xhci: Let completion handlers run before rings are restarted.
Hans reported an issue with the USBDEVFS_URB_BULK_CONTINUATION flag that
is used by libusb and devio (usbfs). This causes his usb redirection
code, and large bulk transfers, to not work under an xHCI host
controller.
It's explained in the kerneldoc for for usb_unlink_urb() that the host
controller driver is expected to allow URB completion handlers to run on
an error before restarting the endpoint ring:
* Host Controller Drivers (HCDs) place all the URBs for a particular
* endpoint in a queue. Normally the queue advances as the controller
* hardware processes each request. But when an URB terminates with an
* error its queue generally stops (see below), at least until that URB's
* completion routine returns. It is guaranteed that a stopped queue
* will not restart until all its unlinked URBs have been fully retired,
* with their completion routines run, even if that's not until some time
* after the original completion handler returns. The same behavior and
* guarantee apply when an URB terminates because it was unlinked.
*
* Bulk and interrupt endpoint queues are guaranteed to stop whenever an
* URB terminates with any sort of error, including -ECONNRESET, -ENOENT,
* and -EREMOTEIO. Control endpoint queues behave the same way except
* that they are not guaranteed to stop for -EREMOTEIO errors. Queues
* for isochronous endpoints are treated differently, because they must
* advance at fixed rates. Such queues do not stop when an URB
* encounters an error or is unlinked. An unlinked isochronous URB may
* leave a gap in the stream of packets; it is undefined whether such
* gaps can be filled in.
*
* Note that early termination of an URB because a short packet was
* received will generate a -EREMOTEIO error if and only if the
* URB_SHORT_NOT_OK flag is set. By setting this flag, USB device
* drivers can build deep queues for large or complex bulk transfers
* and clean them up reliably after any sort of aborted transfer by
* unlinking all pending URBs at the first fault.
*
* When a control URB terminates with an error other than -EREMOTEIO, it
* is quite likely that the status stage of the transfer will not take
* place.
This patch changes the xHCI ring handling code to allow the URB
completion handler to run before ringing the doorbell on an endpoint
ring. This means adding a new flag to prevent the doorbell ring
(EP_STAY_HALTED), to avoid a race condition with the URB completion
handler and a completing Set TR Dequeue Pointer command (which will
restart the ring). The new flag temporarily stops the ring until the
URB completion function has a chance to cancel any pending URBs. That
will set a different cancellation pending flag, which will also halt the
endpoint ring.
Make sure to set the new EP_STAY_HALTED flag before calling
xhci_cleanup_halted_endpoint(). That function will queue a Set TR
Dequeue command, which will ring the doorbell and restart the ring after
it completes. We need to make sure that the URB completion handlers
have a chance to run before the ring is restarted.
This patch should be backported to kernels as old as 2.6.36, because
that was the first kernel where the xHCI ring code refactoring was
introduced. It will be too hard to port this to the unrefactored code.
Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: stable@vger.kernel.org
2 files changed
