USB stack getting confused

Konstantin Belousov kostikbel at gmail.com
Sun Mar 10 09:48:31 UTC 2019 

On Sat, Mar 09, 2019 at 10:35:28PM +0100, Hans Petter Selasky wrote:
> On 3/9/19 8:23 PM, Konstantin Belousov wrote:
> > On Sat, Mar 09, 2019 at 11:41:31AM -0700, Warner Losh wrote:
> >>
> >> Is there a form of destroy_dev() that does a revoke on all open instances?
> >> Eg, this is gone, you can't use it anymore, and all further attempts to use
> >> the device will generate an error, but in the mean time we destroy the
> >> device and let the detach routine get on with life. waiting may make sense
> >> when you are merely unloading the driver (and getting to the detach routine
> >> that way), but when the device is gone, I've come around to the point of
> >> view that we should just destroy it w/o waiting for closes and anybody that
> >> touches it afterwards gets an error and has to cope with the error. But
> >> even in the unload case, we maybe we shouldn't get to the detach routine
> >> unless we're forcing and/or the detach routine just returns EBUSY since the
> >> only one that knows what dev_t's are associated with the device_t is the
> >> driver itself.
> > You are asking very basic questions about devfs there.
> > 
> > destroy_dev(9) waits for two things:
> > - that all threads left the cdevsw methods for the given device;
> > - that all cdevpriv destructors finished running.
> 
> Hi,
> 
> > To facilitate waking up threads potentially sleeping inside the cdevsw
> > methods, drivers might implement d_purge method which must weed out sleeping
> > threads from inside the code in the bound time.
> 
> USB will purge all callers before calling destroy_dev(). This is not the 
> problem.
> 
> > After that we return from destroy_dev(9) and guarantee that no new calls
> > into cdevsw is done for this device.  devfs magic consumes  the fo_ and
> > VOP_ calls and does not allow them to reach into the driver.
> 
> When I designed the current USB devfs it was important to me to keep 
> open() and close() calls balanced to avoid situations where an open call 
> may setup some resource and then close(), which free this resource 
> again, never gets called. destroy_dev(9) makes no such guarantee, and I 
> think that is a failure of destroy_dev(9). That's when I started using 
> the cdev's destructor callback function.
Lets correct the terminology first.
Are you referring to the d_open/d_close pairing ?

Without D_TRACKCLOSE, d_close() is only called on the last close of
the device.  With D_TRACKCLOSE, devfs _tries_ to call d_close each time
it sees the VOP_CLOSE() operation from VFS, but due to way VFS works
VOP_CLOSE() could be missed.  Also, d_open vs d_close are not synchronized,
so a driver might get call to d_open in parallel to last d_close.

What do you mean by cdev destructor callback function ?  Do you mean
callback from destroy_dev_cb(), or do you actually reference the
destructors from devfs_set_cdevpriv(9) ?

If the later, then destroy_dev() guarantees that all cdevpriv destructors
for all file descriptors opened against the destroyed cdev are finished
before destroy_dev() returns.  In other words, if you use cdevpriv, you
can remove the drain for your refcount and everything should just work.

> 
> > So what usb does there is actively defeating existing mechanism by
> > keeping internal refcount on opens and refusing to call destroy_dev()
> > until the count goes to zero 
> 
> The FreeBSD USB stack also is used in environments w/o DEVFS and need 
> own refcounts.
I completely disagree with use of code sharing as excuse for FreeBSD bugs.

> 
> > (I did not read the usb code, but I believe
> > that I am not too wrong).  
>  >Would usb core just destroy_dev() when the
> > physical device goes away, then at worst the existing file descriptors
> > opened against the lost devices would become dead (not same dead as
> > terminals after revoke(2), but very similar).
> 
> Yes, I can do that if destroy_dev() ensures that d_close is called for 
> all open file handles once and only once before it returns. I think this 
> is where the problem comes from.
See above.  For d_close it is impossible, for cdevpriv dtr it is already
there by design.

> 
> > 
> > If the problem is due to keeping some instance data for the opened device,
> > then cdevpriv might be the better fit (at least the KPI was designed
> > to be) than blocking destroy until all users are gone.
> > 
> 
> The USB stack does not use MMAP, so this is not a problem.
I do not follow, why does it matter ?

On Sat, Mar 09, 2019 at 10:40:02PM +0100, Hans Petter Selasky wrote:
> On 3/9/19 8:28 PM, Rozhuk Ivan wrote:
> > On Sat, 9 Mar 2019 18:26:40 +0200
> > Konstantin Belousov <kostikbel at gmail.com> wrote:
> > 
> >> In fact I saw something similar with apcupsd and either usb/com
> >> adapters or native usb control card for APC UPSes.  For reasons I do
> >> not understand, these devices are often disconnected.  For older
> >> versions of apcupsd, it required restart for newly reattached device
> >> to be recreated in /dev. Sometimes it hangs whole usb stack.
> >>
> >> Newer apcupsd seems to open /dev/ugen only for the duration of the
> >> query, which makes the erratic behaviour is much less likely, but
> >> could still cause breakage when device disappear while apcupsd has it
> >> opened.
> >>
> > 
> > Same problem with usb sound cards.
> > I try to fix it, but fail with dsp, only mixer can be fixed with small code change.
> > https://reviews.freebsd.org/D11140
> > 
> 
> Hi,
> 
> How will these apps detect that they need to open the new /dev/mixer node?
> 
> I mean, after hang is fixed, mixer app will still try to query the old 
> file handle forever?
Userspace gets either ENXIO or EIO from syscalls.  For polls, it gets
POLLIN | POLLHUP immediately.

More information about the freebsd-hackers mailing list