From 3ab40f2e1fc4bc488e295bfc61385490ce56754c Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:10:56 +0000 Subject: [PATCH 01/25] usbnet: Simplify usbnet_isdying. usbnet_detach (or its caller) stops all users before it returns. If un->un_pri is null at this point, there's a bug -- something didn't wait for everything to finish before calling usbnet_detach. --- sys/dev/usb/usbnet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 1712d2f687f0..39e8aa508a75 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1269,7 +1269,7 @@ usbnet_havelink(struct usbnet *un) bool usbnet_isdying(struct usbnet *un) { - return un->un_pri == NULL || un->un_pri->unp_dying; + return un->un_pri->unp_dying; } From daa4f3a1538bcee332a251f2d09006ebad94ebbf Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:56:01 +0000 Subject: [PATCH 02/25] usbnet: Set and clear IFF_RUNNING slightly earlier and later. - Set IFF_RUNNING before any calls to usbnet_rxeof are possible. - Don't clear IFF_RUNNING until all transfers have been aborted. --- sys/dev/usb/usbnet.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 39e8aa508a75..0ccd30063a17 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -849,9 +849,6 @@ usbnet_init_rx_tx(struct usbnet * const un) goto out; } - /* Start up the receive pipe(s). */ - usbnet_rx_start_pipes(un); - /* Indicate we are up and running. */ #if 0 /* XXX if_mcast_op() can call this without ifnet locked */ @@ -859,6 +856,9 @@ usbnet_init_rx_tx(struct usbnet * const un) #endif ifp->if_flags |= IFF_RUNNING; + /* Start up the receive pipe(s). */ + usbnet_rx_start_pipes(un); + callout_schedule(&unp->unp_stat_ch, hz); out: @@ -1073,14 +1073,6 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ - ifp->if_flags &= ~IFF_RUNNING; unp->unp_timer = 0; callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); @@ -1097,6 +1089,15 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); + /* + * XXXSMP Would like to + * KASSERT(IFNET_LOCKED(ifp)) + * here but the locking order is: + * ifnet -> core_lock -> rxlock -> txlock + * and core_lock is already held. + */ + ifp->if_flags &= ~IFF_RUNNING; + usbnet_unbusy(un); } From 4c97bbcc7721c98a577f9ab21679d91f8a0bbbd3 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:59:10 +0000 Subject: [PATCH 03/25] usbnet: Take IFNET_LOCK around access to if_flags in usbnet_detach. This is not stable without IFNET_LOCK. Extraneous calls to usbnet_stop arising from this race might be harmless, but let's render it unnecessary to even think about that. --- sys/dev/usb/usbnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 0ccd30063a17..b11f9eda8853 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1498,11 +1498,11 @@ usbnet_detach(device_t self, int flags) unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); + IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { - IFNET_LOCK(ifp); usbnet_if_stop(ifp, 1); - IFNET_UNLOCK(ifp); } + IFNET_UNLOCK(ifp); callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, From 5f5d656ff450e17cea8d3ee6f1e50b46eccf44b1 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:01:27 +0000 Subject: [PATCH 04/25] usbnet: Ensure ifp->if_softc is initialized _before_ publishing ifp. Otherwise other parts of the system might start using ifp the moment we if_register it, and trip over null if_softc. --- sys/dev/usb/usbnet.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b11f9eda8853..4a60ebaf72f0 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -79,6 +79,7 @@ struct usbnet_private { bool unp_dying; bool unp_stopping; bool unp_attached; + bool unp_ifp_attached; bool unp_link; int unp_refcnt; @@ -1436,7 +1437,9 @@ usbnet_attach_ifp(struct usbnet *un, struct ifnet * const ifp = usbnet_ifp(un); KASSERT(unp->unp_attached); + KASSERT(!unp->unp_ifp_attached); + ifp->if_softc = un; strlcpy(ifp->if_xname, device_xname(un->un_dev), IFNAMSIZ); ifp->if_flags = if_flags; ifp->if_extflags = IFEF_MPSAFE | if_extflags; @@ -1455,6 +1458,7 @@ usbnet_attach_ifp(struct usbnet *un, if (ifp->_if_input == NULL) ifp->if_percpuq = if_percpuq_create(ifp); if_register(ifp); + unp->unp_ifp_attached = true; /* * If ethernet address is all zero, skip ether_ifattach() and @@ -1472,7 +1476,6 @@ usbnet_attach_ifp(struct usbnet *un, /* Now ready, and attached. */ IFQ_SET_READY(&ifp->if_snd); - ifp->if_softc = un; usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, un->un_udev, un->un_dev); @@ -1526,7 +1529,7 @@ usbnet_detach(device_t self, int flags) mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); ifmedia_fini(&mii->mii_media); } - if (ifp->if_softc) { + if (unp->unp_ifp_attached) { if (!usbnet_empty_eaddr(un)) ether_ifdetach(ifp); else From 8f7c0f8a4af54d27bd33ab42b1093ddee21c0b0d Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:08:03 +0000 Subject: [PATCH 05/25] usbnet: Ensure access to unp_timer is protected by unp_txlock. --- sys/dev/usb/usbnet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 4a60ebaf72f0..b2a3c81694d8 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1074,7 +1074,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) uno_stop(un, ifp, disable); + mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; + mutex_exit(&unp->unp_txlock); callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, @@ -1186,7 +1188,10 @@ usbnet_tick_task(void *arg) usbnet_busy(un); mutex_exit(&unp->unp_core_lock); - if (unp->unp_timer != 0 && --unp->unp_timer == 0) + mutex_enter(&unp->unp_txlock); + const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; + mutex_exit(&unp->unp_txlock); + if (timeout) usbnet_watchdog(ifp); DPRINTFN(8, "mii %#jx ifp %#jx", (uintptr_t)mii, (uintptr_t)ifp, 0, 0); From c73e147664e3e0bdac087529a3881c7a25437851 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:34:52 +0000 Subject: [PATCH 06/25] usbnet: Assert IFNET_LOCKED on if_flags change callbacks. - if_init - if_stop - ethersubr(9) ifflags_cb --- sys/dev/usb/usbnet.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index b2a3c81694d8..d50b24836ae1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1005,6 +1005,8 @@ usbnet_ifflags_cb(struct ethercom *ec) struct usbnet_private * const unp = un->un_pri; int rv = 0; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); const u_short changed = ifp->if_flags ^ unp->unp_if_flags; @@ -1110,6 +1112,8 @@ usbnet_if_stop(struct ifnet *ifp, int disable) struct usbnet * const un = ifp->if_softc; struct usbnet_private * const unp = un->un_pri; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + mutex_enter(&unp->unp_core_lock); usbnet_stop(un, ifp, disable); mutex_exit(&unp->unp_core_lock); @@ -1219,6 +1223,8 @@ usbnet_if_init(struct ifnet *ifp) USBNETHIST_FUNC(); USBNETHIST_CALLED(); struct usbnet * const un = ifp->if_softc; + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + return uno_init(un, ifp); } From fc4cd1594a5b356ee8e43f291b8ae7f36daa4941 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 23:52:41 +0000 Subject: [PATCH 07/25] usbnet: Assert IFNET_LOCKED in usbnet_init_rx_tx, usbnet_stop. Exception: urndis(4) abuses this API to start this logic before the ifp is actually initialized. So for the sake of urndis(4), until sense can be beaten into it, allow the !unp_ifp_attached case to run without IFNET_LOCK. --- sys/dev/usb/usbnet.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index d50b24836ae1..59784a6db70e 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -150,6 +150,8 @@ fail: static void uno_stop(struct usbnet *un, struct ifnet *ifp, int disable) { + KASSERTMSG(!un->un_pri->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); if (un->un_ops->uno_stop) (*un->un_ops->uno_stop)(ifp, disable); @@ -819,6 +821,9 @@ usbnet_init_rx_tx(struct usbnet * const un) usbd_status err; int error = 0; + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); + usbnet_isowned_core(un); if (unp->unp_dying) { @@ -1064,6 +1069,8 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) USBNETHIST_FUNC(); USBNETHIST_CALLED(); + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); usbnet_isowned_core(un); usbnet_busy(un); @@ -1094,13 +1101,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) /* Close pipes. */ usbnet_ep_close_pipes(un); - /* - * XXXSMP Would like to - * KASSERT(IFNET_LOCKED(ifp)) - * here but the locking order is: - * ifnet -> core_lock -> rxlock -> txlock - * and core_lock is already held. - */ + /* Everything is quesced now. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags &= ~IFF_RUNNING; usbnet_unbusy(un); From cd826c5bab550a1f6c327da611ef90174b51e5eb Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:50:37 +0000 Subject: [PATCH 08/25] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_rxeof. This can only run after we start the pipes in usbnet_init_rx_tx, and before we close the pipes in usbnet_detach, during which time if_flags & IFF_RUNNING is stably set. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 59784a6db70e..2a319c6d7220 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -336,7 +336,6 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet_chain * const c = priv; struct usbnet * const un = c->unc_un; struct usbnet_private * const unp = un->un_pri; - struct ifnet * const ifp = usbnet_ifp(un); uint32_t total_len; USBNETHIST_CALLARGSN(5, "%jd: enter: status %#jx xfer %#jx", @@ -346,7 +345,7 @@ usbnet_rxeof(struct usbd_xfer *xfer, void *priv, usbd_status status) if (unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) + status == USBD_CANCELLED) goto out; if (status != USBD_NORMAL_COMPLETION) { From 75de7920767449799e7749c404b3dfe1a13aa13a Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:52:49 +0000 Subject: [PATCH 09/25] usbnet: Don't check if_flags for IFF_RUNNING in usbnet_pipe_intr. The one user of this interface in tree, aue(4), doesn't care -- if_statinc is safe whether IFF_RUNNING or not. --- sys/dev/usb/usbnet.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 2a319c6d7220..7e3c1894d019 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -442,11 +442,10 @@ usbnet_pipe_intr(struct usbd_xfer *xfer, void *priv, usbd_status status) struct usbnet * const un = priv; struct usbnet_private * const unp = un->un_pri; struct usbnet_intr * const uni = un->un_intr; - struct ifnet * const ifp = usbnet_ifp(un); if (uni == NULL || unp->unp_dying || unp->unp_stopping || status == USBD_INVAL || status == USBD_NOT_STARTED || - status == USBD_CANCELLED || !(ifp->if_flags & IFF_RUNNING)) { + status == USBD_CANCELLED) { USBNETHIST_CALLARGS("%jd: uni %#jx d/s %#jx status %#jx", unp->unp_number, (uintptr_t)uni, (unp->unp_dying << 8) | unp->unp_stopping, status); From 36992a7fe0d30f2d9383987babc60b625ea92034 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 12:52:21 +0000 Subject: [PATCH 10/25] usbnet: Omit needless unp == NULL test in usbnet_tick_task. The task is never scheduled until after un->un_pri is initialized, and un->un_pri isn't nulled until after the callout and task are quiescent. --- sys/dev/usb/usbnet.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 7e3c1894d019..aa966eb17f7a 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1174,9 +1174,6 @@ usbnet_tick_task(void *arg) struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - if (unp == NULL) - return; - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_core_lock); From bfc1bbb18a81a9c999755f0a6c6fca5faa0f7d2e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sat, 25 Dec 2021 20:31:02 +0000 Subject: [PATCH 11/25] axen(4), mue(4), smsc(4): Omit irrelevant cases in ioctl. SIOCSIFFLAGS and SIOCSETHERCAP always end up in ether_ioctl_reinit, which triggers the same logic to reprogram the multicast filters anyway. --- sys/dev/usb/if_axen.c | 2 -- sys/dev/usb/if_mue.c | 2 -- sys/dev/usb/if_smsc.c | 2 -- 3 files changed, 6 deletions(-) diff --git a/sys/dev/usb/if_axen.c b/sys/dev/usb/if_axen.c index bf91d56b356d..fe433722d185 100644 --- a/sys/dev/usb/if_axen.c +++ b/sys/dev/usb/if_axen.c @@ -559,8 +559,6 @@ axen_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: axen_setiff_locked(un); diff --git a/sys/dev/usb/if_mue.c b/sys/dev/usb/if_mue.c index 559b9eff2569..16a52e4c6ed4 100644 --- a/sys/dev/usb/if_mue.c +++ b/sys/dev/usb/if_mue.c @@ -1273,8 +1273,6 @@ mue_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: mue_setiff_locked(un); diff --git a/sys/dev/usb/if_smsc.c b/sys/dev/usb/if_smsc.c index 6cf37e507d1c..12eaf3fa3cc6 100644 --- a/sys/dev/usb/if_smsc.c +++ b/sys/dev/usb/if_smsc.c @@ -757,8 +757,6 @@ smsc_uno_ioctl(struct ifnet *ifp, u_long cmd, void *data) usbnet_busy(un); switch (cmd) { - case SIOCSIFFLAGS: - case SIOCSETHERCAP: case SIOCADDMULTI: case SIOCDELMULTI: smsc_setiff_locked(un); From c95f050c147f00256dc847572e813518c0fcb1d1 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:21:10 +0000 Subject: [PATCH 12/25] usbnet: Defer hardware multicast filter updates to USB task. Breaks deadlock: - usbnet_detach holds usbnet lock, awaits kpause in ure_reset - callout holds softclock `lock' (sequential softints, blocks kpause wakeup), awaits softnet_lock in tcp_timer_keep, frag6_fasttimo, &c. - soclose holds softnet_lock, awaits usbnet lock in SIOCDELMULTI With this change, the ethernet layer still maintains the list of multicast addresses synchronously, but we defer the driver logic that updates the hardware multicast filter to an asynchronous USB task without softnet_lock held. This doesn't cause exactly the same ioctl to be sent to the driver -- usbnet just sends SIOCDELMULTI with an all-zero struct ifreq, and might drop some ioctls if issued in quick succession. This is OK because none of the drivers actually distinguish between SIOCADDMULTI and SIOCDELMULTI, or examine the argument; the drivers just commit whatever multicast addresses are listed in the ethercom. While here, fix a bug in usbnet_activate: set unp_stopping while holding the usbnet lock, so we can reliably read it in usbnet_ioctl under the same lock used to schedule the task. --- sys/dev/usb/usbnet.c | 53 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index aa966eb17f7a..fed4886b2184 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -72,6 +72,7 @@ struct usbnet_private { struct ethercom unp_ec; struct mii_data unp_mii; + struct usb_task unp_mcasttask; struct usb_task unp_ticktask; struct callout unp_stat_ch; struct usbd_pipe *unp_ep[USBNET_ENDPT_MAX]; @@ -1041,12 +1042,48 @@ usbnet_if_ioctl(struct ifnet *ifp, u_long cmd, void *data) return uno_override_ioctl(un, ifp, cmd, data); error = ether_ioctl(ifp, cmd, data); - if (error == ENETRESET) - error = uno_ioctl(un, ifp, cmd, data); + if (error == ENETRESET) { + switch (cmd) { + case SIOCADDMULTI: + case SIOCDELMULTI: + mutex_enter(&unp->unp_core_lock); + if (!unp->unp_stopping) { + usb_add_task(un->un_udev, &unp->unp_mcasttask, + USB_TASKQ_DRIVER); + } + mutex_exit(&unp->unp_core_lock); + error = 0; + break; + default: + error = uno_ioctl(un, ifp, cmd, data); + } + } return error; } +static void +usbnet_mcast_task(void *arg) +{ + USBNETHIST_FUNC(); + struct usbnet * const un = arg; + struct ifnet * const ifp = usbnet_ifp(un); + struct ifreq ifr; + + USBNETHIST_CALLARGSN(10, "%jd: enter", + un->un_pri->unp_number, 0, 0, 0); + + /* + * Pass a bogus ifr with SIOCDELMULTI -- the goal is to just + * notify the driver to reprogram any hardware multicast + * filter, according to what's already stored in the ethercom. + * None of the drivers actually examine this argument, so it + * doesn't change the ABI as far as they can tell. + */ + memset(&ifr, 0, sizeof(ifr)); + (void)uno_ioctl(un, ifp, SIOCDELMULTI, &ifr); +} + /* * Generic stop network function: * - mark as stopping @@ -1079,6 +1116,9 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); + uno_stop(un, ifp, disable); mutex_enter(&unp->unp_txlock); @@ -1384,7 +1424,10 @@ usbnet_attach(struct usbnet *un, un->un_pri = kmem_zalloc(sizeof(*un->un_pri), KM_SLEEP); struct usbnet_private * const unp = un->un_pri; - usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_mcasttask, usbnet_mcast_task, un, + USB_TASKQ_MPSAFE); + usb_init_task(&unp->unp_ticktask, usbnet_tick_task, un, + USB_TASKQ_MPSAFE); callout_init(&unp->unp_stat_ch, CALLOUT_MPSAFE); callout_setfunc(&unp->unp_stat_ch, usbnet_tick, un); @@ -1519,6 +1562,8 @@ usbnet_detach(device_t self, int flags) callout_halt(&unp->unp_stat_ch, NULL); usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, NULL); + usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, + NULL); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; @@ -1576,13 +1621,13 @@ usbnet_activate(device_t self, devact_t act) mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; - mutex_exit(&unp->unp_core_lock); mutex_enter(&unp->unp_rxlock); mutex_enter(&unp->unp_txlock); unp->unp_stopping = true; mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + mutex_exit(&unp->unp_core_lock); return 0; default: From 2362bc9e9867b6af8c3aea337e31fb9e80fcf0d2 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 00:52:09 +0000 Subject: [PATCH 13/25] usbnet: Remove usbnet_set_dying. Not necessary for the one caller that did it (url(4)): usbnet_detach handles failed attach just fine without it. --- sys/dev/usb/if_url.c | 8 +------- sys/dev/usb/usbnet.c | 6 ------ sys/dev/usb/usbnet.h | 1 - 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/if_url.c b/sys/dev/usb/if_url.c index 764b9c654682..dbb57bf66ca7 100644 --- a/sys/dev/usb/if_url.c +++ b/sys/dev/usb/if_url.c @@ -256,18 +256,12 @@ url_attach(device_t parent, device_t self, void *aux) usbnet_unlock_core(un); if (err) { aprint_error_dev(self, "read MAC address failed\n"); - goto bad; + return; } /* initialize interface information */ usbnet_attach_ifp(un, IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST, 0, &unm); - - return; - - bad: - usbnet_set_dying(un, true); - return; } /* read/write memory */ diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index fed4886b2184..db31121f33a1 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1275,12 +1275,6 @@ usbnet_set_link(struct usbnet *un, bool link) un->un_pri->unp_link = link; } -void -usbnet_set_dying(struct usbnet *un, bool link) -{ - un->un_pri->unp_dying = link; -} - struct ifnet * usbnet_ifp(struct usbnet *un) { diff --git a/sys/dev/usb/usbnet.h b/sys/dev/usb/usbnet.h index 15e9dfc7b351..1faa822887c5 100644 --- a/sys/dev/usb/usbnet.h +++ b/sys/dev/usb/usbnet.h @@ -284,7 +284,6 @@ struct usbnet { /* Various accessors. */ void usbnet_set_link(struct usbnet *, bool); -void usbnet_set_dying(struct usbnet *, bool); struct ifnet *usbnet_ifp(struct usbnet *); struct ethercom *usbnet_ec(struct usbnet *); From 170a19bdc9d14ff3aee895ff7f44f9a8766432e6 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:17:06 +0000 Subject: [PATCH 14/25] usbnet: Fix ordering of actions in usbnet_stop. Make sure all software activity is quiescent (callouts and tasks, including ifmedia and mii callbacks -- anything that might trigger register access) before asking the driver to stop the hardware. This way, the driver uno_stop routine is guaranteed exclusive access to the registers. This will also enable us to simplify the callouts and tasks so they don't have to check the software state -- to be done in a separate commit. --- sys/dev/usb/usbnet.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index db31121f33a1..f7dc2435ce31 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1116,19 +1116,31 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); + /* + * Stop the timer first, then the task -- if the timer was + * already firing, we stop the task or wait for it complete + * only after if last fired. Setting unp_stopping prevents the + * timer and multicast task from being scheduled again. + */ + callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); + usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, + &unp->unp_core_lock); usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, &unp->unp_core_lock); + /* + * Now that the software is quiescent, ask the driver to stop + * the hardware. The driver's uno_stop routine now has + * exclusive access to any registers that might previously have + * been used by to ifmedia, mii, or ioctl callbacks. + */ uno_stop(un, ifp, disable); + /* Clear the watchdog timer. */ mutex_enter(&unp->unp_txlock); unp->unp_timer = 0; mutex_exit(&unp->unp_txlock); - callout_halt(&unp->unp_stat_ch, &unp->unp_core_lock); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - &unp->unp_core_lock); - /* Stop transfers. */ usbnet_ep_stop_pipes(un); From 2ab61212fbe119ee597fcca274cb275ad78139c4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:22:46 +0000 Subject: [PATCH 15/25] usbnet: Assert IFNET_LOCKED in usbnet_media_upd. This ensures, if the device is being initialized or stopped, usbnet_media_upd will not run until it's done, so the reset sequence has exclusive access to the device registers used by mii. --- sys/dev/usb/usbnet.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index f7dc2435ce31..e07e48485b2f 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -983,6 +983,9 @@ usbnet_media_upd(struct ifnet *ifp) /* ifmedia layer ensures core_lock is held. */ usbnet_isowned_core(un); + /* ifmedia changes only with IFNET_LOCK held. */ + KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + if (unp->unp_dying) return EIO; From 05d2045e1b73a79865359a7797fe8535cc1f1467 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:29:16 +0000 Subject: [PATCH 16/25] usbnet: Set unp_dying under IFNET_LOCK. Refuse to bring the interface back up, which happens under IFNET_LOCK, if it's dying. This ensures new activity on the interface can't happen by the time we stop existing activity and wait for it to complete. --- sys/dev/usb/usbnet.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index e07e48485b2f..6483c93d22a7 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1278,6 +1278,13 @@ usbnet_if_init(struct ifnet *ifp) KASSERTMSG(IFNET_LOCKED(ifp), "%s", ifp->if_xname); + /* + * Prevent anyone from bringing the interface back up once + * we're detaching. + */ + if (un->un_priv->unp_dying) + return EIO; + return uno_init(un, ifp); } @@ -1558,11 +1565,15 @@ usbnet_detach(device_t self, int flags) struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); + /* + * Prevent new activity. If we're still running on the + * network, stop and wait for all asynchronous activity to + * finish. + */ + IFNET_LOCK(ifp); mutex_enter(&unp->unp_core_lock); unp->unp_dying = true; mutex_exit(&unp->unp_core_lock); - - IFNET_LOCK(ifp); if (ifp->if_flags & IFF_RUNNING) { usbnet_if_stop(ifp, 1); } From 96cb07949edfb64417d2db8ddde6d5b4449e7e0e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:32:42 +0000 Subject: [PATCH 17/25] usbnet: Omit needless callout_halt and usb_rem_task_wait. The callout and tasks cannot be pending at this point -- it is a bug if usbnet_if_stop failed to quiesce everything, so turn these into KASSERTs. --- sys/dev/usb/usbnet.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 6483c93d22a7..d50ffeeea788 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1579,11 +1579,13 @@ usbnet_detach(device_t self, int flags) } IFNET_UNLOCK(ifp); - callout_halt(&unp->unp_stat_ch, NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER, - NULL); - usb_rem_task_wait(un->un_udev, &unp->unp_mcasttask, USB_TASKQ_DRIVER, - NULL); + /* + * The callout and tasks can't be scheduled anew at this point, + * and usbnet_if_stop has waited for them to complete. + */ + KASSERT(!callout_pending(&unp->unp_stat_ch)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); + KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; From ed63e2c3cbed52b19acc4a71ad8340e386df9b7b Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:47:10 +0000 Subject: [PATCH 18/25] usbnet: Detach interface and mii before waiting for refcnt to drain. All outstanding software activity under usbnet's control -- which is all that participates in the refcnting -- should be quiesced by stopping and detaching everything. --- sys/dev/usb/usbnet.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index d50ffeeea788..eb294608eff6 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1587,6 +1587,19 @@ usbnet_detach(device_t self, int flags) KASSERT(!usb_task_pending(un->un_udev, &unp->unp_ticktask)); KASSERT(!usb_task_pending(un->un_udev, &unp->unp_mcasttask)); + if (mii) { + mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); + ifmedia_fini(&mii->mii_media); + } + if (unp->unp_ifp_attached) { + if (!usbnet_empty_eaddr(un)) + ether_ifdetach(ifp); + else + bpf_detach(ifp); + if_detach(ifp); + } + usbnet_ec(un)->ec_mii = NULL; + mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; while (unp->unp_refcnt >= 0) { @@ -1601,19 +1614,6 @@ usbnet_detach(device_t self, int flags) callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); - if (mii) { - mii_detach(mii, MII_PHY_ANY, MII_OFFSET_ANY); - ifmedia_fini(&mii->mii_media); - } - if (unp->unp_ifp_attached) { - if (!usbnet_empty_eaddr(un)) - ether_ifdetach(ifp); - else - bpf_detach(ifp); - if_detach(ifp); - } - usbnet_ec(un)->ec_mii = NULL; - cv_destroy(&unp->unp_detachcv); mutex_destroy(&unp->unp_core_lock); mutex_destroy(&unp->unp_rxlock); From a23b0d111a5227154aa584a3e523f746221276a8 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:49:56 +0000 Subject: [PATCH 19/25] usbnet: Make detach order reverse attach order, for unp_stat_ch. No functional change intended. --- sys/dev/usb/usbnet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index eb294608eff6..0b98b8f85243 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1611,7 +1611,6 @@ usbnet_detach(device_t self, int flags) usbnet_rx_list_free(un); usbnet_tx_list_free(un); - callout_destroy(&unp->unp_stat_ch); rnd_detach_source(&unp->unp_rndsrc); cv_destroy(&unp->unp_detachcv); @@ -1619,6 +1618,8 @@ usbnet_detach(device_t self, int flags) mutex_destroy(&unp->unp_rxlock); mutex_destroy(&unp->unp_txlock); + callout_destroy(&unp->unp_stat_ch); + pmf_device_deregister(un->un_dev); usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); From 9eecf0cbcd9a853cd2bee98db3b1fc5b156ca249 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:32 +0000 Subject: [PATCH 20/25] usbnet: Don't issue a detach event if we never issued an attach one. --- sys/dev/usb/usbnet.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 0b98b8f85243..06805ae919c2 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1622,7 +1622,14 @@ usbnet_detach(device_t self, int flags) pmf_device_deregister(un->un_dev); - usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, un->un_dev); + /* + * Notify userland that we're going away, if we arrived in the + * first place. + */ + if (unp->unp_ifp_attached) { + usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, un->un_udev, + un->un_dev); + } kmem_free(unp, sizeof(*unp)); un->un_pri = NULL; From f88a9e2d3566dc2413f0932eae5c86bea728cfcd Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:50:59 +0000 Subject: [PATCH 21/25] usbnet: Uncomment and fix assertion for ifp->if_flags |= IFF_RUNNING. We always hold IFNET_LOCK for ioctls that end up here -- the ones that don't hold it are only SIOCADDMULTI/SIOCDELMULTI, which don't end up here. However, urndis(4) throws a spanner in the works by doing weird device initialization. --- sys/dev/usb/usbnet.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 06805ae919c2..d721fea0eae5 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -855,10 +855,9 @@ usbnet_init_rx_tx(struct usbnet * const un) } /* Indicate we are up and running. */ -#if 0 - /* XXX if_mcast_op() can call this without ifnet locked */ - KASSERT(ifp->if_softc == NULL || IFNET_LOCKED(ifp)); -#endif + /* XXX urndis calls usbnet_init_rx_tx before usbnet_attach_ifp. */ + KASSERTMSG(!unp->unp_ifp_attached || IFNET_LOCKED(ifp), + "%s", ifp->if_xname); ifp->if_flags |= IFF_RUNNING; /* Start up the receive pipe(s). */ From 836369501a2cab825cbc12d94af39f425707c291 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Fri, 24 Dec 2021 22:07:39 +0000 Subject: [PATCH 22/25] usbnet: Omit needless tests in usbnet_tick. It's harmless for us to schedule the tick task even if unp_dying or unp_stopping is set by now, because usbnet_stop will just wait for it to finish anyway, and the callout can't be scheduled again until the interface is done stopping and is brought back up again. No need for unp == NULL test -- un->un_pri is initialized well before this callout can be scheduled, and is nulled out only at the end of usbnet_detach, at which point we have already halted this callout. --- sys/dev/usb/usbnet.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index d721fea0eae5..a1c438e89fe6 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1189,10 +1189,8 @@ usbnet_tick(void *arg) USBNETHIST_CALLARGSN(10, "%jd: enter", unp->unp_number, 0, 0, 0); - if (unp != NULL && !unp->unp_stopping && !unp->unp_dying) { - /* Perform periodic stuff in process context */ - usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); - } + /* Perform periodic stuff in process context */ + usb_add_task(un->un_udev, &unp->unp_ticktask, USB_TASKQ_DRIVER); } static void From adfb222f7e902d07381c81aa1edfa8ba3dc064e3 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:54:38 +0000 Subject: [PATCH 23/25] usbnet: Omit needless locking/busying/testing in usbnet_tick_task. usbnet_stop waits for the task to complete before resetting the hardware, and usbnet_detach waits for usbnet_stop to complete before destroying anything, so there's no need for any of this. --- sys/dev/usb/usbnet.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index a1c438e89fe6..3eda9a7d85c7 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1225,22 +1225,10 @@ usbnet_tick_task(void *arg) USBNETHIST_FUNC(); struct usbnet * const un = arg; struct usbnet_private * const unp = un->un_pri; - - USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); - - mutex_enter(&unp->unp_core_lock); - if (unp->unp_stopping || unp->unp_dying) { - mutex_exit(&unp->unp_core_lock); - return; - } - struct ifnet * const ifp = usbnet_ifp(un); struct mii_data * const mii = usbnet_mii(un); - KASSERT(ifp != NULL); /* embedded member */ - - usbnet_busy(un); - mutex_exit(&unp->unp_core_lock); + USBNETHIST_CALLARGSN(8, "%jd: enter", unp->unp_number, 0, 0, 0); mutex_enter(&unp->unp_txlock); const bool timeout = unp->unp_timer != 0 && --unp->unp_timer == 0; @@ -1261,7 +1249,6 @@ usbnet_tick_task(void *arg) uno_tick(un); mutex_enter(&unp->unp_core_lock); - usbnet_unbusy(un); if (!unp->unp_stopping && !unp->unp_dying) callout_schedule(&unp->unp_stat_ch, hz); mutex_exit(&unp->unp_core_lock); From 84dee19e9beaef0dc0145f78e19f0c0e579dbec9 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 10:06:50 +0000 Subject: [PATCH 24/25] usbnet: Clear watchdog timer before stopping hardware. No need to take the lock again -- which might not be necessary because the callout and task have completed, but let's obviate the need to think about that. --- sys/dev/usb/usbnet.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index 3eda9a7d85c7..ffd559df74b2 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1112,9 +1112,14 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) usbnet_busy(un); + /* + * Prevent new activity (rescheduling ticks, xfers, &c.) and + * clear the watchdog timer. + */ mutex_enter(&unp->unp_rxlock); mutex_enter(&unp->unp_txlock); unp->unp_stopping = true; + unp->unp_timer = 0; mutex_exit(&unp->unp_txlock); mutex_exit(&unp->unp_rxlock); @@ -1138,11 +1143,6 @@ usbnet_stop(struct usbnet *un, struct ifnet *ifp, int disable) */ uno_stop(un, ifp, disable); - /* Clear the watchdog timer. */ - mutex_enter(&unp->unp_txlock); - unp->unp_timer = 0; - mutex_exit(&unp->unp_txlock); - /* Stop transfers. */ usbnet_ep_stop_pipes(un); From 68fb1518b536a4dbaa7f35f1aeafef2580fa05ba Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 26 Dec 2021 01:56:30 +0000 Subject: [PATCH 25/25] WIP: usbnet: Print diagnostic about refcnt stragglers. I don't think there can be any, but this message, if printed, would falsify my hypothesis! --- sys/dev/usb/usbnet.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/dev/usb/usbnet.c b/sys/dev/usb/usbnet.c index ffd559df74b2..d93d1443d36c 100644 --- a/sys/dev/usb/usbnet.c +++ b/sys/dev/usb/usbnet.c @@ -1586,6 +1586,10 @@ usbnet_detach(device_t self, int flags) mutex_enter(&unp->unp_core_lock); unp->unp_refcnt--; + if (unp->unp_refcnt >= 0) { + aprint_error_dev(un->un_dev, "%d stragglers\n", + unp->unp_refcnt + 1); + } while (unp->unp_refcnt >= 0) { /* Wait for processes to go away */ cv_wait(&unp->unp_detachcv, &unp->unp_core_lock);