Hi Felipe, Felipe Balbi wrote: > Hi, > > Thinh Nguyen <[email protected]> writes: >> Hi Felipe, >> >> Felipe Balbi wrote: >>> We must wait until End Transfer completes in order to clear >>> DWC3_EP_TRANSFER_STARTED, otherwise we may confuse the driver. >>> >>> This patch is in preparation to fix a rare race condition that happens >>> upon Disconnect Interrupt. >>> >>> Signed-off-by: Felipe Balbi <[email protected]> >>> --- >>> drivers/usb/dwc3/gadget.c | 19 +++++-------------- >>> 1 file changed, 5 insertions(+), 14 deletions(-) >>> >>> diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c >>> index bed2ff42780b..a3903b8dc11e 100644 >>> --- a/drivers/usb/dwc3/gadget.c >>> +++ b/drivers/usb/dwc3/gadget.c >>> @@ -384,19 +384,9 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, >>> unsigned cmd, >>> >>> trace_dwc3_gadget_ep_cmd(dep, cmd, params, cmd_status); >>> >>> - if (ret == 0) { >>> - switch (DWC3_DEPCMD_CMD(cmd)) { >>> - case DWC3_DEPCMD_STARTTRANSFER: >>> - dep->flags |= DWC3_EP_TRANSFER_STARTED; >>> - dwc3_gadget_ep_get_transfer_index(dep); >>> - break; >>> - case DWC3_DEPCMD_ENDTRANSFER: >>> - dep->flags &= ~DWC3_EP_TRANSFER_STARTED; >>> - break; >>> - default: >>> - /* nothing */ >>> - break; >>> - } >>> + if (ret == 0 && DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_STARTTRANSFER) { >>> + dep->flags |= DWC3_EP_TRANSFER_STARTED; >>> + dwc3_gadget_ep_get_transfer_index(dep); >>> } >>> >>> if (saved_config) { >>> @@ -2571,7 +2561,8 @@ static void dwc3_endpoint_interrupt(struct dwc3 *dwc, >>> cmd = DEPEVT_PARAMETER_CMD(event->parameters); >>> >>> if (cmd == DWC3_DEPCMD_ENDTRANSFER) { >>> - dep->flags &= ~DWC3_EP_END_TRANSFER_PENDING; >>> + dep->flags &= ~(DWC3_EP_END_TRANSFER_PENDING | >>> + DWC3_EP_TRANSFER_STARTED); >>> dwc3_gadget_ep_cleanup_cancelled_requests(dep); >>> } >>> break; >> I missed this in my previous test, but my test setup found a race >> condition with this patch. The flag DWC3_EP_TRANSFER_STARTED doesn't get >> cleared until the END_TRANSFER command completion. If a START_TRANSFER >> comes before the command completion, then DWC3 may send multiple > We shouldn't issue Start Transfer unless that flag is cleared: > > static int __dwc3_gadget_kick_transfer(struct dwc3_ep *dep) > { > [...] > > starting = !(dep->flags & DWC3_EP_TRANSFER_STARTED); > > [...] > > if (starting) { > params.param0 = upper_32_bits(req->trb_dma); > params.param1 = lower_32_bits(req->trb_dma); > cmd = DWC3_DEPCMD_STARTTRANSFER; > > if (dep->stream_capable) > cmd |= DWC3_DEPCMD_PARAM(req->request.stream_id); > > if (usb_endpoint_xfer_isoc(dep->endpoint.desc)) > cmd |= DWC3_DEPCMD_PARAM(dep->frame_number); > } else { > cmd = DWC3_DEPCMD_UPDATETRANSFER | > DWC3_DEPCMD_PARAM(dep->resource_index); > } > [...] > } > > This seems to be the case from the tracepoints though: > > file-storage-20541 [001] d... 2552.847057: dwc3_gadget_ep_cmd: ep1in: > cmd 'End Transfer' [30d08] params 00000000 00000000 00000000 --> status: > Successful > file-storage-20541 [001] d... 2552.847060: dwc3_gadget_ep_disable: > ep1out: mps 1024/1024 streams 15 burst 16 ring 1/1 flags E:swbp:> > file-storage-20541 [001] d... 2552.847070: dwc3_gadget_ep_cmd: ep1in: > cmd 'Set Endpoint Configuration' [401] params 03c22004 06000200 00000000 --> > status: Successful > file-storage-20541 [001] d... 2552.847079: dwc3_gadget_ep_cmd: ep1in: > cmd 'Start Transfer' [406] params 00000000 36c82000 00000000 --> status: > Successful > file-storage-20541 [001] d... 2552.847081: dwc3_gadget_ep_enable: ep1in: > mps 1024/1024 streams 15 burst 16 ring 0/0 flags E:swBp:< > file-storage-20541 [001] d... 2552.847088: dwc3_gadget_ep_cmd: ep1out: > cmd 'Set Endpoint Configuration' [401] params 03c02004 04000200 00000000 --> > status: Successful > file-storage-20541 [001] d... 2552.847097: dwc3_gadget_ep_cmd: ep1out: > cmd 'Start Transfer' [406] params 00000000 36c81000 00000000 --> status: > Successful > file-storage-20541 [001] d... 2552.847099: dwc3_gadget_ep_enable: > ep1out: mps 1024/1024 streams 15 burst 16 ring 0/0 flags E:swBp:> > file-storage-20541 [001] .... 2552.847101: dwc3_alloc_request: ep1in: > req 00000000af96ad11 length 0/0 zsI ==> 0 > file-storage-20541 [001] .... 2552.847101: dwc3_alloc_request: ep1out: > req 000000008d5106f9 length 0/0 zsI ==> 0 > file-storage-20541 [001] .... 2552.847102: dwc3_alloc_request: ep1in: > req 00000000c7da02d0 length 0/0 zsI ==> 0 > file-storage-20541 [001] .... 2552.847103: dwc3_alloc_request: ep1out: > req 00000000a270ad2c length 0/0 zsI ==> 0 > file-storage-20541 [001] dN.. 2552.847112: dwc3_prepare_trb: ep0in: trb > 00000000fc6bece2 buf 0000000036c7f000 size 0 ctrl 00000c33 (HLcs:SC:status2) > file-storage-20541 [001] dN.. 2552.847119: dwc3_gadget_ep_cmd: ep0in: > cmd 'Start Transfer' [406] params 00000000 36c7f000 00000000 --> status: > Successful > file-storage-20541 [001] d... 2552.847134: dwc3_ep_queue: ep1out: req > 000000008d5106f9 length 0/1024 zsI ==> -115 > file-storage-20541 [001] d... 2552.847137: dwc3_prepare_trb: ep1out: trb > 00000000abc35b59 buf 00000000bcb56800 size 1024 ctrl 00000819 (HlcS:sC:normal) > file-storage-20541 [001] d... 2552.847142: dwc3_gadget_ep_cmd: ep1out: > cmd 'Update Transfer' [20007] params 00000000 00000000 00000000 --> status: > Successful > irq/16-dwc3-20542 [004] d... 2552.847144: dwc3_event: event (080301c6): > ep1in: Endpoint Command Complete > > Note that start transfer came before End Transfer completion. > > /me goes look furter > > I can see what's going on. The problem here is that we issue a Start > Transfer to all bulk endpoints when they are enabled. Upon ep_disable, > we issue End Transfer. Because you're switching interfaces all the time, > then you exposed the race between ep_disable followed by ep_enable and > End Transfer completion. > > Would it be enough to just skip the completion interrupt from > ep_disable? > >
Your patch resolves this issue. Can you create a formal patch for this? Thanks, Thinh
