHCI_CTRL_RWC ;
2006-08-04 11:31:55 -07:00
ohci - > hc_control | = OHCI_CONTROL_INIT | OHCI_USB_OPER ;
ohci_writel ( ohci , ohci - > hc_control , & ohci - > regs - > control ) ;
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_RUNNING ;
2005-04-16 15:20:36 -07:00
/* wake on ConnectStatusChange, matching external hubs */
ohci_writel ( ohci , RH_HS_DRWE , & ohci - > regs - > roothub . status ) ;
/* Choose the interrupts we care about now, others later on demand */
mask = OHCI_INTR_INIT ;
2006-08-04 11:31:55 -07:00
ohci_writel ( ohci , ~ 0 , & ohci - > regs - > intrstatus ) ;
2005-04-16 15:20:36 -07:00
ohci_writel ( ohci , mask , & ohci - > regs - > intrenable ) ;
/* handle root hub init quirks ... */
2009-04-22 16:18:59 -04:00
val = roothub_a ( ohci ) ;
2020-09-11 09:25:11 +12:00
/* Configure for per-port over-current protection by default */
val & = ~ RH_A_NOCP ;
val | = RH_A_OCPM ;
2005-04-16 15:20:36 -07:00
if ( ohci - > flags & OHCI_QUIRK_SUPERIO ) {
2020-09-11 09:25:11 +12:00
/* NSC 87560 and maybe others.
* Ganged power switching , no over - current protection .
*/
2009-04-22 16:18:59 -04:00
val | = RH_A_NOCP ;
2020-09-11 09:25:11 +12:00
val & = ~ ( RH_A_POTPGT | RH_A_NPS | RH_A_PSM | RH_A_OCPM ) ;
2008-07-06 23:35:01 +04:00
} else if ( ( ohci - > flags & OHCI_QUIRK_AMD756 ) | |
( ohci - > flags & OHCI_QUIRK_HUB_POWER ) ) {
2005-04-16 15:20:36 -07:00
/* hub power always on; required for AMD-756 and some
2020-09-11 09:25:11 +12:00
* Mac platforms .
2005-04-16 15:20:36 -07:00
*/
2009-04-22 16:18:59 -04:00
val | = RH_A_NPS ;
2005-04-16 15:20:36 -07:00
}
2020-09-11 09:25:11 +12:00
ohci_writel ( ohci , val , & ohci - > regs - > roothub . a ) ;
2005-04-16 15:20:36 -07:00
ohci_writel ( ohci , RH_HS_LPSC , & ohci - > regs - > roothub . status ) ;
2009-04-22 16:18:59 -04:00
ohci_writel ( ohci , ( val & RH_A_NPS ) ? 0 : RH_B_PPCM ,
2005-04-16 15:20:36 -07:00
& ohci - > regs - > roothub . b ) ;
// flush those writes
( void ) ohci_readl ( ohci , & ohci - > regs - > control ) ;
2006-08-04 11:31:55 -07:00
ohci - > next_statechange = jiffies + STATECHANGE_DELAY ;
2005-04-16 15:20:36 -07:00
spin_unlock_irq ( & ohci - > lock ) ;
// POTPGT delay is bits 24-31, in 2 ms units.
2009-04-22 16:18:59 -04:00
mdelay ( ( val > > 23 ) & 0x1fe ) ;
2005-04-16 15:20:36 -07:00
2014-07-17 16:32:26 -04:00
ohci_dump ( ohci ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
2013-05-28 18:34:49 +05:30
/* ohci_setup routine for generic controller initialization */
int ohci_setup ( struct usb_hcd * hcd )
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
ohci_hcd_init ( ohci ) ;
return ohci_init ( ohci ) ;
}
EXPORT_SYMBOL_GPL ( ohci_setup ) ;
/* ohci_start routine for generic controller start of all OHCI bus glue */
static int ohci_start ( struct usb_hcd * hcd )
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
int ret ;
ret = ohci_run ( ohci ) ;
if ( ret < 0 ) {
ohci_err ( ohci , " can't start \n " ) ;
ohci_stop ( hcd ) ;
}
return ret ;
}
2005-04-16 15:20:36 -07:00
/*-------------------------------------------------------------------------*/
2014-07-18 16:26:12 -04:00
/*
* Some OHCI controllers are known to lose track of completed TDs . They
* don ' t add the TDs to the hardware done queue , which means we never see
* them as being completed .
*
* This watchdog routine checks for such problems . Without some way to
* tell when those TDs have completed , we would never take their EDs off
* the unlink list . As a result , URBs could never be dequeued and
* endpoints could never be released .
*/
treewide: setup_timer() -> timer_setup()
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.
Casting from unsigned long:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
setup_timer(&ptr->my_timer, my_callback, ptr);
and forced object casts:
void my_callback(struct something *ptr)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, (unsigned long)ptr);
become:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
Direct function assignments:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
ptr->my_timer.function = my_callback;
have a temporary cast added, along with converting the args:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
ptr->my_timer.function = (TIMER_FUNC_TYPE)my_callback;
And finally, callbacks without a data assignment:
void my_callback(unsigned long data)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, 0);
have their argument renamed to verify they're unused during conversion:
void my_callback(struct timer_list *unused)
{
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
The conversion is done with the following Coccinelle script:
spatch --very-quiet --all-includes --include-headers \
-I ./arch/x86/include -I ./arch/x86/include/generated \
-I ./include -I ./arch/x86/include/uapi \
-I ./arch/x86/include/generated/uapi -I ./include/uapi \
-I ./include/generated/uapi --include ./include/linux/kconfig.h \
--dir . \
--cocci-file ~/src/data/timer_setup.cocci
@fix_address_of@
expression e;
@@
setup_timer(
-&(e)
+&e
, ...)
// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@
(
-setup_timer(&_E->_timer, NULL, _E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E->_timer, NULL, (_cast_data)_E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, &_E);
+timer_setup(&_E._timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, (_cast_data)&_E);
+timer_setup(&_E._timer, NULL, 0);
)
@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@
(
-setup_timer(&_E->_timer, _callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
_E->_timer@_stl.function = _callback;
|
_E->_timer@_stl.function = &_callback;
|
_E->_timer@_stl.function = (_cast_func)_callback;
|
_E->_timer@_stl.function = (_cast_func)&_callback;
|
_E._timer@_stl.function = _callback;
|
_E._timer@_stl.function = &_callback;
|
_E._timer@_stl.function = (_cast_func)_callback;
|
_E._timer@_stl.function = (_cast_func)&_callback;
)
// callback(unsigned long arg)
@change_callback_handle_cast
depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
(
... when != _origarg
_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
)
}
// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
depends on change_timer_function_usage &&
!change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
+ _handletype *_origarg = from_timer(_origarg, t, _timer);
+
... when != _origarg
- (_handletype *)_origarg
+ _origarg
... when != _origarg
}
// Avoid already converted callbacks.
@match_callback_converted
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@
void _callback(struct timer_list *t)
{ ... }
// callback(struct something *handle)
@change_callback_handle_arg
depends on change_timer_function_usage &&
!match_callback_converted &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@
void _callback(
-_handletype *_handle
+struct timer_list *t
)
{
+ _handletype *_handle = from_timer(_handle, t, _timer);
...
}
// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
depends on change_timer_function_usage &&
change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@
void _callback(struct timer_list *t)
{
- _handletype *_handle = from_timer(_handle, t, _timer);
}
// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg &&
!change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@
(
-timer_setup(&_E->_timer, _callback, 0);
+setup_timer(&_E->_timer, _callback, (_cast_data)_E);
|
-timer_setup(&_E._timer, _callback, 0);
+setup_timer(&_E._timer, _callback, (_cast_data)&_E);
)
// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@
(
_E->_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-&_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
)
// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@
_callback(
(
-(_cast_data)_E
+&_E->_timer
|
-(_cast_data)&_E
+&_E._timer
|
-_E
+&_E->_timer
)
)
// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@
(
-setup_timer(&_E->_timer, _callback, 0);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0L);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0UL);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0L);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0UL);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0L);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0UL);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)
@change_callback_unused_data
depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@
void _callback(
-_origtype _origarg
+struct timer_list *unused
)
{
... when != _origarg
}
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-10-16 14:43:17 -07:00
static void io_watchdog_func ( struct timer_list * t )
2014-07-18 16:26:12 -04:00
{
treewide: setup_timer() -> timer_setup()
This converts all remaining cases of the old setup_timer() API into using
timer_setup(), where the callback argument is the structure already
holding the struct timer_list. These should have no behavioral changes,
since they just change which pointer is passed into the callback with
the same available pointers after conversion. It handles the following
examples, in addition to some other variations.
Casting from unsigned long:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
setup_timer(&ptr->my_timer, my_callback, ptr);
and forced object casts:
void my_callback(struct something *ptr)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, (unsigned long)ptr);
become:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
Direct function assignments:
void my_callback(unsigned long data)
{
struct something *ptr = (struct something *)data;
...
}
...
ptr->my_timer.function = my_callback;
have a temporary cast added, along with converting the args:
void my_callback(struct timer_list *t)
{
struct something *ptr = from_timer(ptr, t, my_timer);
...
}
...
ptr->my_timer.function = (TIMER_FUNC_TYPE)my_callback;
And finally, callbacks without a data assignment:
void my_callback(unsigned long data)
{
...
}
...
setup_timer(&ptr->my_timer, my_callback, 0);
have their argument renamed to verify they're unused during conversion:
void my_callback(struct timer_list *unused)
{
...
}
...
timer_setup(&ptr->my_timer, my_callback, 0);
The conversion is done with the following Coccinelle script:
spatch --very-quiet --all-includes --include-headers \
-I ./arch/x86/include -I ./arch/x86/include/generated \
-I ./include -I ./arch/x86/include/uapi \
-I ./arch/x86/include/generated/uapi -I ./include/uapi \
-I ./include/generated/uapi --include ./include/linux/kconfig.h \
--dir . \
--cocci-file ~/src/data/timer_setup.cocci
@fix_address_of@
expression e;
@@
setup_timer(
-&(e)
+&e
, ...)
// Update any raw setup_timer() usages that have a NULL callback, but
// would otherwise match change_timer_function_usage, since the latter
// will update all function assignments done in the face of a NULL
// function initialization in setup_timer().
@change_timer_function_usage_NULL@
expression _E;
identifier _timer;
type _cast_data;
@@
(
-setup_timer(&_E->_timer, NULL, _E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E->_timer, NULL, (_cast_data)_E);
+timer_setup(&_E->_timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, &_E);
+timer_setup(&_E._timer, NULL, 0);
|
-setup_timer(&_E._timer, NULL, (_cast_data)&_E);
+timer_setup(&_E._timer, NULL, 0);
)
@change_timer_function_usage@
expression _E;
identifier _timer;
struct timer_list _stl;
identifier _callback;
type _cast_func, _cast_data;
@@
(
-setup_timer(&_E->_timer, _callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, &_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, _E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, &_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)_E);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, (_cast_func)&_callback, (_cast_data)&_E);
+timer_setup(&_E._timer, _callback, 0);
|
_E->_timer@_stl.function = _callback;
|
_E->_timer@_stl.function = &_callback;
|
_E->_timer@_stl.function = (_cast_func)_callback;
|
_E->_timer@_stl.function = (_cast_func)&_callback;
|
_E._timer@_stl.function = _callback;
|
_E._timer@_stl.function = &_callback;
|
_E._timer@_stl.function = (_cast_func)_callback;
|
_E._timer@_stl.function = (_cast_func)&_callback;
)
// callback(unsigned long arg)
@change_callback_handle_cast
depends on change_timer_function_usage@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
identifier _handle;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
(
... when != _origarg
_handletype *_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(_handletype *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
|
... when != _origarg
_handletype *_handle;
... when != _handle
_handle =
-(void *)_origarg;
+from_timer(_handle, t, _timer);
... when != _origarg
)
}
// callback(unsigned long arg) without existing variable
@change_callback_handle_cast_no_arg
depends on change_timer_function_usage &&
!change_callback_handle_cast@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _origtype;
identifier _origarg;
type _handletype;
@@
void _callback(
-_origtype _origarg
+struct timer_list *t
)
{
+ _handletype *_origarg = from_timer(_origarg, t, _timer);
+
... when != _origarg
- (_handletype *)_origarg
+ _origarg
... when != _origarg
}
// Avoid already converted callbacks.
@match_callback_converted
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier t;
@@
void _callback(struct timer_list *t)
{ ... }
// callback(struct something *handle)
@change_callback_handle_arg
depends on change_timer_function_usage &&
!match_callback_converted &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
@@
void _callback(
-_handletype *_handle
+struct timer_list *t
)
{
+ _handletype *_handle = from_timer(_handle, t, _timer);
...
}
// If change_callback_handle_arg ran on an empty function, remove
// the added handler.
@unchange_callback_handle_arg
depends on change_timer_function_usage &&
change_callback_handle_arg@
identifier change_timer_function_usage._callback;
identifier change_timer_function_usage._timer;
type _handletype;
identifier _handle;
identifier t;
@@
void _callback(struct timer_list *t)
{
- _handletype *_handle = from_timer(_handle, t, _timer);
}
// We only want to refactor the setup_timer() data argument if we've found
// the matching callback. This undoes changes in change_timer_function_usage.
@unchange_timer_function_usage
depends on change_timer_function_usage &&
!change_callback_handle_cast &&
!change_callback_handle_cast_no_arg &&
!change_callback_handle_arg@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type change_timer_function_usage._cast_data;
@@
(
-timer_setup(&_E->_timer, _callback, 0);
+setup_timer(&_E->_timer, _callback, (_cast_data)_E);
|
-timer_setup(&_E._timer, _callback, 0);
+setup_timer(&_E._timer, _callback, (_cast_data)&_E);
)
// If we fixed a callback from a .function assignment, fix the
// assignment cast now.
@change_timer_function_assignment
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression change_timer_function_usage._E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_func;
typedef TIMER_FUNC_TYPE;
@@
(
_E->_timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E->_timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-&_callback;
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)_callback
+(TIMER_FUNC_TYPE)_callback
;
|
_E._timer.function =
-(_cast_func)&_callback
+(TIMER_FUNC_TYPE)_callback
;
)
// Sometimes timer functions are called directly. Replace matched args.
@change_timer_function_calls
depends on change_timer_function_usage &&
(change_callback_handle_cast ||
change_callback_handle_cast_no_arg ||
change_callback_handle_arg)@
expression _E;
identifier change_timer_function_usage._timer;
identifier change_timer_function_usage._callback;
type _cast_data;
@@
_callback(
(
-(_cast_data)_E
+&_E->_timer
|
-(_cast_data)&_E
+&_E._timer
|
-_E
+&_E->_timer
)
)
// If a timer has been configured without a data argument, it can be
// converted without regard to the callback argument, since it is unused.
@match_timer_function_unused_data@
expression _E;
identifier _timer;
identifier _callback;
@@
(
-setup_timer(&_E->_timer, _callback, 0);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0L);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E->_timer, _callback, 0UL);
+timer_setup(&_E->_timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0L);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_E._timer, _callback, 0UL);
+timer_setup(&_E._timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0L);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(&_timer, _callback, 0UL);
+timer_setup(&_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0L);
+timer_setup(_timer, _callback, 0);
|
-setup_timer(_timer, _callback, 0UL);
+timer_setup(_timer, _callback, 0);
)
@change_callback_unused_data
depends on match_timer_function_unused_data@
identifier match_timer_function_unused_data._callback;
type _origtype;
identifier _origarg;
@@
void _callback(
-_origtype _origarg
+struct timer_list *unused
)
{
... when != _origarg
}
Signed-off-by: Kees Cook <keescook@chromium.org>
2017-10-16 14:43:17 -07:00
struct ohci_hcd * ohci = from_timer ( ohci , t , io_watchdog ) ;
2014-07-18 16:26:12 -04:00
bool takeback_all_pending = false ;
u32 status ;
u32 head ;
struct ed * ed ;
struct td * td , * td_start , * td_next ;
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
unsigned frame_no , prev_frame_no = IO_WATCHDOG_OFF ;
2014-07-18 16:26:12 -04:00
unsigned long flags ;
spin_lock_irqsave ( & ohci - > lock , flags ) ;
/*
* One way to lose track of completed TDs is if the controller
* never writes back the done queue head . If it hasn ' t been
* written back since the last time this function ran and if it
* was non - empty at that time , something is badly wrong with the
* hardware .
*/
status = ohci_readl ( ohci , & ohci - > regs - > intrstatus ) ;
if ( ! ( status & OHCI_INTR_WDH ) & & ohci - > wdh_cnt = = ohci - > prev_wdh_cnt ) {
if ( ohci - > prev_donehead ) {
ohci_err ( ohci , " HcDoneHead not written back; disabled \n " ) ;
2014-07-18 16:26:17 -04:00
died :
2014-07-18 16:26:12 -04:00
usb_hc_died ( ohci_to_hcd ( ohci ) ) ;
ohci_dump ( ohci ) ;
2019-08-27 12:51:50 +09:00
_ohci_shutdown ( ohci_to_hcd ( ohci ) ) ;
2014-07-18 16:26:12 -04:00
goto done ;
} else {
/* No write back because the done queue was empty */
takeback_all_pending = true ;
}
}
/* Check every ED which might have pending TDs */
list_for_each_entry ( ed , & ohci - > eds_in_use , in_use_list ) {
if ( ed - > pending_td ) {
if ( takeback_all_pending | |
OKAY_TO_TAKEBACK ( ohci , ed ) ) {
unsigned tmp = hc32_to_cpu ( ohci , ed - > hwINFO ) ;
ohci_dbg ( ohci , " takeback pending TD for dev %d ep 0x%x \n " ,
0x007f & tmp ,
( 0x000f & ( tmp > > 7 ) ) +
( ( tmp & ED_IN ) > > 5 ) ) ;
add_to_done_list ( ohci , ed - > pending_td ) ;
}
}
/* Starting from the latest pending TD, */
td = ed - > pending_td ;
/* or the last TD on the done list, */
if ( ! td ) {
list_for_each_entry ( td_next , & ed - > td_list , td_list ) {
if ( ! td_next - > next_dl_td )
break ;
td = td_next ;
}
}
/* find the last TD processed by the controller. */
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-23 14:07:29 -07:00
head = hc32_to_cpu ( ohci , READ_ONCE ( ed - > hwHeadP ) ) & TD_MASK ;
2014-07-18 16:26:12 -04:00
td_start = td ;
td_next = list_prepare_entry ( td , & ed - > td_list , td_list ) ;
list_for_each_entry_continue ( td_next , & ed - > td_list , td_list ) {
if ( head = = ( u32 ) td_next - > td_dma )
break ;
td = td_next ; /* head pointer has passed this TD */
}
if ( td ! = td_start ) {
/*
* In case a WDH cycle is in progress , we will wait
* for the next two cycles to complete before assuming
* this TD will never get on the done queue .
*/
ed - > takeback_wdh_cnt = ohci - > wdh_cnt + 2 ;
ed - > pending_td = td ;
}
}
ohci_work ( ohci ) ;
if ( ohci - > rh_state = = OHCI_RH_RUNNING ) {
2014-07-18 16:26:17 -04:00
/*
* Sometimes a controller just stops working . We can tell
* by checking that the frame counter has advanced since
* the last time we ran .
*
* But be careful : Some controllers violate the spec by
* stopping their frame counter when no ports are active .
*/
frame_no = ohci_frame_no ( ohci ) ;
if ( frame_no = = ohci - > prev_frame_no ) {
int active_cnt = 0 ;
int i ;
unsigned tmp ;
for ( i = 0 ; i < ohci - > num_ports ; + + i ) {
tmp = roothub_portstatus ( ohci , i ) ;
/* Enabled and not suspended? */
if ( ( tmp & RH_PS_PES ) & & ! ( tmp & RH_PS_PSS ) )
+ + active_cnt ;
}
if ( active_cnt > 0 ) {
ohci_err ( ohci , " frame counter not updating; disabled \n " ) ;
goto died ;
}
}
2014-07-18 16:26:12 -04:00
if ( ! list_empty ( & ohci - > eds_in_use ) ) {
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
prev_frame_no = frame_no ;
2014-07-18 16:26:12 -04:00
ohci - > prev_wdh_cnt = ohci - > wdh_cnt ;
ohci - > prev_donehead = ohci_readl ( ohci ,
& ohci - > regs - > donehead ) ;
mod_timer ( & ohci - > io_watchdog ,
jiffies + IO_WATCHDOG_DELAY ) ;
}
}
done :
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
ohci - > prev_frame_no = prev_frame_no ;
2014-07-18 16:26:12 -04:00
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
}
2005-04-16 15:20:36 -07:00
/* an interrupt happens */
IRQ: Maintain regs pointer globally rather than passing to IRQ handlers
Maintain a per-CPU global "struct pt_regs *" variable which can be used instead
of passing regs around manually through all ~1800 interrupt handlers in the
Linux kernel.
The regs pointer is used in few places, but it potentially costs both stack
space and code to pass it around. On the FRV arch, removing the regs parameter
from all the genirq function results in a 20% speed up of the IRQ exit path
(ie: from leaving timer_interrupt() to leaving do_IRQ()).
Where appropriate, an arch may override the generic storage facility and do
something different with the variable. On FRV, for instance, the address is
maintained in GR28 at all times inside the kernel as part of general exception
handling.
Having looked over the code, it appears that the parameter may be handed down
through up to twenty or so layers of functions. Consider a USB character
device attached to a USB hub, attached to a USB controller that posts its
interrupts through a cascaded auxiliary interrupt controller. A character
device driver may want to pass regs to the sysrq handler through the input
layer which adds another few layers of parameter passing.
I've build this code with allyesconfig for x86_64 and i386. I've runtested the
main part of the code on FRV and i386, though I can't test most of the drivers.
I've also done partial conversion for powerpc and MIPS - these at least compile
with minimal configurations.
This will affect all archs. Mostly the changes should be relatively easy.
Take do_IRQ(), store the regs pointer at the beginning, saving the old one:
struct pt_regs *old_regs = set_irq_regs(regs);
And put the old one back at the end:
set_irq_regs(old_regs);
Don't pass regs through to generic_handle_irq() or __do_IRQ().
In timer_interrupt(), this sort of change will be necessary:
- update_process_times(user_mode(regs));
- profile_tick(CPU_PROFILING, regs);
+ update_process_times(user_mode(get_irq_regs()));
+ profile_tick(CPU_PROFILING);
I'd like to move update_process_times()'s use of get_irq_regs() into itself,
except that i386, alone of the archs, uses something other than user_mode().
Some notes on the interrupt handling in the drivers:
(*) input_dev() is now gone entirely. The regs pointer is no longer stored in
the input_dev struct.
(*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does
something different depending on whether it's been supplied with a regs
pointer or not.
(*) Various IRQ handler function pointers have been moved to type
irq_handler_t.
Signed-Off-By: David Howells <dhowells@redhat.com>
(cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
2006-10-05 14:55:46 +01:00
static irqreturn_t ohci_irq ( struct usb_hcd * hcd )
2005-04-16 15:20:36 -07:00
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
struct ohci_regs __iomem * regs = ohci - > regs ;
2007-08-01 13:24:30 -07:00
int ints ;
2005-04-16 15:20:36 -07:00
2007-12-06 13:28:25 -08:00
/* Read interrupt status (and flush pending writes). We ignore the
* optimization of checking the LSB of hcca - > done_head ; it doesn ' t
* work on all systems ( edge triggering for OHCI can be a factor ) .
2007-08-01 13:24:30 -07:00
*/
2007-12-06 13:28:25 -08:00
ints = ohci_readl ( ohci , & regs - > intrstatus ) ;
2005-04-16 15:20:36 -07:00
2007-12-06 13:28:25 -08:00
/* Check for an all 1's result which is a typical consequence
* of dead , unclocked , or unplugged ( CardBus . . . ) devices
*/
if ( ints = = ~ ( u32 ) 0 ) {
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2005-04-16 15:20:36 -07:00
ohci_dbg ( ohci , " device removed! \n " ) ;
2011-05-17 17:27:12 -04:00
usb_hc_died ( hcd ) ;
2005-04-16 15:20:36 -07:00
return IRQ_HANDLED ;
2007-12-06 13:28:25 -08:00
}
/* We only care about interrupts that are enabled */
ints & = ohci_readl ( ohci , & regs - > intrenable ) ;
2005-04-16 15:20:36 -07:00
/* interrupt for some other device? */
2011-11-17 16:41:56 -05:00
if ( ints = = 0 | | unlikely ( ohci - > rh_state = = OHCI_RH_HALTED ) )
2005-04-16 15:20:36 -07:00
return IRQ_NOTMINE ;
2006-08-04 11:31:55 -07:00
2005-04-16 15:20:36 -07:00
if ( ints & OHCI_INTR_UE ) {
// e.g. due to PCI Master/Target Abort
2007-08-01 13:24:30 -07:00
if ( quirk_nec ( ohci ) ) {
2007-05-31 23:34:27 +02:00
/* Workaround for a silicon bug in some NEC chips used
* in Apple ' s PowerBooks . Adapted from Darwin code .
*/
ohci_err ( ohci , " OHCI Unrecoverable Error, scheduling NEC chip restart \n " ) ;
ohci_writel ( ohci , OHCI_INTR_UE , & regs - > intrdisable ) ;
schedule_work ( & ohci - > nec_work ) ;
} else {
ohci_err ( ohci , " OHCI Unrecoverable Error, disabled \n " ) ;
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2011-05-17 17:27:12 -04:00
usb_hc_died ( hcd ) ;
2007-05-31 23:34:27 +02:00
}
2005-04-16 15:20:36 -07:00
2014-07-17 16:32:26 -04:00
ohci_dump ( ohci ) ;
2005-04-16 15:20:36 -07:00
ohci_usb_reset ( ohci ) ;
}
2006-10-24 12:04:22 -04:00
if ( ints & OHCI_INTR_RHSC ) {
2013-11-18 13:22:58 +01:00
ohci_dbg ( ohci , " rhsc \n " ) ;
2006-10-24 12:04:22 -04:00
ohci - > next_statechange = jiffies + STATECHANGE_DELAY ;
ohci_writel ( ohci , OHCI_INTR_RD | OHCI_INTR_RHSC ,
& regs - > intrstatus ) ;
2006-10-27 10:33:11 -04:00
/* NOTE: Vendors didn't always make the same implementation
* choices for RHSC . Many followed the spec ; RHSC triggers
* on an edge , like setting and maybe clearing a port status
* change bit . With others it ' s level - triggered , active
2014-09-19 17:32:23 +02:00
* until hub_wq clears all the port status change bits . We ' ll
* always disable it here and rely on polling until hub_wq
2006-10-27 10:33:11 -04:00
* re - enables it .
*/
ohci_writel ( ohci , OHCI_INTR_RHSC , & regs - > intrdisable ) ;
2006-10-24 12:04:22 -04:00
usb_hcd_poll_rh_status ( hcd ) ;
}
/* For connect and disconnect events, we expect the controller
* to turn on RHSC along with RD . But for remote wakeup events
* this might not happen .
*/
else if ( ints & OHCI_INTR_RD ) {
2013-11-18 13:22:58 +01:00
ohci_dbg ( ohci , " resume detect \n " ) ;
2006-10-24 12:04:22 -04:00
ohci_writel ( ohci , OHCI_INTR_RD , & regs - > intrstatus ) ;
2010-06-22 16:39:10 -04:00
set_bit ( HCD_FLAG_POLL_RH , & hcd - > flags ) ;
2006-09-26 14:46:16 -04:00
if ( ohci - > autostop ) {
spin_lock ( & ohci - > lock ) ;
ohci_rh_resume ( ohci ) ;
spin_unlock ( & ohci - > lock ) ;
} else
2005-09-22 22:42:53 -07:00
usb_hcd_resume_root_hub ( hcd ) ;
2005-04-16 15:20:36 -07:00
}
2014-07-18 16:25:59 -04:00
spin_lock ( & ohci - > lock ) ;
if ( ints & OHCI_INTR_WDH )
update_done_list ( ohci ) ;
2006-12-05 03:18:31 -08:00
2005-04-16 15:20:36 -07:00
/* could track INTR_SO to reduce available PCI/... bandwidth */
/* handle any pending URB/ED unlinks, leaving INTR_SF enabled
* when there ' s still unlinking to be done ( next frame ) .
*/
2014-07-18 16:26:07 -04:00
ohci_work ( ohci ) ;
2014-07-18 16:25:36 -04:00
if ( ( ints & OHCI_INTR_SF ) ! = 0 & & ! ohci - > ed_rm_list
2011-11-17 16:41:56 -05:00
& & ohci - > rh_state = = OHCI_RH_RUNNING )
2006-12-05 03:18:31 -08:00
ohci_writel ( ohci , OHCI_INTR_SF , & regs - > intrdisable ) ;
2005-04-16 15:20:36 -07:00
2011-11-17 16:41:56 -05:00
if ( ohci - > rh_state = = OHCI_RH_RUNNING ) {
2005-04-16 15:20:36 -07:00
ohci_writel ( ohci , ints , & regs - > intrstatus ) ;
2014-07-18 16:26:12 -04:00
if ( ints & OHCI_INTR_WDH )
+ + ohci - > wdh_cnt ;
2006-12-05 03:18:31 -08:00
ohci_writel ( ohci , OHCI_INTR_MIE , & regs - > intrenable ) ;
2005-04-16 15:20:36 -07:00
// flush those writes
( void ) ohci_readl ( ohci , & ohci - > regs - > control ) ;
}
2014-07-18 16:25:59 -04:00
spin_unlock ( & ohci - > lock ) ;
2005-04-16 15:20:36 -07:00
return IRQ_HANDLED ;
}
/*-------------------------------------------------------------------------*/
static void ohci_stop ( struct usb_hcd * hcd )
2006-12-05 03:18:31 -08:00
{
2005-04-16 15:20:36 -07:00
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
2014-07-17 16:32:26 -04:00
ohci_dump ( ohci ) ;
2005-04-16 15:20:36 -07:00
2010-12-24 16:14:20 +01:00
if ( quirk_nec ( ohci ) )
2012-08-20 14:51:24 -07:00
flush_work ( & ohci - > nec_work ) ;
2014-07-18 16:26:12 -04:00
del_timer_sync ( & ohci - > io_watchdog ) ;
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
Running io_watchdog_func() while ohci_urb_enqueue() is running can
cause a race condition where ohci->prev_frame_no is corrupted and the
watchdog can mis-detect following error:
ohci-platform 664a0800.usb: frame counter not updating; disabled
ohci-platform 664a0800.usb: HC died; cleaning up
Specifically, following scenario causes a race condition:
1. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
2. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
3. ohci_urb_enqueue() sets ohci->prev_frame_no to a frame number
read by ohci_frame_no(ohci)
4. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
5. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section
6. Later, ohci_urb_enqueue() is called
7. ohci_urb_enqueue() calls spin_lock_irqsave(&ohci->lock, flags)
and enters the critical section
8. The timer scheduled on step 4 expires and io_watchdog_func() runs
9. io_watchdog_func() calls spin_lock_irqsave(&ohci->lock, flags)
and waits on it because ohci_urb_enqueue() is already in the
critical section on step 7
10. ohci_urb_enqueue() calls timer_pending(&ohci->io_watchdog) and it
returns false
11. ohci_urb_enqueue() sets ohci->prev_frame_no to new frame number
read by ohci_frame_no(ohci) because the frame number proceeded
between step 3 and 6
12. ohci_urb_enqueue() schedules io_watchdog_func() with mod_timer()
13. ohci_urb_enqueue() calls spin_unlock_irqrestore(&ohci->lock,
flags) and exits the critical section, then wake up
io_watchdog_func() which is waiting on step 9
14. io_watchdog_func() enters the critical section
15. io_watchdog_func() calls ohci_frame_no(ohci) and set frame_no
variable to the frame number
16. io_watchdog_func() compares frame_no and ohci->prev_frame_no
On step 16, because this calling of io_watchdog_func() is scheduled on
step 4, the frame number set in ohci->prev_frame_no is expected to the
number set on step 3. However, ohci->prev_frame_no is overwritten on
step 11. Because step 16 is executed soon after step 11, the frame
number might not proceed, so ohci->prev_frame_no must equals to
frame_no.
To address above scenario, this patch introduces a special sentinel
value IO_WATCHDOG_OFF and set this value to ohci->prev_frame_no when
the watchdog is not pending or running. When ohci_urb_enqueue()
schedules the watchdog (step 4 and 12 above), it compares
ohci->prev_frame_no to IO_WATCHDOG_OFF so that ohci->prev_frame_no is
not overwritten while io_watchdog_func() is running.
Signed-off-by: Shigeru Yoshida <Shigeru.Yoshida@windriver.com>
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-02 13:51:39 +08:00
ohci - > prev_frame_no = IO_WATCHDOG_OFF ;
2005-04-16 15:20:36 -07:00
ohci_writel ( ohci , OHCI_INTR_MIE , & ohci - > regs - > intrdisable ) ;
2013-07-26 07:12:14 +00:00
ohci_usb_reset ( ohci ) ;
2006-09-18 22:57:22 -07:00
free_irq ( hcd - > irq , hcd ) ;
2012-02-29 16:46:23 +02:00
hcd - > irq = 0 ;
2006-09-18 22:57:22 -07:00
2008-08-08 15:03:31 +08:00
if ( quirk_amdiso ( ohci ) )
2011-03-01 14:57:05 +08:00
usb_amd_dev_put ( ) ;
2007-08-01 13:24:30 -07:00
2005-04-16 15:20:36 -07:00
remove_debug_files ( ohci ) ;
ohci_mem_cleanup ( ohci ) ;
if ( ohci - > hcca ) {
2019-05-29 13:28:40 +03:00
if ( hcd - > localmem_pool )
gen_pool_free ( hcd - > localmem_pool ,
( unsigned long ) ohci - > hcca ,
sizeof ( * ohci - > hcca ) ) ;
else
dma_free_coherent ( hcd - > self . controller ,
sizeof ( * ohci - > hcca ) ,
ohci - > hcca , ohci - > hcca_dma ) ;
2005-04-16 15:20:36 -07:00
ohci - > hcca = NULL ;
ohci - > hcca_dma = 0 ;
}
}
/*-------------------------------------------------------------------------*/
2017-02-25 19:20:55 +08:00
# if defined(CONFIG_PM) || defined(CONFIG_USB_PCI)
2007-10-24 17:23:42 -07:00
2005-04-16 15:20:36 -07:00
/* must not be called from interrupt context */
2013-05-28 18:34:49 +05:30
int ohci_restart ( struct ohci_hcd * ohci )
2005-04-16 15:20:36 -07:00
{
int temp ;
int i ;
struct urb_priv * priv ;
2013-05-28 18:34:49 +05:30
ohci_init ( ohci ) ;
2005-04-16 15:20:36 -07:00
spin_lock_irq ( & ohci - > lock ) ;
2011-11-17 16:41:56 -05:00
ohci - > rh_state = OHCI_RH_HALTED ;
2007-05-31 23:34:27 +02:00
/* Recycle any "live" eds/tds (and urbs). */
2005-04-16 15:20:36 -07:00
if ( ! list_empty ( & ohci - > pending ) )
ohci_dbg ( ohci , " abort schedule... \n " ) ;
list_for_each_entry ( priv , & ohci - > pending , pending ) {
struct urb * urb = priv - > td [ 0 ] - > urb ;
struct ed * ed = priv - > ed ;
switch ( ed - > state ) {
case ED_OPER :
ed - > state = ED_UNLINK ;
ed - > hwINFO | = cpu_to_hc32 ( ohci , ED_DEQUEUE ) ;
ed_deschedule ( ohci , ed ) ;
ed - > ed_next = ohci - > ed_rm_list ;
ed - > ed_prev = NULL ;
ohci - > ed_rm_list = ed ;
2020-07-07 14:53:51 -05:00
fallthrough ;
2005-04-16 15:20:36 -07:00
case ED_UNLINK :
break ;
default :
ohci_dbg ( ohci , " bogus ed %p state %d \n " ,
ed , ed - > state ) ;
}
2007-08-24 15:40:34 -04:00
if ( ! urb - > unlinked )
urb - > unlinked = - ESHUTDOWN ;
2005-04-16 15:20:36 -07:00
}
2014-07-18 16:26:07 -04:00
ohci_work ( ohci ) ;
2005-04-16 15:20:36 -07:00
spin_unlock_irq ( & ohci - > lock ) ;
/* paranoia, in case that didn't work: */
/* empty the interrupt branches */
for ( i = 0 ; i < NUM_INTS ; i + + ) ohci - > load [ i ] = 0 ;
for ( i = 0 ; i < NUM_INTS ; i + + ) ohci - > hcca - > int_table [ i ] = 0 ;
2006-12-05 03:18:31 -08:00
2005-04-16 15:20:36 -07:00
/* no EDs to remove */
ohci - > ed_rm_list = NULL ;
2006-12-05 03:18:31 -08:00
/* empty control and bulk lists */
2005-04-16 15:20:36 -07:00
ohci - > ed_controltail = NULL ;
ohci - > ed_bulktail = NULL ;
if ( ( temp = ohci_run ( ohci ) ) < 0 ) {
ohci_err ( ohci , " can't restart, %d \n " , temp ) ;
return temp ;
}
2007-05-04 11:52:40 -04:00
ohci_dbg ( ohci , " restart complete \n " ) ;
2005-04-16 15:20:36 -07:00
return 0 ;
}
2013-05-28 18:34:49 +05:30
EXPORT_SYMBOL_GPL ( ohci_restart ) ;
2007-05-31 23:34:27 +02:00
2007-10-24 17:23:42 -07:00
# endif
2012-10-08 15:11:27 +02:00
# ifdef CONFIG_PM
2013-05-28 18:34:49 +05:30
int ohci_suspend ( struct usb_hcd * hcd , bool do_wakeup )
2012-10-08 15:11:27 +02:00
{
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
unsigned long flags ;
2013-11-13 17:40:16 +05:30
int rc = 0 ;
2012-10-08 15:11:27 +02:00
2012-10-08 15:11:28 +02:00
/* Disable irq emission and mark HW unaccessible. Use
2012-10-08 15:11:27 +02:00
* the spinlock to properly synchronize with possible pending
* RH suspend or resume activity .
*/
spin_lock_irqsave ( & ohci - > lock , flags ) ;
ohci_writel ( ohci , OHCI_INTR_MIE , & ohci - > regs - > intrdisable ) ;
( void ) ohci_readl ( ohci , & ohci - > regs - > intrdisable ) ;
clear_bit ( HCD_FLAG_HW_ACCESSIBLE , & hcd - > flags ) ;
spin_unlock_irqrestore ( & ohci - > lock , flags ) ;
2013-11-13 17:40:16 +05:30
synchronize_irq ( hcd - > irq ) ;
if ( do_wakeup & & HCD_WAKEUP_PENDING ( hcd ) ) {
ohci_resume ( hcd , false ) ;
rc = - EBUSY ;
}
return rc ;
2012-10-08 15:11:27 +02:00
}
2013-05-28 18:34:49 +05:30
EXPORT_SYMBOL_GPL ( ohci_suspend ) ;
2012-10-08 15:11:27 +02:00
2013-05-28 18:34:49 +05:30
int ohci_resume ( struct usb_hcd * hcd , bool hibernated )
2012-10-08 15:11:27 +02:00
{
2012-10-08 15:11:29 +02:00
struct ohci_hcd * ohci = hcd_to_ohci ( hcd ) ;
int port ;
bool need_reinit = false ;
2012-10-08 15:11:27 +02:00
set_bit ( HCD_FLAG_HW_ACCESSIBLE , & hcd - > flags ) ;
/* Make sure resume from hibernation re-enumerates everything */
if ( hibernated )
2012-10-08 15:11:29 +02:00
ohci_usb_reset ( ohci ) ;
/* See if the controller is already running or has been reset */
ohci - > hc_control = ohci_readl ( ohci , & ohci - > regs - > control ) ;
if ( ohci - > hc_control & ( OHCI_CTRL_IR | OHCI_SCHED_ENABLES ) ) {
need_reinit = true ;
} else {
switch ( ohci - > hc_control & OHCI_CTRL_HCFS ) {
case OHCI_USB_OPER :
case OHCI_USB_RESET :
need_reinit = true ;
}
}
/* If needed, reinitialize and suspend the root hub */
if ( need_reinit ) {
spin_lock_irq ( & ohci - > lock ) ;
ohci_rh_resume ( ohci ) ;
ohci_rh_suspend ( ohci , 0 ) ;
spin_unlock_irq ( & ohci - > lock ) ;
}
/* Normally just turn on port power and enable interrupts */
else {
ohci_dbg ( ohci , " powerup ports \n " ) ;
for ( port = 0 ; port < ohci - > num_ports ; port + + )
ohci_writel ( ohci , RH_PS_PPS ,
& ohci - > regs - > roothub . portstatus [ port ] ) ;
ohci_writel ( ohci , OHCI_INTR_MIE , & ohci - > regs - > intrenable ) ;
ohci_readl ( ohci , & ohci - > regs - > intrenable ) ;
msleep ( 20 ) ;
}
usb_hcd_resume_root_hub ( hcd ) ;
2012-10-08 15:11:27 +02:00
return 0 ;
}
2013-05-28 18:34:49 +05:30
EXPORT_SYMBOL_GPL ( ohci_resume ) ;
# endif
/*-------------------------------------------------------------------------*/
/*
* Generic structure : This gets copied for platform drivers so that
* individual entries can be overridden as needed .
*/
2012-10-08 15:11:27 +02:00
2013-05-28 18:34:49 +05:30
static const struct hc_driver ohci_hc_driver = {
. description = hcd_name ,
. product_desc = " OHCI Host Controller " ,
. hcd_priv_size = sizeof ( struct ohci_hcd ) ,
/*
* generic hardware linkage
*/
. irq = ohci_irq ,
2019-08-16 08:24:32 +02:00
. flags = HCD_MEMORY | HCD_DMA | HCD_USB11 ,
2013-05-28 18:34:49 +05:30
/*
* basic lifecycle operations
*/
. reset = ohci_setup ,
. start = ohci_start ,
. stop = ohci_stop ,
. shutdown = ohci_shutdown ,
/*
* managing i / o requests and associated device resources
*/
. urb_enqueue = ohci_urb_enqueue ,
. urb_dequeue = ohci_urb_dequeue ,
. endpoint_disable = ohci_endpoint_disable ,
/*
* scheduling support
*/
. get_frame_number = ohci_get_frame ,
/*
* root hub support
*/
. hub_status_data = ohci_hub_status_data ,
. hub_control = ohci_hub_control ,
# ifdef CONFIG_PM
. bus_suspend = ohci_bus_suspend ,
. bus_resume = ohci_bus_resume ,
2012-10-08 15:11:27 +02:00
# endif
2013-05-28 18:34:49 +05:30
. start_port_reset = ohci_start_port_reset ,
} ;
void ohci_init_driver ( struct hc_driver * drv ,
const struct ohci_driver_overrides * over )
{
/* Copy the generic table to drv and then apply the overrides */
* drv = ohci_hc_driver ;
2013-09-27 08:10:32 -07:00
if ( over ) {
drv - > product_desc = over - > product_desc ;
drv - > hcd_priv_size + = over - > extra_priv_size ;
if ( over - > reset )
drv - > reset = over - > reset ;
}
2013-05-28 18:34:49 +05:30
}
EXPORT_SYMBOL_GPL ( ohci_init_driver ) ;
2012-10-08 15:11:27 +02:00
2007-05-31 23:34:27 +02:00
/*-------------------------------------------------------------------------*/
2005-04-16 15:20:36 -07:00
MODULE_AUTHOR ( DRIVER_AUTHOR ) ;
2008-10-02 11:47:15 -04:00
MODULE_DESCRIPTION ( DRIVER_DESC ) ;
2005-04-16 15:20:36 -07:00
MODULE_LICENSE ( " GPL " ) ;
2008-06-02 10:05:30 +08:00
# if defined(CONFIG_ARCH_SA1100) && defined(CONFIG_SA1111)
2005-04-16 15:20:36 -07:00
# include "ohci-sa1111.c"
2006-12-13 21:09:54 +01:00
# define SA1111_DRIVER ohci_hcd_sa1111_driver
2005-04-16 15:20:36 -07:00
# endif
2006-12-13 21:09:55 +01:00
# ifdef CONFIG_USB_OHCI_HCD_PPC_OF
# include "ohci-ppc-of.c"
# define OF_PLATFORM_DRIVER ohci_hcd_ppc_of_driver
# endif
2007-01-15 20:12:10 -08:00
# ifdef CONFIG_PPC_PS3
# include "ohci-ps3.c"
2007-06-05 20:04:35 -07:00
# define PS3_SYSTEM_BUS_DRIVER ps3_ohci_driver
2007-01-15 20:12:10 -08:00
# endif
2008-01-23 15:58:46 +09:00
# ifdef CONFIG_MFD_SM501
# include "ohci-sm501.c"
2008-06-08 17:20:11 +01:00
# define SM501_OHCI_DRIVER ohci_hcd_sm501_driver
2008-01-23 15:58:46 +09:00
# endif
2008-10-08 16:14:23 +04:00
# ifdef CONFIG_MFD_TC6393XB
# include "ohci-tmio.c"
# define TMIO_OHCI_DRIVER ohci_hcd_tmio_driver
2010-10-08 14:47:52 -07:00
# endif
2006-12-13 21:09:54 +01:00
static int __init ohci_hcd_mod_init ( void )
{
int retval = 0 ;
if ( usb_disabled ( ) )
return - ENODEV ;
2017-02-27 14:30:02 -08:00
pr_debug ( " %s: block sizes: ed %zd td %zd \n " , hcd_name ,
2006-12-13 21:09:54 +01:00
sizeof ( struct ed ) , sizeof ( struct td ) ) ;
2008-10-02 11:48:13 -04:00
set_bit ( USB_OHCI_LOADED , & usb_hcds_loaded ) ;
2006-12-13 21:09:54 +01:00
2009-04-24 15:14:38 -07:00
ohci_debug_root = debugfs_create_dir ( " ohci " , usb_debug_root ) ;
2007-09-11 14:07:31 -07:00
2007-01-15 20:12:10 -08:00
# ifdef PS3_SYSTEM_BUS_DRIVER
2007-06-05 20:04:35 -07:00
retval = ps3_ohci_driver_register ( & PS3_SYSTEM_BUS_DRIVER ) ;
if ( retval < 0 )
goto error_ps3 ;
2007-01-15 20:12:10 -08:00
# endif
2006-12-13 21:09:55 +01:00
# ifdef OF_PLATFORM_DRIVER
2011-02-22 21:08:34 -07:00
retval = platform_driver_register ( & OF_PLATFORM_DRIVER ) ;
2006-12-13 21:09:55 +01:00
if ( retval < 0 )
2007-01-15 20:12:06 -08:00
goto error_of_platform ;
2006-12-13 21:09:55 +01:00
# endif
2006-12-13 21:09:54 +01:00
# ifdef SA1111_DRIVER
retval = sa1111_driver_register ( & SA1111_DRIVER ) ;
if ( retval < 0 )
2007-01-15 20:12:06 -08:00
goto error_sa1111 ;
2006-12-13 21:09:54 +01:00
# endif
2008-06-08 17:20:11 +01:00
# ifdef SM501_OHCI_DRIVER
retval = platform_driver_register ( & SM501_OHCI_DRIVER ) ;
if ( retval < 0 )
goto error_sm501 ;
# endif
2008-10-08 16:14:23 +04:00
# ifdef TMIO_OHCI_DRIVER
retval = platform_driver_register ( & TMIO_OHCI_DRIVER ) ;
if ( retval < 0 )
goto error_tmio ;
# endif
2006-12-13 21:09:54 +01:00
return retval ;
/* Error path */
2008-10-08 16:14:23 +04:00
# ifdef TMIO_OHCI_DRIVER
platform_driver_unregister ( & TMIO_OHCI_DRIVER ) ;
error_tmio :
# endif
2008-06-08 17:20:11 +01:00
# ifdef SM501_OHCI_DRIVER
2008-10-08 16:14:23 +04:00
platform_driver_unregister ( & SM501_OHCI_DRIVER ) ;
2008-06-08 17:20:11 +01:00
error_sm501 :
# endif
2007-01-15 20:12:06 -08:00
# ifdef SA1111_DRIVER
sa1111_driver_unregister ( & SA1111_DRIVER ) ;
error_sa1111 :
2006-12-13 21:09:54 +01:00
# endif
2006-12-13 21:09:55 +01:00
# ifdef OF_PLATFORM_DRIVER
2011-02-22 21:08:34 -07:00
platform_driver_unregister ( & OF_PLATFORM_DRIVER ) ;
2007-01-15 20:12:06 -08:00
error_of_platform :
2006-12-13 21:09:55 +01:00
# endif
2007-01-15 20:12:10 -08:00
# ifdef PS3_SYSTEM_BUS_DRIVER
2007-06-05 20:04:35 -07:00
ps3_ohci_driver_unregister ( & PS3_SYSTEM_BUS_DRIVER ) ;
2007-01-15 20:12:10 -08:00
error_ps3 :
2006-12-13 21:09:54 +01:00
# endif
2007-09-11 14:07:31 -07:00
debugfs_remove ( ohci_debug_root ) ;
ohci_debug_root = NULL ;
2008-10-02 11:48:13 -04:00
clear_bit ( USB_OHCI_LOADED , & usb_hcds_loaded ) ;
2006-12-13 21:09:54 +01:00
return retval ;
}
module_init ( ohci_hcd_mod_init ) ;
static void __exit ohci_hcd_mod_exit ( void )
{
2008-10-08 16:14:23 +04:00
# ifdef TMIO_OHCI_DRIVER
platform_driver_unregister ( & TMIO_OHCI_DRIVER ) ;
# endif
2008-06-08 17:20:11 +01:00
# ifdef SM501_OHCI_DRIVER
platform_driver_unregister ( & SM501_OHCI_DRIVER ) ;
# endif
2006-12-13 21:09:54 +01:00
# ifdef SA1111_DRIVER
sa1111_driver_unregister ( & SA1111_DRIVER ) ;
# endif
2006-12-13 21:09:55 +01:00
# ifdef OF_PLATFORM_DRIVER
2011-02-22 21:08:34 -07:00
platform_driver_unregister ( & OF_PLATFORM_DRIVER ) ;
2006-12-13 21:09:55 +01:00
# endif
2007-01-15 20:12:10 -08:00
# ifdef PS3_SYSTEM_BUS_DRIVER
2007-06-05 20:04:35 -07:00
ps3_ohci_driver_unregister ( & PS3_SYSTEM_BUS_DRIVER ) ;
2007-01-15 20:12:10 -08:00
# endif
2007-09-11 14:07:31 -07:00
debugfs_remove ( ohci_debug_root ) ;
2008-10-02 11:48:13 -04:00
clear_bit ( USB_OHCI_LOADED , & usb_hcds_loaded ) ;
2006-12-13 21:09:54 +01:00
}
module_exit ( ohci_hcd_mod_exit ) ;