Re: Help needed for EHCI problem: removing an active bulk-in QH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 30 Oct 2015, Peter Chen wrote:

> After reading spec at 4.8.2:
> 
> Software must not remove an active queue head from the schedule.
> Software should first deactivate all active qTDs, wait for the
> queue head to go inactive, then remove the queue head from the
> asynchronous list.
> 
> But current software removes an active queue head first, then
> deactivates qTDs for the unlinked queue head. What's possible
> harm if we deactivates qTDs first, then unlink the queue head
> directly without waiting.

Right, that's the relevant part of the spec.

> > [In practice it's not feasible to wait for an active QH to become
> > inactive before removing it, for several reasons.  For one, the QH may
> > _never_ become inactive (if the endpoint NAKs indefinitely). 
> 
> Yes, 
> 
> > For
> > another, the procedure given in the spec (deactivate the qTDs on the
> > queue) is racy, since the controller can perform a new overlay or
> > writeback at any time.]
> > 
> 
> But that queue head will be unlinked soon, software (or controller) will
> not use a new overlay or a new writeback, isn't it?

You don't know that.  Until the controller sees that the QH has been
unlinked, it can do a new overlay or writeback at any time.  Don't
forget that the controller keeps an on-chip cached copy of the QH.  So
we could have a race like this:

	Initially the QH is marked active, both in RAM and in the
	controller's cache.  The next qTD in the queue is marked
	active.

	The driver sees that the QH in RAM is active.  It decides to
	follow the recommendation in the spec.

	But before the driver can do anything, the controller finishes
	the current transfer.  It marks the QH inactive in its cache
	and writes the cached QH back to RAM.

	Next, the controller seeing that the QH is inactive, reads the
	next qTD into its cache and performs an overlay.  This marks 
	the cached version of the QH as active again.

	The driver marks the qTDs inactive and waits for the QH to become
	inactive.  Since the QH in RAM is already marked inactive, the
	driver doesn't have to wait long.  It removes the QH from the
	async list.

	The controller writes the cached QH back to RAM, so now the QH 
	in RAM is active again.  But it has already been removed from
	the list!

Other races of the same general sort are also possible.

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux