From 71bc94ae59b8a6e07a2e240d97d3a9a0208ead11 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:10:56 +0000 Subject: [PATCH 01/24] usbnet: Simplify usbnet_isdying. usbnet_detach (or its caller) stops all users before it returns. If un->un_pri is null at this point, there's a bug -- something didn't wait for everything to finish before calling usbnet_detach. --- sys/dev/usb/usbnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 1712d2f687f0..39e8aa508a75 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1269,7 +1269,7 @@ usbnet_havelink(struct usbnet *un) bool usbnet_isdying(struct usbnet *un) { - return un->un_pri == NULL || un->un_pri->unp_dying; + return un->un_pri->unp_dying; } From ffa9cd5ad5df3585fdf66e37eacb95f165cc41c0 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:56:01 +0000 Subject: [PATCH 02/24] usbnet: Set and clear IFF_RUNNING slightly earlier and later. - Set IFF_RUNNING before any calls to usbnet_rxeof are possible. - Don't clear IFF_RUNNING until all transfers have been aborted. --- sys/dev/usb/usbnet.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 39e8aa508a75..0ccd30063a17 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -849,9 +849,6 @@ usbnet_init_rx_tx(struct usbnet * const un) goto out; } - /* Start up the receive pipe(s). */ - usbnet_rx_start_pipes(un); - /* Indicate we are up and running. */ #if 0 /* XXX if_mcast_op() can call this without ifnet locked */ @@ -859,6 +856,9 @@ usbnet_init_rx_tx(struct usbnet * const un) #endif ifp->if_flags |= IFF_RUNNING; + /* Start up the receive pipe(s). */ + usbnet_rx_start_pipes(un); + callout_schedule(&unp->unp_stat_ch, hz); out: @@ -1073,14 +1073,6 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ - ifp->if_flags &= ~IFF_RUNNING; unp->unp_timer = 0; callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); @@ -1097,6 +1089,15 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); + /* + * XXXSMP Would like to + * KASSERT(IFNET_LOCKED(ifp)) + * here but the locking order is: + * ifnet -> core_lock -> rxlock -> txlock + * and core_lock is already held. + */ + ifp->if_flags &= ~IFF_RUNNING; + usbnet_unbusy(un); } From f317d8e1ff316243c8de72fcce535850bc92964f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:59:10 +0000 Subject: [PATCH 03/24] usbnet: Take IFNET_LOCK around access to if_flags in usbnet_detach. This is not stable without IFNET_LOCK. Extraneous calls to usbnet_stop arising from this race might be harmless, but let's render it unnecessary to even think about that. --- sys/dev/usb/usbnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 0ccd30063a17..b11f9eda8853 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1498,11 +1498,11 @@ usbnet_detach(device_t self, int flags) unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); + IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { - IFNET_LOCK(ifp); usbnet_if_stop(ifp, 1); - IFNET_UNLOCK(ifp); } + IFNET_UNLOCK(ifp); callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, From 28d4c5a53cbf79df32009eca5e390ffc2e5bf71c Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:01:27 +0000 Subject: [PATCH 04/24] usbnet: Ensure ifp->if_softc is initialized _before_ publishing ifp. Otherwise other parts of the system might start using ifp the moment we if_register it, and trip over null if_softc. --- sys/dev/usb/usbnet.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b11f9eda8853..4a60ebaf72f0 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -79,6 +79,7 @@ struct usbnet_private { bool unp_dying; bool unp_stopping; bool unp_attached; + bool unp_ifp_attached; bool unp_link; int unp_refcnt; @@ -1436,7 +1437,9 @@ usbnet_attach_ifp(struct usbnet *un, struct ifnet * const ifp = usbnet_ifp(un); KASSERT(unp->unp_attached); + KASSERT(!unp->unp_ifp_attached); + ifp->if_softc = un; strlcpy(ifp->if_xname, device_xname(un->un_dev), IFNAMSIZ); ifp->if_flags = if_flags; ifp->if_extflags = IFEF_MPSAFE | if_extflags; @@ -1455,6 +1458,7 @@ usbnet_attach_ifp(struct usbnet *un, if (ifp->_if_input == NULL) ifp->if_percpuq = if_percpuq_create(ifp); if_register(ifp); + unp->unp_ifp_attached = true; /* * If ethernet address is all zero, skip ether_ifattach() and @@ -1472,7 +1476,6 @@ usbnet_attach_ifp(struct usbnet *un, /* Now ready, and attached. */ IFQ_SET_READY(&ifp->if_snd); - ifp->if_softc = un; usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, un->un_udev, un->un_dev); @@ -1526,7 +1529,7 @@ usbnet_detach(device_t self, int flags) mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); ifmedia_fini(&mii->mii_media); } - if (ifp->if_softc) { + if (unp->unp_ifp_attached) { if (!usbnet_empty_eaddr(un)) ether_ifdetach(ifp); else From ea5c10a7572cafa14f78e30a8a9b483ae6624310 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:08:03 +0000 Subject: [PATCH 05/24] usbnet: Ensure access to unp_timer is protected by unp_txlock. --- sys/dev/usb/usbnet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 4a60ebaf72f0..b2a3c81694d8 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1074,7 +1074,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); + mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; + mutex_exit(&unp->unp_txlock); callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, @@ -1186,7 +1188,10 @@ usbnet_tick_task(void *arg) usbnet_busy(un); mutex_exit(&unp->unp_core_lock); - if (unp->unp_timer != 0 && --unp->unp_timer == 0) + mutex_enter(&unp->unp_txlock); + const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; + mutex_exit(&unp->unp_txlock); + if (timeout) usbnet_watchdog(ifp); DPRINTFN(8, "mii %#jx ifp %#jx", (uintptr_t)mii, (uintptr_t)ifp, 0, 0); From 1a53b967d39b2974fcc40ba840bc60b639bcad33 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:34:52 +0000 Subject: [PATCH 06/24] usbnet: Assert IFNET_LOCKED on if_flags change callbacks. - if_init - if_stop - ethersubr(9) ifflags_cb --- sys/dev/usb/usbnet.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b2a3c81694d8..d50b24836ae1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1005,6 +1005,8 @@ usbnet_ifflags_cb(struct ethercom *ec) struct usbnet_private * const unp = un->un_pri; int rv = 0; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); const u_short changed = ifp->if_flags ^ unp->unp_if_flags; @@ -1110,6 +1112,8 @@ usbnet_if_stop(struct ifnet *ifp, int disable) struct usbnet * const un = ifp->if_softc; struct usbnet_private * const unp = un->un_pri; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); usbnet_stop(un, ifp, disable); mutex_exit(&unp->unp_core_lock); @@ -1219,6 +1223,8 @@ usbnet_if_init(struct ifnet *ifp) USBNETHIST_FUNC(); USBNETHIST_CALLED(); struct usbnet * const un = ifp->if_softc; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + return uno_init(un, ifp); } From 0b9e6a74159ae3f4f154ead213caebc1394ca035 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:52:41 +0000 Subject: [PATCH 07/24] usbnet: Assert IFNET_LOCKED in usbnet_init_rx_tx, usbnet_stop. Exception: urndis(4) abuses this API to start this logic before the ifp is actually initialized. So for the sake of urndis(4), until sense can be beaten into it, allow the !unp_ifp_attached case to run without IFNET_LOCK. --- sys/dev/usb/usbnet.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index d50b24836ae1..59784a6db70e 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -150,6 +150,8 @@ fail: static void uno_stop(struct usbnet *un, struct ifnet *ifp, int disable) { + KASSERTMSG(!un->un_pri->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); if (un->un_ops->uno_stop) (*un->un_ops->uno_stop)(ifp, disable); @@ -819,6 +821,9 @@ usbnet_init_rx_tx(struct usbnet * const un) usbd_status err; int error = 0; + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); + usbnet_isowned_core(un); if (unp->unp_dying) { @@ -1064,6 +1069,8 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) USBNETHIST_FUNC(); USBNETHIST_CALLED(); + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); usbnet_busy(un); @@ -1094,13 +1101,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ + /* Everything is quesced now. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags &= ~IFF_RUNNING; usbnet_unbusy(un); From 0c893a83e40783699d287db5dfe70106922252ce Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:50:37 +0000 Subject: [PATCH 08/24] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_rxeof. This can only run after we start the pipes in usbnet_init_rx_tx, and before we close the pipes in usbnet_detach, during which time if_flags & IFF_RUNNING is stably set. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 59784a6db70e..2a319c6d7220 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -336,7 +336,6 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet_chain * const c = priv; struct usbnet * const un = c->unc_un; struct usbnet_private * const unp = un->un_pri; - struct ifnet * const ifp = usbnet_ifp(un); uint32_t total_len; USBNETHIST_CALLARGSN(5, "%jd: enter: status %#jx xfer %#jx", @@ -346,7 +345,7 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) if (unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) + status == USBD_CANCELLED) goto out; if (status != USBD_NORMAL_COMPLETION) { From 665aca6fd43ea8d3826da2ef074049687c8d316a Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:52:49 +0000 Subject: [PATCH 09/24] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_pipe_intr. The one user of this interface in tree, aue(4), doesn't care -- if_statinc is safe whether IFF_RUNNING or not. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 2a319c6d7220..7e3c1894d019 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -442,11 +442,10 @@ usbnet_pipe_intr(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet * const un = priv; struct usbnet_private * const unp = un->un_pri; struct usbnet_intr * const uni = un->un_intr; - struct ifnet * const ifp = usbnet_ifp(un); if (uni == NULL || unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) { + status == USBD_CANCELLED) { USBNETHIST_CALLARGS("%jd: uni %#jx d/s %#jx status %#jx", unp->unp_number, (uintptr_t)uni, (unp->unp_dying << 8) | unp->unp_stopping, status); From 615d44930442364131ff85ffc1b4959b7de84bc4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 12:52:21 +0000 Subject: [PATCH 10/24] usbnet: Omit needless unp == NULL test in usbnet_tick_task. The task is never scheduled until after un->un_pri is initialized, and un->un_pri isn't nulled until after the callout and task are quiescent. --- sys/dev/usb/usbnet.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 7e3c1894d019..aa966eb17f7a 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1174,9 +1174,6 @@ usbnet_tick_task(void *arg) struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - if (unp == NULL) - return; - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_core_lock); From 84a334b6623fdb9e66ddd42a1622a2bce3970fc7 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 20:31:02 +0000 Subject: [PATCH 11/24] axen(4), mue(4), smsc(4): Omit irrelevant cases in ioctl. SIOCSIFFLAGS and SIOCSETHERCAP always end up in ether_ioctl_reinit, which triggers the same logic to reprogram the multicast filters anyway. --- sys/dev/usb/if_axen.c | 2 -- sys/dev/usb/if_mue.c | 2 -- sys/dev/usb/if_smsc.c | 2 -- 3 files changed, 6 deletions(-) diff --git a/sys/dev/usb/if_axen.c b/sys/dev/usb/if_axen.c index bf91d56b356d..fe433722d185 100644 --- a/sys/dev/usb/if_axen.c +++ b/sys/dev/usb/if_axen.c @@ -559,8 +559,6 @@ axen_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: axen_setiff_locked(un); diff --git a/sys/dev/usb/if_mue.c b/sys/dev/usb/if_mue.c index 559b9eff2569..16a52e4c6ed4 100644 --- a/sys/dev/usb/if_mue.c +++ b/sys/dev/usb/if_mue.c @@ -1273,8 +1273,6 @@ mue_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: mue_setiff_locked(un); diff --git a/sys/dev/usb/if_smsc.c b/sys/dev/usb/if_smsc.c index 6cf37e507d1c..12eaf3fa3cc6 100644 --- a/sys/dev/usb/if_smsc.c +++ b/sys/dev/usb/if_smsc.c @@ -757,8 +757,6 @@ smsc_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: smsc_setiff_locked(un); From 4863a6f5c6fcaef2b16da61a6a05df6c0b3b3a30 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:21:10 +0000 Subject: [PATCH 12/24] usbnet: Defer hardware multicast filter updates to USB task. Breaks deadlock: - usbnet_detach holds usbnet lock, awaits kpause in ure_reset - callout holds softclock `lock' (sequential softints, blocks kpause wakeup), awaits softnet_lock in tcp_timer_keep, frag6_fasttimo, &c. - soclose holds softnet_lock, awaits usbnet lock in SIOCDELMULTI With this change, the ethernet layer still maintains the list of multicast addresses synchronously, but we defer the driver logic that updates the hardware multicast filter to an asynchronous USB task without softnet_lock held. This doesn't cause exactly the same ioctl to be sent to the driver -- usbnet just sends SIOCDELMULTI with an all-zero struct ifreq, and might drop some ioctls if issued in quick succession. This is OK because none of the drivers actually distinguish between SIOCADDMULTI and SIOCDELMULTI, or examine the argument; the drivers just commit whatever multicast addresses are listed in the ethercom. While here, fix a bug in usbnet_activate: set unp_stopping while holding the usbnet lock, so we can reliably read it in usbnet_tick_task and the new usbnet_mcast_task. --- sys/dev/usb/usbnet.c | 56 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 52 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index aa966eb17f7a..2da1cf5f95b4 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -72,6 +72,7 @@ struct usbnet_private { struct ethercom unp_ec; struct mii_data unp_mii; + struct usb_task unp_mcasttask; struct usb_task unp_ticktask; struct callout unp_stat_ch; struct usbd_pipe *unp_ep[USBNET_ENDPT_MAX]; @@ -1041,12 +1042,51 @@ usbnet_if_ioctl(struct ifnet *ifp, u_long cmd, void *data) return uno_override_ioctl(un, ifp, cmd, data); error = ether_ioctl(ifp, cmd, data); - if (error == ENETRESET) - error = uno_ioctl(un, ifp, cmd, data); + if (error == ENETRESET) { + switch (cmd) { + case SIOCADDMULTI: + case SIOCDELMULTI: + mutex_enter(&unp->unp_core_lock); + if (!unp->unp_stopping) { + usb_add_task(un->un_udev, &unp->unp_mcasttask, + USB_TASKQ_DRIVER); + } + mutex_exit(&unp->unp_core_lock); + error = 0; + break; + default: + error = uno_ioctl(un, ifp, cmd, data); + } + } return error; } +static void +usbnet_mcast_task(void *arg) +{ + USBNETHIST_FUNC(); + struct usbnet * const un = arg; + struct ifnet * const ifp = usbnet_ifp(un); + struct usbnet_private * const unp = un->un_pri; + struct ifreq ifr; + + USBNETHIST_CALLARGSN(10, "%jd: enter", unp->unp_number, 0, 0, 0); + + /* + * Pass a bogus ifr with SIOCDELMULTI -- the goal is to just + * notify the driver to reprogram any hardware multicast + * filter, according to what's already stored in the ethercom. + * None of the drivers actually examine this argument, so it + * doesn't change the ABI as far as they can tell. + */ + memset(&ifr, 0, sizeof(ifr)); + + mutex_enter(&unp->unp_core_lock); + (void)uno_ioctl(un, ifp, SIOCDELMULTI, &ifr); + mutex_exit(&unp->unp_core_lock); +} + /* * Generic stop network function: * - mark as stopping @@ -1079,6 +1119,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); + uno_stop(un, ifp, disable); mutex_enter(&unp->unp_txlock); @@ -1384,7 +1427,10 @@ usbnet_attach(struct usbnet *un, un->un_pri = kmem_zalloc(sizeof(*un->un_pri), KM_SLEEP); struct usbnet_private * const unp = un->un_pri; - usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_mcasttask, usbnet_mcast_task, un, + USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, + USB_TASKQ_MPSAFE); callout_init(&unp->unp_stat_ch, CALLOUT_MPSAFE); callout_setfunc(&unp->unp_stat_ch, usbnet_tick, un); @@ -1519,6 +1565,8 @@ usbnet_detach(device_t self, int flags) callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, NULL); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + NULL); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; @@ -1576,13 +1624,13 @@ usbnet_activate(device_t self, devact_t act) mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; - mutex_exit(&unp->unp_core_lock); mutex_enter(&unp->unp_rxlock); mutex_enter(&unp->unp_txlock); unp->unp_stopping = true; mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + mutex_exit(&unp->unp_core_lock); return 0; default: From beea37f2462295a867f1f4ab16e650b37f53ce54 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:52:09 +0000 Subject: [PATCH 13/24] usbnet: Remove usbnet_set_dying. Not necessary for the one caller that did it (url(4)): usbnet_detach handles failed attach just fine without it. --- sys/dev/usb/if_url.c | 8 +------- sys/dev/usb/usbnet.c | 6 ------ sys/dev/usb/usbnet.h | 1 - 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/if_url.c b/sys/dev/usb/if_url.c index 764b9c654682..dbb57bf66ca7 100644 --- a/sys/dev/usb/if_url.c +++ b/sys/dev/usb/if_url.c @@ -256,18 +256,12 @@ url_attach(device_t parent, device_t self, void *aux) usbnet_unlock_core(un); if (err) { aprint_error_dev(self, "read MAC address failed\n"); - goto bad; + return; } /* initialize interface information */ usbnet_attach_ifp(un, IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST, 0, &unm); - - return; - - bad: - usbnet_set_dying(un, true); - return; } /* read/write memory */ diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 2da1cf5f95b4..f3b89bbd06a6 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1278,12 +1278,6 @@ usbnet_set_link(struct usbnet *un, bool link) un->un_pri->unp_link = link; } -void -usbnet_set_dying(struct usbnet *un, bool link) -{ - un->un_pri->unp_dying = link; -} - struct ifnet * usbnet_ifp(struct usbnet *un) { diff --git a/sys/dev/usb/usbnet.h b/sys/dev/usb/usbnet.h index 15e9dfc7b351..1faa822887c5 100644 --- a/sys/dev/usb/usbnet.h +++ b/sys/dev/usb/usbnet.h @@ -284,7 +284,6 @@ struct usbnet { /* Various accessors. */ void usbnet_set_link(struct usbnet *, bool); -void usbnet_set_dying(struct usbnet *, bool); struct ifnet *usbnet_ifp(struct usbnet *); struct ethercom *usbnet_ec(struct usbnet *); From e790cd6781c9c6704dcef62f919edac6ebb81e78 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:17:06 +0000 Subject: [PATCH 14/24] usbnet: Fix ordering of actions in usbnet_stop. Make sure all software activity is quiescent (callouts and tasks, including ifmedia and mii callbacks -- anything that might trigger register access) before asking the driver to stop the hardware. This way, the driver uno_stop routine is guaranteed exclusive access to the registers. This will also enable us to simplify the callouts and tasks so they don't have to check the software state -- to be done in a separate commit. --- sys/dev/usb/usbnet.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index f3b89bbd06a6..b67277274354 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1119,19 +1119,31 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + /* + * Stop the timer first, then the task -- if the timer was + * already firing, we stop the task or wait for it complete + * only after if last fired. Setting unp_stopping prevents the + * timer and multicast task from being scheduled again. + */ + callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); + usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, &unp->unp_core_lock); + /* + * Now that the software is quiescent, ask the driver to stop + * the hardware. The driver's uno_stop routine now has + * exclusive access to any registers that might previously have + * been used by to ifmedia, mii, or ioctl callbacks. + */ uno_stop(un, ifp, disable); + /* Clear the watchdog timer. */ mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; mutex_exit(&unp->unp_txlock); - callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - &unp->unp_core_lock); - /* Stop transfers. */ usbnet_ep_stop_pipes(un); From 52133c6b6abbaa1dbbb24dd6292751217cd31d2f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:22:46 +0000 Subject: [PATCH 15/24] usbnet: Assert IFNET_LOCKED in usbnet_media_upd. This ensures, if the device is being initialized or stopped, usbnet_media_upd will not run until it's done, so the reset sequence has exclusive access to the device registers used by mii. --- sys/dev/usb/usbnet.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b67277274354..4b927d6d8ba6 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -983,6 +983,9 @@ usbnet_media_upd(struct ifnet *ifp) /* ifmedia layer ensures core_lock is held. */ usbnet_isowned_core(un); + /* ifmedia changes only with IFNET_LOCK held. */ + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + if (unp->unp_dying) return EIO; From c391410517f4f214472e7c06c3fb643f284c799e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:29:16 +0000 Subject: [PATCH 16/24] usbnet: Set unp_isdying under IFNET_LOCK. Refuse to bring the interface back up, which happens under IFNET_LOCK, if it's dying. This ensures new activity on the interface can't happen by the time we stop existing activity and wait for it to complete. --- sys/dev/usb/usbnet.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 4b927d6d8ba6..9c5cc631d922 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1281,6 +1281,13 @@ usbnet_if_init(struct ifnet *ifp) KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + /* + * Prevent anyone from bringing the interface back up once + * we're detaching. + */ + if (usbnet_isdying(un)) + return EIO; + return uno_init(un, ifp); } @@ -1561,11 +1568,15 @@ usbnet_detach(device_t self, int flags) struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); + /* + * Prevent new activity. If we're still running on the + * network, stop and wait for all asynchronous activity to + * finish. + */ + IFNET_LOCK(ifp); mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); - - IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { usbnet_if_stop(ifp, 1); } From 00e5bd6128859a6fd4bb2e727dda926a60996496 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:32:42 +0000 Subject: [PATCH 17/24] usbnet: Omit needless callout_halt and usb_rem_task_wait. The callout and tasks cannot be pending at this point -- it is a bug if usbnet_if_stop failed to quiesce everything, so turn these into KASSERTs. --- sys/dev/usb/usbnet.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 9c5cc631d922..e3de9d87cfcd 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1582,11 +1582,13 @@ usbnet_detach(device_t self, int flags) } IFNET_UNLOCK(ifp); - callout_halt(&unp->unp_stat_ch, NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, - NULL); + /* + * The callout and tasks can't be scheduled anew at this point, + * and usbnet_if_stop has waited for them to complete. + */ + KASSERT(!callout_pending(&unp->unp_stat_ch)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; From 074d88dd9091897eae602b64767fba06ea2f9474 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:47:10 +0000 Subject: [PATCH 18/24] usbnet: Detach interface and mii before waiting for refcnt to drain. All outstanding software activity under usbnet's control -- which is all that participates in the refcnting -- should be quiesced by stopping and detaching everything. --- sys/dev/usb/usbnet.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index e3de9d87cfcd..22e42a31ced2 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1590,6 +1590,19 @@ usbnet_detach(device_t self, int flags) KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); + if (mii) { + mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); + ifmedia_fini(&mii->mii_media); + } + if (unp->unp_ifp_attached) { + if (!usbnet_empty_eaddr(un)) + ether_ifdetach(ifp); + else + bpf_detach(ifp); + if_detach(ifp); + } + usbnet_ec(un)->ec_mii = NULL; + mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; while (unp->unp_refcnt >= 0) { @@ -1604,19 +1617,6 @@ usbnet_detach(device_t self, int flags) callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); - if (mii) { - mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); - ifmedia_fini(&mii->mii_media); - } - if (unp->unp_ifp_attached) { - if (!usbnet_empty_eaddr(un)) - ether_ifdetach(ifp); - else - bpf_detach(ifp); - if_detach(ifp); - } - usbnet_ec(un)->ec_mii = NULL; - cv_destroy(&unp->unp_detachcv); mutex_destroy(&unp->unp_core_lock); mutex_destroy(&unp->unp_rxlock); From 1214ca86301ff09042a93d67807483b99c15fd2d Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:49:56 +0000 Subject: [PATCH 19/24] usbnet: Make detach order reverse attach order, for unp_stat_ch. No functional change intended. --- sys/dev/usb/usbnet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 22e42a31ced2..b4dc8f69677e 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1614,7 +1614,6 @@ usbnet_detach(device_t self, int flags) usbnet_rx_list_free(un); usbnet_tx_list_free(un); - callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); cv_destroy(&unp->unp_detachcv); @@ -1622,6 +1621,8 @@ usbnet_detach(device_t self, int flags) mutex_destroy(&unp->unp_rxlock); mutex_destroy(&unp->unp_txlock); + callout_destroy(&unp->unp_stat_ch); + pmf_device_deregister(un->un_dev); usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); From 839eb147ce74f05b8c2dde45bf49b843238bde03 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:32 +0000 Subject: [PATCH 20/24] usbnet: Don't issue a detach event if we never issued an attach one. --- sys/dev/usb/usbnet.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b4dc8f69677e..03beba795be4 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1625,7 +1625,14 @@ usbnet_detach(device_t self, int flags) pmf_device_deregister(un->un_dev); - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); + /* + * Notify userland that we're going away, if we arrived in the + * first place. + */ + if (unp->unp_ifp_attached) { + usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, + un->un_dev); + } kmem_free(unp, sizeof(*unp)); un->un_pri = NULL; From bfa87eb7101f4ef3f124e9d872f352b67feb19db Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:59 +0000 Subject: [PATCH 21/24] usbnet: Uncomment and fix assertion for ifp->if_flags |= IFF_RUNNING. We always hold IFNET_LOCK for ioctls that end up here -- the ones that don't hold it are only SIOCADDMULTI/SIOCDELMULTI, which don't end up here. However, urndis(4) throws a spanner in the works by doing weird device initialization. --- sys/dev/usb/usbnet.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 03beba795be4..ca3c8c2a8d84 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -855,10 +855,9 @@ usbnet_init_rx_tx(struct usbnet * const un) } /* Indicate we are up and running. */ -#if 0 - /* XXX if_mcast_op() can call this without ifnet locked */ - KASSERT(ifp->if_softc == NULL || IFNET_LOCKED(ifp)); -#endif + /* XXX urndis calls usbnet_init_rx_tx before usbnet_attach_ifp. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags |= IFF_RUNNING; /* Start up the receive pipe(s). */ From 8eefbd4b9f6fe9df7a2fcb7b44925419b097c479 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:07:39 +0000 Subject: [PATCH 22/24] usbnet: Omit needless tests in usbnet_tick. It's harmless for us to schedule the tick task even if unp_dying or unp_stopping is set by now, because usbnet_stop will just wait for it to finish anyway, and the callout can't be scheduled again until the interface is done stopping and is brought back up again. No need for unp == NULL test -- un->un_pri is initialized well before this callout can be scheduled, and is nulled out only at the end of usbnet_detach, at which point we have already halted this callout. --- sys/dev/usb/usbnet.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index ca3c8c2a8d84..68be632d2713 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1192,10 +1192,8 @@ usbnet_tick(void *arg) USBNETHIST_CALLARGSN(10, "%jd: enter", unp->unp_number, 0, 0, 0); - if (unp != NULL && !unp->unp_stopping && !unp->unp_dying) { - /* Perform periodic stuff in process context */ - usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); - } + /* Perform periodic stuff in process context */ + usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); } static void From b3004509163da2fe2ddf179bace094f149d7b848 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:54:38 +0000 Subject: [PATCH 23/24] usbnet: Omit needless locking/busying/testing in usbnet_tick_task. usbnet_stop waits for the task to complete before resetting the hardware, and usbnet_detach waits for usbnet_stop to complete before destroying anything, so there's no need for any of this. --- sys/dev/usb/usbnet.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 68be632d2713..480001bb58ea 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1228,22 +1228,10 @@ usbnet_tick_task(void *arg) USBNETHIST_FUNC(); struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); - - mutex_enter(&unp->unp_core_lock); - if (unp->unp_stopping || unp->unp_dying) { - mutex_exit(&unp->unp_core_lock); - return; - } - struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); - KASSERT(ifp != NULL); /* embedded member */ - - usbnet_busy(un); - mutex_exit(&unp->unp_core_lock); + USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_txlock); const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; @@ -1264,7 +1252,6 @@ usbnet_tick_task(void *arg) uno_tick(un); mutex_enter(&unp->unp_core_lock); - usbnet_unbusy(un); if (!unp->unp_stopping && !unp->unp_dying) callout_schedule(&unp->unp_stat_ch, hz); mutex_exit(&unp->unp_core_lock); From 185a957bd60864349142f15e2728163387abce04 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:56:30 +0000 Subject: [PATCH 24/24] WIP: usbnet: Print diagnostic about refcnt stragglers. I don't think there can be any, but this message, if printed, would falsify my hypothesis! --- sys/dev/usb/usbnet.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 480001bb58ea..87128f3c36a6 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1589,6 +1589,10 @@ usbnet_detach(device_t self, int flags) mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; + if (unp->unp_refcnt >= 0) { + aprint_error_dev(un->un_udev, "%d stragglers\n", + unp->unp_refcnt + 1); + } while (unp->unp_refcnt >= 0) { /* Wait for processes to go away */ cv_wait(&unp->unp_detachcv, &unp->unp_core_lock);