On 10.03.2015 20:49, Alan Stern wrote: > On Tue, 10 Mar 2015, Mathias Nyman wrote: > >>> Mathias: >>> >>> Your patch description says this: >>> >>>> The endpoint might already processesed some TRBs on the endpiont ring >>>> before we soft reset the endpoint. >>>> Make sure we set the dequeue pointer to where we were befere soft reset >>> >>> However, if a driver tries to issue an endpoint reset while there are >>> still some URBs queued, it is a bug. Host controller drivers shouldn't >>> have to worry about this -- xhci_endpoint_reset() should simply return >>> an error if the endpoint ring isn't empty. >>> >>> I suppose we should check for this in the USB core. I'll write a patch >>> and CC: you. >>> >>> Alan Stern >>> >> >> It's possible that there's something in usb core as well, >> but I think the following was what happened: >> >> 1. First a normal configure endpoint command is issued, it sets endpoint dequeue pointer >> to xxx400 = start of ring segment >> 2. two urbs get queued -> two TDs put on endpoint ring. >> 3. xhci executes those, ring is in running (idle) state. sw dequeue at xxx430, No TDs queued. >> Endpoint dequeue pointer is not written to the endpoint output context as the ring is still >> in running state (even if idle, not advancing with no TDs queued) it still shows xxx400 >> 4. -> something happends, xhci_endpoint_reset() is called, we do a new configure endpoint >> to 'soft reset' the endpiont, but we copy the dequeue pointer from the old endpoint >> output context to the configure endpoint input context, which re-initializes the old >> dequeue xxx400 pointer to xhci hardware, and it starts executing the old TDs from the ring. > > Obviously that's bad. > > But don't you have to stop the endpoint ring in order to configure it? > When you stop the ring, doesn't the controller store the correct > current value of the dequeue pointer somewhere? > Normally we stop the endpoint before configuring it, but in this case the endpoint is already configured, and we don't really want to change the configuration, we just want to reset the toggle so that it's in sync with the device. As I understand the xhci specs allows us to issue a configure endpoint command for a running endpoint as long as it's empty. xhci 1.0 4.6.6 Configure Endpoint: "An endpoint shall be in the Stopped state or if in the Running state shall be “idle” (e.g. no USB Transactions are in progress, the Transfer Ring is empty, and software has processed all outstanding events for the Transfer Ring) if its Drop Context flag is set. If this condition is not met undefined behavior may occur. But the output context we copy is from last time the endpoint was stopped or configured. So we need to update the dequeue pointer to the one we have in the driver, I need to check if the other old fields in the output context can cause any issues as well. -Mathias -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html