From 3ab40f2e1fc4bc488e295bfc61385490ce56754c Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:10:56 +0000 Subject: [PATCH 01/25] usbnet: Simplify usbnet_isdying. usbnet_detach (or its caller) stops all users before it returns. If un->un_pri is null at this point, there's a bug -- something didn't wait for everything to finish before calling usbnet_detach. --- sys/dev/usb/usbnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 1712d2f687f0..39e8aa508a75 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1269,7 +1269,7 @@ usbnet_havelink(struct usbnet *un) bool usbnet_isdying(struct usbnet *un) { - return un->un_pri == NULL || un->un_pri->unp_dying; + return un->un_pri->unp_dying; } From daa4f3a1538bcee332a251f2d09006ebad94ebbf Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:56:01 +0000 Subject: [PATCH 02/25] usbnet: Set and clear IFF_RUNNING slightly earlier and later. - Set IFF_RUNNING before any calls to usbnet_rxeof are possible. - Don't clear IFF_RUNNING until all transfers have been aborted. --- sys/dev/usb/usbnet.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 39e8aa508a75..0ccd30063a17 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -849,9 +849,6 @@ usbnet_init_rx_tx(struct usbnet * const un) goto out; } - /* Start up the receive pipe(s). */ - usbnet_rx_start_pipes(un); - /* Indicate we are up and running. */ #if 0 /* XXX if_mcast_op() can call this without ifnet locked */ @@ -859,6 +856,9 @@ usbnet_init_rx_tx(struct usbnet * const un) #endif ifp->if_flags |= IFF_RUNNING; + /* Start up the receive pipe(s). */ + usbnet_rx_start_pipes(un); + callout_schedule(&unp->unp_stat_ch, hz); out: @@ -1073,14 +1073,6 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ - ifp->if_flags &= ~IFF_RUNNING; unp->unp_timer = 0; callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); @@ -1097,6 +1089,15 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); + /* + * XXXSMP Would like to + * KASSERT(IFNET_LOCKED(ifp)) + * here but the locking order is: + * ifnet -> core_lock -> rxlock -> txlock + * and core_lock is already held. + */ + ifp->if_flags &= ~IFF_RUNNING; + usbnet_unbusy(un); } From 4c97bbcc7721c98a577f9ab21679d91f8a0bbbd3 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:59:10 +0000 Subject: [PATCH 03/25] usbnet: Take IFNET_LOCK around access to if_flags in usbnet_detach. This is not stable without IFNET_LOCK. Extraneous calls to usbnet_stop arising from this race might be harmless, but let's render it unnecessary to even think about that. --- sys/dev/usb/usbnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 0ccd30063a17..b11f9eda8853 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1498,11 +1498,11 @@ usbnet_detach(device_t self, int flags) unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); + IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { - IFNET_LOCK(ifp); usbnet_if_stop(ifp, 1); - IFNET_UNLOCK(ifp); } + IFNET_UNLOCK(ifp); callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, From 5f5d656ff450e17cea8d3ee6f1e50b46eccf44b1 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:01:27 +0000 Subject: [PATCH 04/25] usbnet: Ensure ifp->if_softc is initialized _before_ publishing ifp. Otherwise other parts of the system might start using ifp the moment we if_register it, and trip over null if_softc. --- sys/dev/usb/usbnet.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b11f9eda8853..4a60ebaf72f0 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -79,6 +79,7 @@ struct usbnet_private { bool unp_dying; bool unp_stopping; bool unp_attached; + bool unp_ifp_attached; bool unp_link; int unp_refcnt; @@ -1436,7 +1437,9 @@ usbnet_attach_ifp(struct usbnet *un, struct ifnet * const ifp = usbnet_ifp(un); KASSERT(unp->unp_attached); + KASSERT(!unp->unp_ifp_attached); + ifp->if_softc = un; strlcpy(ifp->if_xname, device_xname(un->un_dev), IFNAMSIZ); ifp->if_flags = if_flags; ifp->if_extflags = IFEF_MPSAFE | if_extflags; @@ -1455,6 +1458,7 @@ usbnet_attach_ifp(struct usbnet *un, if (ifp->_if_input == NULL) ifp->if_percpuq = if_percpuq_create(ifp); if_register(ifp); + unp->unp_ifp_attached = true; /* * If ethernet address is all zero, skip ether_ifattach() and @@ -1472,7 +1476,6 @@ usbnet_attach_ifp(struct usbnet *un, /* Now ready, and attached. */ IFQ_SET_READY(&ifp->if_snd); - ifp->if_softc = un; usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, un->un_udev, un->un_dev); @@ -1526,7 +1529,7 @@ usbnet_detach(device_t self, int flags) mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); ifmedia_fini(&mii->mii_media); } - if (ifp->if_softc) { + if (unp->unp_ifp_attached) { if (!usbnet_empty_eaddr(un)) ether_ifdetach(ifp); else From 8f7c0f8a4af54d27bd33ab42b1093ddee21c0b0d Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:08:03 +0000 Subject: [PATCH 05/25] usbnet: Ensure access to unp_timer is protected by unp_txlock. --- sys/dev/usb/usbnet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 4a60ebaf72f0..b2a3c81694d8 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1074,7 +1074,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); + mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; + mutex_exit(&unp->unp_txlock); callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, @@ -1186,7 +1188,10 @@ usbnet_tick_task(void *arg) usbnet_busy(un); mutex_exit(&unp->unp_core_lock); - if (unp->unp_timer != 0 && --unp->unp_timer == 0) + mutex_enter(&unp->unp_txlock); + const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; + mutex_exit(&unp->unp_txlock); + if (timeout) usbnet_watchdog(ifp); DPRINTFN(8, "mii %#jx ifp %#jx", (uintptr_t)mii, (uintptr_t)ifp, 0, 0); From c73e147664e3e0bdac087529a3881c7a25437851 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:34:52 +0000 Subject: [PATCH 06/25] usbnet: Assert IFNET_LOCKED on if_flags change callbacks. - if_init - if_stop - ethersubr(9) ifflags_cb --- sys/dev/usb/usbnet.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b2a3c81694d8..d50b24836ae1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1005,6 +1005,8 @@ usbnet_ifflags_cb(struct ethercom *ec) struct usbnet_private * const unp = un->un_pri; int rv = 0; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); const u_short changed = ifp->if_flags ^ unp->unp_if_flags; @@ -1110,6 +1112,8 @@ usbnet_if_stop(struct ifnet *ifp, int disable) struct usbnet * const un = ifp->if_softc; struct usbnet_private * const unp = un->un_pri; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); usbnet_stop(un, ifp, disable); mutex_exit(&unp->unp_core_lock); @@ -1219,6 +1223,8 @@ usbnet_if_init(struct ifnet *ifp) USBNETHIST_FUNC(); USBNETHIST_CALLED(); struct usbnet * const un = ifp->if_softc; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + return uno_init(un, ifp); } From fc4cd1594a5b356ee8e43f291b8ae7f36daa4941 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:52:41 +0000 Subject: [PATCH 07/25] usbnet: Assert IFNET_LOCKED in usbnet_init_rx_tx, usbnet_stop. Exception: urndis(4) abuses this API to start this logic before the ifp is actually initialized. So for the sake of urndis(4), until sense can be beaten into it, allow the !unp_ifp_attached case to run without IFNET_LOCK. --- sys/dev/usb/usbnet.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index d50b24836ae1..59784a6db70e 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -150,6 +150,8 @@ fail: static void uno_stop(struct usbnet *un, struct ifnet *ifp, int disable) { + KASSERTMSG(!un->un_pri->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); if (un->un_ops->uno_stop) (*un->un_ops->uno_stop)(ifp, disable); @@ -819,6 +821,9 @@ usbnet_init_rx_tx(struct usbnet * const un) usbd_status err; int error = 0; + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); + usbnet_isowned_core(un); if (unp->unp_dying) { @@ -1064,6 +1069,8 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) USBNETHIST_FUNC(); USBNETHIST_CALLED(); + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); usbnet_busy(un); @@ -1094,13 +1101,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ + /* Everything is quesced now. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags &= ~IFF_RUNNING; usbnet_unbusy(un); From cd826c5bab550a1f6c327da611ef90174b51e5eb Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:50:37 +0000 Subject: [PATCH 08/25] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_rxeof. This can only run after we start the pipes in usbnet_init_rx_tx, and before we close the pipes in usbnet_detach, during which time if_flags & IFF_RUNNING is stably set. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 59784a6db70e..2a319c6d7220 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -336,7 +336,6 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet_chain * const c = priv; struct usbnet * const un = c->unc_un; struct usbnet_private * const unp = un->un_pri; - struct ifnet * const ifp = usbnet_ifp(un); uint32_t total_len; USBNETHIST_CALLARGSN(5, "%jd: enter: status %#jx xfer %#jx", @@ -346,7 +345,7 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) if (unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) + status == USBD_CANCELLED) goto out; if (status != USBD_NORMAL_COMPLETION) { From 75de7920767449799e7749c404b3dfe1a13aa13a Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:52:49 +0000 Subject: [PATCH 09/25] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_pipe_intr. The one user of this interface in tree, aue(4), doesn't care -- if_statinc is safe whether IFF_RUNNING or not. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 2a319c6d7220..7e3c1894d019 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -442,11 +442,10 @@ usbnet_pipe_intr(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet * const un = priv; struct usbnet_private * const unp = un->un_pri; struct usbnet_intr * const uni = un->un_intr; - struct ifnet * const ifp = usbnet_ifp(un); if (uni == NULL || unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) { + status == USBD_CANCELLED) { USBNETHIST_CALLARGS("%jd: uni %#jx d/s %#jx status %#jx", unp->unp_number, (uintptr_t)uni, (unp->unp_dying << 8) | unp->unp_stopping, status); From 36992a7fe0d30f2d9383987babc60b625ea92034 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 12:52:21 +0000 Subject: [PATCH 10/25] usbnet: Omit needless unp == NULL test in usbnet_tick_task. The task is never scheduled until after un->un_pri is initialized, and un->un_pri isn't nulled until after the callout and task are quiescent. --- sys/dev/usb/usbnet.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 7e3c1894d019..aa966eb17f7a 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1174,9 +1174,6 @@ usbnet_tick_task(void *arg) struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - if (unp == NULL) - return; - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_core_lock); From bfc1bbb18a81a9c999755f0a6c6fca5faa0f7d2e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 20:31:02 +0000 Subject: [PATCH 11/25] axen(4), mue(4), smsc(4): Omit irrelevant cases in ioctl. SIOCSIFFLAGS and SIOCSETHERCAP always end up in ether_ioctl_reinit, which triggers the same logic to reprogram the multicast filters anyway. --- sys/dev/usb/if_axen.c | 2 -- sys/dev/usb/if_mue.c | 2 -- sys/dev/usb/if_smsc.c | 2 -- 3 files changed, 6 deletions(-) diff --git a/sys/dev/usb/if_axen.c b/sys/dev/usb/if_axen.c index bf91d56b356d..fe433722d185 100644 --- a/sys/dev/usb/if_axen.c +++ b/sys/dev/usb/if_axen.c @@ -559,8 +559,6 @@ axen_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: axen_setiff_locked(un); diff --git a/sys/dev/usb/if_mue.c b/sys/dev/usb/if_mue.c index 559b9eff2569..16a52e4c6ed4 100644 --- a/sys/dev/usb/if_mue.c +++ b/sys/dev/usb/if_mue.c @@ -1273,8 +1273,6 @@ mue_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: mue_setiff_locked(un); diff --git a/sys/dev/usb/if_smsc.c b/sys/dev/usb/if_smsc.c index 6cf37e507d1c..12eaf3fa3cc6 100644 --- a/sys/dev/usb/if_smsc.c +++ b/sys/dev/usb/if_smsc.c @@ -757,8 +757,6 @@ smsc_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: smsc_setiff_locked(un); From c95f050c147f00256dc847572e813518c0fcb1d1 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:21:10 +0000 Subject: [PATCH 12/25] usbnet: Defer hardware multicast filter updates to USB task. Breaks deadlock: - usbnet_detach holds usbnet lock, awaits kpause in ure_reset - callout holds softclock `lock' (sequential softints, blocks kpause wakeup), awaits softnet_lock in tcp_timer_keep, frag6_fasttimo, &c. - soclose holds softnet_lock, awaits usbnet lock in SIOCDELMULTI With this change, the ethernet layer still maintains the list of multicast addresses synchronously, but we defer the driver logic that updates the hardware multicast filter to an asynchronous USB task without softnet_lock held. This doesn't cause exactly the same ioctl to be sent to the driver -- usbnet just sends SIOCDELMULTI with an all-zero struct ifreq, and might drop some ioctls if issued in quick succession. This is OK because none of the drivers actually distinguish between SIOCADDMULTI and SIOCDELMULTI, or examine the argument; the drivers just commit whatever multicast addresses are listed in the ethercom. While here, fix a bug in usbnet_activate: set unp_stopping while holding the usbnet lock, so we can reliably read it in usbnet_ioctl under the same lock used to schedule the task. --- sys/dev/usb/usbnet.c | 53 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index aa966eb17f7a..fed4886b2184 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -72,6 +72,7 @@ struct usbnet_private { struct ethercom unp_ec; struct mii_data unp_mii; + struct usb_task unp_mcasttask; struct usb_task unp_ticktask; struct callout unp_stat_ch; struct usbd_pipe *unp_ep[USBNET_ENDPT_MAX]; @@ -1041,12 +1042,48 @@ usbnet_if_ioctl(struct ifnet *ifp, u_long cmd, void *data) return uno_override_ioctl(un, ifp, cmd, data); error = ether_ioctl(ifp, cmd, data); - if (error == ENETRESET) - error = uno_ioctl(un, ifp, cmd, data); + if (error == ENETRESET) { + switch (cmd) { + case SIOCADDMULTI: + case SIOCDELMULTI: + mutex_enter(&unp->unp_core_lock); + if (!unp->unp_stopping) { + usb_add_task(un->un_udev, &unp->unp_mcasttask, + USB_TASKQ_DRIVER); + } + mutex_exit(&unp->unp_core_lock); + error = 0; + break; + default: + error = uno_ioctl(un, ifp, cmd, data); + } + } return error; } +static void +usbnet_mcast_task(void *arg) +{ + USBNETHIST_FUNC(); + struct usbnet * const un = arg; + struct ifnet * const ifp = usbnet_ifp(un); + struct ifreq ifr; + + USBNETHIST_CALLARGSN(10, "%jd: enter", + un->un_pri->unp_number, 0, 0, 0); + + /* + * Pass a bogus ifr with SIOCDELMULTI -- the goal is to just + * notify the driver to reprogram any hardware multicast + * filter, according to what's already stored in the ethercom. + * None of the drivers actually examine this argument, so it + * doesn't change the ABI as far as they can tell. + */ + memset(&ifr, 0, sizeof(ifr)); + (void)uno_ioctl(un, ifp, SIOCDELMULTI, &ifr); +} + /* * Generic stop network function: * - mark as stopping @@ -1079,6 +1116,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); + uno_stop(un, ifp, disable); mutex_enter(&unp->unp_txlock); @@ -1384,7 +1424,10 @@ usbnet_attach(struct usbnet *un, un->un_pri = kmem_zalloc(sizeof(*un->un_pri), KM_SLEEP); struct usbnet_private * const unp = un->un_pri; - usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_mcasttask, usbnet_mcast_task, un, + USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, + USB_TASKQ_MPSAFE); callout_init(&unp->unp_stat_ch, CALLOUT_MPSAFE); callout_setfunc(&unp->unp_stat_ch, usbnet_tick, un); @@ -1519,6 +1562,8 @@ usbnet_detach(device_t self, int flags) callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, NULL); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + NULL); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; @@ -1576,13 +1621,13 @@ usbnet_activate(device_t self, devact_t act) mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; - mutex_exit(&unp->unp_core_lock); mutex_enter(&unp->unp_rxlock); mutex_enter(&unp->unp_txlock); unp->unp_stopping = true; mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + mutex_exit(&unp->unp_core_lock); return 0; default: From 2362bc9e9867b6af8c3aea337e31fb9e80fcf0d2 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:52:09 +0000 Subject: [PATCH 13/25] usbnet: Remove usbnet_set_dying. Not necessary for the one caller that did it (url(4)): usbnet_detach handles failed attach just fine without it. --- sys/dev/usb/if_url.c | 8 +------- sys/dev/usb/usbnet.c | 6 ------ sys/dev/usb/usbnet.h | 1 - 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/if_url.c b/sys/dev/usb/if_url.c index 764b9c654682..dbb57bf66ca7 100644 --- a/sys/dev/usb/if_url.c +++ b/sys/dev/usb/if_url.c @@ -256,18 +256,12 @@ url_attach(device_t parent, device_t self, void *aux) usbnet_unlock_core(un); if (err) { aprint_error_dev(self, "read MAC address failed\n"); - goto bad; + return; } /* initialize interface information */ usbnet_attach_ifp(un, IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST, 0, &unm); - - return; - - bad: - usbnet_set_dying(un, true); - return; } /* read/write memory */ diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index fed4886b2184..db31121f33a1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1275,12 +1275,6 @@ usbnet_set_link(struct usbnet *un, bool link) un->un_pri->unp_link = link; } -void -usbnet_set_dying(struct usbnet *un, bool link) -{ - un->un_pri->unp_dying = link; -} - struct ifnet * usbnet_ifp(struct usbnet *un) { diff --git a/sys/dev/usb/usbnet.h b/sys/dev/usb/usbnet.h index 15e9dfc7b351..1faa822887c5 100644 --- a/sys/dev/usb/usbnet.h +++ b/sys/dev/usb/usbnet.h @@ -284,7 +284,6 @@ struct usbnet { /* Various accessors. */ void usbnet_set_link(struct usbnet *, bool); -void usbnet_set_dying(struct usbnet *, bool); struct ifnet *usbnet_ifp(struct usbnet *); struct ethercom *usbnet_ec(struct usbnet *); From 170a19bdc9d14ff3aee895ff7f44f9a8766432e6 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:17:06 +0000 Subject: [PATCH 14/25] usbnet: Fix ordering of actions in usbnet_stop. Make sure all software activity is quiescent (callouts and tasks, including ifmedia and mii callbacks -- anything that might trigger register access) before asking the driver to stop the hardware. This way, the driver uno_stop routine is guaranteed exclusive access to the registers. This will also enable us to simplify the callouts and tasks so they don't have to check the software state -- to be done in a separate commit. --- sys/dev/usb/usbnet.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index db31121f33a1..f7dc2435ce31 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1116,19 +1116,31 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + /* + * Stop the timer first, then the task -- if the timer was + * already firing, we stop the task or wait for it complete + * only after if last fired. Setting unp_stopping prevents the + * timer and multicast task from being scheduled again. + */ + callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); + usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, &unp->unp_core_lock); + /* + * Now that the software is quiescent, ask the driver to stop + * the hardware. The driver's uno_stop routine now has + * exclusive access to any registers that might previously have + * been used by to ifmedia, mii, or ioctl callbacks. + */ uno_stop(un, ifp, disable); + /* Clear the watchdog timer. */ mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; mutex_exit(&unp->unp_txlock); - callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - &unp->unp_core_lock); - /* Stop transfers. */ usbnet_ep_stop_pipes(un); From 2ab61212fbe119ee597fcca274cb275ad78139c4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:22:46 +0000 Subject: [PATCH 15/25] usbnet: Assert IFNET_LOCKED in usbnet_media_upd. This ensures, if the device is being initialized or stopped, usbnet_media_upd will not run until it's done, so the reset sequence has exclusive access to the device registers used by mii. --- sys/dev/usb/usbnet.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index f7dc2435ce31..e07e48485b2f 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -983,6 +983,9 @@ usbnet_media_upd(struct ifnet *ifp) /* ifmedia layer ensures core_lock is held. */ usbnet_isowned_core(un); + /* ifmedia changes only with IFNET_LOCK held. */ + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + if (unp->unp_dying) return EIO; From 4967e136a5e88ea8da9d75d6123d3f40f47bb645 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:29:16 +0000 Subject: [PATCH 16/25] usbnet: Set unp_dying under IFNET_LOCK. Refuse to bring the interface back up, which happens under IFNET_LOCK, if it's dying. This ensures new activity on the interface can't happen by the time we stop existing activity and wait for it to complete. --- sys/dev/usb/usbnet.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index e07e48485b2f..f77b35860ce8 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1278,6 +1278,13 @@ usbnet_if_init(struct ifnet *ifp) KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + /* + * Prevent anyone from bringing the interface back up once + * we're detaching. + */ + if (un->un_pri->unp_dying) + return EIO; + return uno_init(un, ifp); } @@ -1558,11 +1565,15 @@ usbnet_detach(device_t self, int flags) struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); + /* + * Prevent new activity. If we're still running on the + * network, stop and wait for all asynchronous activity to + * finish. + */ + IFNET_LOCK(ifp); mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); - - IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { usbnet_if_stop(ifp, 1); } From f618ddfd44bb661a70e54595e38fe1ec8909c38f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:32:42 +0000 Subject: [PATCH 17/25] usbnet: Omit needless callout_halt and usb_rem_task_wait. The callout and tasks cannot be pending at this point -- it is a bug if usbnet_if_stop failed to quiesce everything, so turn these into KASSERTs. --- sys/dev/usb/usbnet.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index f77b35860ce8..133a68c9dfd1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1579,11 +1579,13 @@ usbnet_detach(device_t self, int flags) } IFNET_UNLOCK(ifp); - callout_halt(&unp->unp_stat_ch, NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, - NULL); + /* + * The callout and tasks can't be scheduled anew at this point, + * and usbnet_if_stop has waited for them to complete. + */ + KASSERT(!callout_pending(&unp->unp_stat_ch)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; From 5577caf24afc2e2fe9f7060a4036240b48e44791 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:47:10 +0000 Subject: [PATCH 18/25] usbnet: Detach interface and mii before waiting for refcnt to drain. All outstanding software activity under usbnet's control -- which is all that participates in the refcnting -- should be quiesced by stopping and detaching everything. --- sys/dev/usb/usbnet.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 133a68c9dfd1..89f77b79b021 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1587,6 +1587,19 @@ usbnet_detach(device_t self, int flags) KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); + if (mii) { + mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); + ifmedia_fini(&mii->mii_media); + } + if (unp->unp_ifp_attached) { + if (!usbnet_empty_eaddr(un)) + ether_ifdetach(ifp); + else + bpf_detach(ifp); + if_detach(ifp); + } + usbnet_ec(un)->ec_mii = NULL; + mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; while (unp->unp_refcnt >= 0) { @@ -1601,19 +1614,6 @@ usbnet_detach(device_t self, int flags) callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); - if (mii) { - mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); - ifmedia_fini(&mii->mii_media); - } - if (unp->unp_ifp_attached) { - if (!usbnet_empty_eaddr(un)) - ether_ifdetach(ifp); - else - bpf_detach(ifp); - if_detach(ifp); - } - usbnet_ec(un)->ec_mii = NULL; - cv_destroy(&unp->unp_detachcv); mutex_destroy(&unp->unp_core_lock); mutex_destroy(&unp->unp_rxlock); From 3b3691ccde356b31eb68f7f3afde259bf79d0ba5 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:49:56 +0000 Subject: [PATCH 19/25] usbnet: Make detach order reverse attach order, for unp_stat_ch. No functional change intended. --- sys/dev/usb/usbnet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 89f77b79b021..436d834cfc09 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1611,7 +1611,6 @@ usbnet_detach(device_t self, int flags) usbnet_rx_list_free(un); usbnet_tx_list_free(un); - callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); cv_destroy(&unp->unp_detachcv); @@ -1619,6 +1618,8 @@ usbnet_detach(device_t self, int flags) mutex_destroy(&unp->unp_rxlock); mutex_destroy(&unp->unp_txlock); + callout_destroy(&unp->unp_stat_ch); + pmf_device_deregister(un->un_dev); usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); From 5c8cbe8e3f16431f8e9274b118c4a75fb2aa4b8b Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:32 +0000 Subject: [PATCH 20/25] usbnet: Don't issue a detach event if we never issued an attach one. --- sys/dev/usb/usbnet.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 436d834cfc09..3d042068a9fd 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1622,7 +1622,14 @@ usbnet_detach(device_t self, int flags) pmf_device_deregister(un->un_dev); - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); + /* + * Notify userland that we're going away, if we arrived in the + * first place. + */ + if (unp->unp_ifp_attached) { + usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, + un->un_dev); + } kmem_free(unp, sizeof(*unp)); un->un_pri = NULL; From d298de0eb5b0d20cac272feef697ab56c244ef03 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:59 +0000 Subject: [PATCH 21/25] usbnet: Uncomment and fix assertion for ifp->if_flags |= IFF_RUNNING. We always hold IFNET_LOCK for ioctls that end up here -- the ones that don't hold it are only SIOCADDMULTI/SIOCDELMULTI, which don't end up here. However, urndis(4) throws a spanner in the works by doing weird device initialization. --- sys/dev/usb/usbnet.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 3d042068a9fd..db87927ccd15 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -855,10 +855,9 @@ usbnet_init_rx_tx(struct usbnet * const un) } /* Indicate we are up and running. */ -#if 0 - /* XXX if_mcast_op() can call this without ifnet locked */ - KASSERT(ifp->if_softc == NULL || IFNET_LOCKED(ifp)); -#endif + /* XXX urndis calls usbnet_init_rx_tx before usbnet_attach_ifp. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags |= IFF_RUNNING; /* Start up the receive pipe(s). */ From 5fae4e7f49a31990e483a67ae1502936d402c0b7 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:07:39 +0000 Subject: [PATCH 22/25] usbnet: Omit needless tests in usbnet_tick. It's harmless for us to schedule the tick task even if unp_dying or unp_stopping is set by now, because usbnet_stop will just wait for it to finish anyway, and the callout can't be scheduled again until the interface is done stopping and is brought back up again. No need for unp == NULL test -- un->un_pri is initialized well before this callout can be scheduled, and is nulled out only at the end of usbnet_detach, at which point we have already halted this callout. --- sys/dev/usb/usbnet.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index db87927ccd15..bed4dff3a1b8 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1189,10 +1189,8 @@ usbnet_tick(void *arg) USBNETHIST_CALLARGSN(10, "%jd: enter", unp->unp_number, 0, 0, 0); - if (unp != NULL && !unp->unp_stopping && !unp->unp_dying) { - /* Perform periodic stuff in process context */ - usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); - } + /* Perform periodic stuff in process context */ + usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); } static void From 520ac5476eeb2fb99113f3a19543f779b76473e5 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:54:38 +0000 Subject: [PATCH 23/25] usbnet: Omit needless locking/busying/testing in usbnet_tick_task. usbnet_stop waits for the task to complete before resetting the hardware, and usbnet_detach waits for usbnet_stop to complete before destroying anything, so there's no need for any of this. --- sys/dev/usb/usbnet.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index bed4dff3a1b8..5866b3db787c 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1225,22 +1225,10 @@ usbnet_tick_task(void *arg) USBNETHIST_FUNC(); struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); - - mutex_enter(&unp->unp_core_lock); - if (unp->unp_stopping || unp->unp_dying) { - mutex_exit(&unp->unp_core_lock); - return; - } - struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); - KASSERT(ifp != NULL); /* embedded member */ - - usbnet_busy(un); - mutex_exit(&unp->unp_core_lock); + USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_txlock); const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; @@ -1261,7 +1249,6 @@ usbnet_tick_task(void *arg) uno_tick(un); mutex_enter(&unp->unp_core_lock); - usbnet_unbusy(un); if (!unp->unp_stopping && !unp->unp_dying) callout_schedule(&unp->unp_stat_ch, hz); mutex_exit(&unp->unp_core_lock); From 0ff341b1793c3b5e64d03b22ddfba3fa5c7c3f66 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 10:06:50 +0000 Subject: [PATCH 24/25] usbnet: Clear watchdog timer before stopping hardware. No need to take the lock again -- which might not be necessary because the callout and task have completed, but let's obviate the need to think about that. --- sys/dev/usb/usbnet.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 5866b3db787c..98ce2eb6d130 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1112,9 +1112,14 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) usbnet_busy(un); + /* + * Prevent new activity (rescheduling ticks, xfers, &c.) and + * clear the watchdog timer. + */ mutex_enter(&unp->unp_rxlock); mutex_enter(&unp->unp_txlock); unp->unp_stopping = true; + unp->unp_timer = 0; mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); @@ -1138,11 +1143,6 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) */ uno_stop(un, ifp, disable); - /* Clear the watchdog timer. */ - mutex_enter(&unp->unp_txlock); - unp->unp_timer = 0; - mutex_exit(&unp->unp_txlock); - /* Stop transfers. */ usbnet_ep_stop_pipes(un); From 0ed7f354be1b07d299d4010356e0f21e502e19ac Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:56:30 +0000 Subject: [PATCH 25/25] WIP: usbnet: Print diagnostic about refcnt stragglers. I don't think there can be any, but this message, if printed, would falsify my hypothesis! --- sys/dev/usb/usbnet.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 98ce2eb6d130..5338b4e3d430 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1586,6 +1586,10 @@ usbnet_detach(device_t self, int flags) mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; + if (unp->unp_refcnt >= 0) { + aprint_error_dev(un->un_dev, "%d stragglers\n", + unp->unp_refcnt + 1); + } while (unp->unp_refcnt >= 0) { /* Wait for processes to go away */ cv_wait(&unp->unp_detachcv, &unp->unp_core_lock);