Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys/dev/usb usb: Overhaul uhid(4) and uhidev(4) locking.



details:   https://anonhg.NetBSD.org/src/rev/4aecc4a172fa
branches:  trunk
changeset: 1016748:4aecc4a172fa
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Sun Nov 29 22:54:51 2020 +0000

description:
usb: Overhaul uhid(4) and uhidev(4) locking.

- uhidev API rules:

  1. Call uhidev_open when you want exclusive use of a report id.
     After it succeeds, you will get interrupts.

  2. Call uhidev_close when done with exclusive use of a report id.
     After it returns, you will no longer get interrupts.

     => uhidev_open/close do not nest.

  3. uhidev_write no longer requires the caller to have exclusive
     access -- if there is a write in progress, it will block
     interruptibly until done.  This way drivers for individual
     report ids need not work separately to coordinate their writes.

  4. You must uhidev_stop to abort any pending writes on the same
     report id.  (uhidev_stop no longer does anything else -- to
     ensure no more interrupts, just use uhidev_close.)

- Fix uhidev_open/close locking -- uhidev now has an interruptible
  config lock held only on first open and last close by any report id
  in the device, to serialize the transition between zero and nonzero
  numbers of references which requires opening/closing pipes and
  allocating/freeing buffers.

- Make /dev/uhidN selnotify(POLLHUP) when the device is yanked.

- Factor uhid device lookup and reference counting and dying
  detection and so on into uhid_enter/exit.

- Nix struct uhid_softc::sc_access_lock.  This served no purpose but
  to confuse me when trying to understand the logic of this beast
  (and to ensure uhidev_write exclusion, but it was uninterruptible,
  which is wrong for something that implements userland operations,
  and didn't actually work because uhidev_write did nothing to
  coordinate between different report ids).

- Fix locking in select/poll.

- Use atomics to manage UHID_IMMED to keep it simple.  (sc_lock would
  be fine too but it makes the code more verbose.)

- Omit needless UHID_ASLP -- cv_broadcast already has this
  micro-optimization.


With these changes, my Pinebook survives

for i in `jot 100`; do
        echo '###' $i
        for j in `jot 16`; do
                usbhidctl -rf /dev/uhid$j >/dev/null &
        done
        wait
done

while plugging and unplugging uhid(4) devices (U2F keys), and the U2F
keys still work as U2F keys.


ok nick, mrg

XXX pullup-9
XXX pullup-8?


Note on ABI and pullups: This changes the layout of struct
uhidev_softc, but with the sole exception of ucycom(4) -- which at
the moment is completely broken and unusable -- the only members that
USB HID drivers use are sc_udev and sc_iface, which haven't changed.
The layout of struct uhidev, which is allocated by each USB HID
driver in its own softc structure, is unchanged.

diffstat:

 sys/dev/usb/uhid.c   |  351 ++++++++++++++++++++++++----------------
 sys/dev/usb/uhidev.c |  432 ++++++++++++++++++++++++++++++++++++++++----------
 sys/dev/usb/uhidev.h |   35 ++-
 3 files changed, 578 insertions(+), 240 deletions(-)

diffs (truncated from 1212 to 300 lines):

diff -r fcfdb21bba89 -r 4aecc4a172fa sys/dev/usb/uhid.c
--- a/sys/dev/usb/uhid.c        Sun Nov 29 21:50:50 2020 +0000
+++ b/sys/dev/usb/uhid.c        Sun Nov 29 22:54:51 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uhid.c,v 1.114 2020/05/23 23:42:42 ad Exp $    */
+/*     $NetBSD: uhid.c,v 1.115 2020/11/29 22:54:51 riastradh Exp $     */
 
 /*
  * Copyright (c) 1998, 2004, 2008, 2012 The NetBSD Foundation, Inc.
@@ -35,7 +35,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uhid.c,v 1.114 2020/05/23 23:42:42 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uhid.c,v 1.115 2020/11/29 22:54:51 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_compat_netbsd.h"
@@ -43,21 +43,24 @@
 #endif
 
 #include <sys/param.h>
-#include <sys/systm.h>
+#include <sys/types.h>
+
+#include <sys/atomic.h>
+#include <sys/compat_stub.h>
+#include <sys/conf.h>
+#include <sys/device.h>
+#include <sys/file.h>
+#include <sys/intr.h>
+#include <sys/ioctl.h>
 #include <sys/kernel.h>
 #include <sys/kmem.h>
+#include <sys/poll.h>
+#include <sys/proc.h>
+#include <sys/select.h>
 #include <sys/signalvar.h>
-#include <sys/device.h>
-#include <sys/ioctl.h>
-#include <sys/conf.h>
+#include <sys/systm.h>
 #include <sys/tty.h>
-#include <sys/file.h>
-#include <sys/select.h>
-#include <sys/proc.h>
 #include <sys/vnode.h>
-#include <sys/poll.h>
-#include <sys/intr.h>
-#include <sys/compat_stub.h>
 
 #include <dev/usb/usb.h>
 #include <dev/usb/usbhid.h>
@@ -84,8 +87,7 @@
 struct uhid_softc {
        struct uhidev sc_hdev;
 
-       kmutex_t sc_access_lock; /* serialises syscall accesses */
-       kmutex_t sc_lock;       /* protects refcnt, others */
+       kmutex_t sc_lock;
        kcondvar_t sc_cv;
        kcondvar_t sc_detach_cv;
 
@@ -99,12 +101,12 @@
        struct selinfo sc_rsel;
        proc_t *sc_async;       /* process that wants SIGIO */
        void *sc_sih;
-       u_char sc_state;        /* driver state */
-#define        UHID_ASLP       0x01    /* waiting for device data */
+       volatile uint32_t sc_state;     /* driver state */
 #define UHID_IMMED     0x02    /* return read data immediately */
 
        int sc_refcnt;
        int sc_raw;
+       u_char sc_open;
        u_char sc_dying;
 };
 
@@ -192,7 +194,6 @@
        aprint_normal(": input=%d, output=%d, feature=%d\n",
               sc->sc_isize, sc->sc_osize, sc->sc_fsize);
 
-       mutex_init(&sc->sc_access_lock, MUTEX_DEFAULT, IPL_NONE);
        mutex_init(&sc->sc_lock, MUTEX_DEFAULT, IPL_SOFTUSB);
        cv_init(&sc->sc_cv, "uhidrea");
        cv_init(&sc->sc_detach_cv, "uhiddet");
@@ -225,22 +226,26 @@
 
        DPRINTF(("uhid_detach: sc=%p flags=%d\n", sc, flags));
 
+       /* Prevent new I/O operations, and interrupt any pending reads.  */
+       mutex_enter(&sc->sc_lock);
        sc->sc_dying = 1;
+       cv_broadcast(&sc->sc_cv);
+       mutex_exit(&sc->sc_lock);
+
+       /* Interrupt any pending uhidev_write.  */
+       uhidev_stop(&sc->sc_hdev);
+
+       /* Wait for I/O operations to complete.  */
+       mutex_enter(&sc->sc_lock);
+       while (sc->sc_refcnt) {
+               DPRINTF(("%s: open=%d refcnt=%d\n", __func__,
+                       sc->sc_open, sc->sc_refcnt));
+               cv_wait(&sc->sc_detach_cv, &sc->sc_lock);
+       }
+       mutex_exit(&sc->sc_lock);
 
        pmf_device_deregister(self);
 
-       mutex_enter(&sc->sc_lock);
-       if (sc->sc_hdev.sc_state & UHIDEV_OPEN) {
-               if (--sc->sc_refcnt >= 0) {
-                       /* Wake everyone */
-                       cv_broadcast(&sc->sc_cv);
-                       /* Wait for processes to go away. */
-                       if (cv_timedwait(&sc->sc_detach_cv, &sc->sc_lock, hz * 60))
-                               aprint_error_dev(self, ": didn't detach\n");
-               }
-       }
-       mutex_exit(&sc->sc_lock);
-
        /* locate the major number */
        maj = cdevsw_lookup_major(&uhid_cdevsw);
 
@@ -248,14 +253,29 @@
        mn = device_unit(self);
        vdevgone(maj, mn, mn, VCHR);
 
-#if 0
-       usbd_add_drv_event(USB_EVENT_DRIVER_DETACH,
-           sc->sc_hdev.sc_parent->sc_udev, sc->sc_hdev.sc_dev);
-#endif
+       /*
+        * Wait for close to finish.
+        *
+        * XXX I assumed that vdevgone would synchronously call close,
+        * and not return before it has completed, but empirically the
+        * assertion of sc->sc_open == 0 below fires if we don't wait
+        * here.  Someone^TM should carefully examine vdevgone to
+        * ascertain what it guarantees, and audit all other users of
+        * it accordingly.
+        */
+       mutex_enter(&sc->sc_lock);
+       while (sc->sc_open) {
+               DPRINTF(("%s: open=%d\n", __func__, sc->sc_open));
+               cv_wait(&sc->sc_detach_cv, &sc->sc_lock);
+       }
+       mutex_exit(&sc->sc_lock);
+
+       KASSERT(sc->sc_open == 0);
+       KASSERT(sc->sc_refcnt == 0);
+
        cv_destroy(&sc->sc_cv);
        cv_destroy(&sc->sc_detach_cv);
        mutex_destroy(&sc->sc_lock);
-       mutex_destroy(&sc->sc_access_lock);
        seldestroy(&sc->sc_rsel);
        softint_disestablish(sc->sc_sih);
 
@@ -281,12 +301,9 @@
        mutex_enter(&sc->sc_lock);
        (void)b_to_q(data, len, &sc->sc_q);
 
-       if (sc->sc_state & UHID_ASLP) {
-               sc->sc_state &= ~UHID_ASLP;
-               DPRINTFN(5, ("uhid_intr: waking %p\n", &sc->sc_q));
-               cv_broadcast(&sc->sc_cv);
-       }
-       selnotify(&sc->sc_rsel, 0, 0);
+       DPRINTFN(5, ("uhid_intr: waking %p\n", &sc->sc_q));
+       cv_broadcast(&sc->sc_cv);
+       selnotify(&sc->sc_rsel, 0, NOTE_SUBMIT);
        if (sc->sc_async != NULL) {
                DPRINTFN(3, ("uhid_intr: sending SIGIO %p\n", sc->sc_async));
                softint_schedule(sc->sc_sih);
@@ -319,45 +336,74 @@
 
        DPRINTF(("uhidopen: sc=%p\n", sc));
 
-       if (sc->sc_dying)
-               return ENXIO;
-
+       /*
+        * Try to open.  If dying, or if already open (or opening),
+        * fail -- opens are exclusive.
+        */
        mutex_enter(&sc->sc_lock);
-
-       /*
-        * uhid interrupts aren't enabled yet, so setup sc_q now, as
-        * long as they're not already allocated.
-        */
-       if (sc->sc_hdev.sc_state & UHIDEV_OPEN) {
+       if (sc->sc_dying) {
+               mutex_exit(&sc->sc_lock);
+               return ENXIO;
+       }
+       if (sc->sc_open) {
                mutex_exit(&sc->sc_lock);
                return EBUSY;
        }
+       sc->sc_open = 1;
+       atomic_store_relaxed(&sc->sc_state, 0);
        mutex_exit(&sc->sc_lock);
 
+       /* uhid interrupts aren't enabled yet, so setup sc_q now */
        if (clalloc(&sc->sc_q, UHID_BSIZE, 0) == -1) {
-               return ENOMEM;
+               error = ENOMEM;
+               goto fail0;
        }
 
-       mutex_enter(&sc->sc_access_lock);
-       error = uhidev_open(&sc->sc_hdev);
-       if (error) {
-               clfree(&sc->sc_q);
-               mutex_exit(&sc->sc_access_lock);
-               return error;
-       }
-       mutex_exit(&sc->sc_access_lock);
-
+       /* Allocate an output buffer if needed.  */
        if (sc->sc_osize > 0)
                sc->sc_obuf = kmem_alloc(sc->sc_osize, KM_SLEEP);
        else
                sc->sc_obuf = NULL;
-       sc->sc_state &= ~UHID_IMMED;
 
+       /* Paranoia: reset SIGIO before enabling interrputs.  */
        mutex_enter(&proc_lock);
        sc->sc_async = NULL;
        mutex_exit(&proc_lock);
 
+       /* Open the uhidev -- after this point we can get interrupts.  */
+       error = uhidev_open(&sc->sc_hdev);
+       if (error)
+               goto fail1;
+
+       /* We are open for business.  */
+       mutex_enter(&sc->sc_lock);
+       sc->sc_open = 2;
+       mutex_exit(&sc->sc_lock);
+
        return 0;
+
+fail2: __unused
+       mutex_enter(&sc->sc_lock);
+       KASSERT(sc->sc_open == 2);
+       sc->sc_open = 1;
+       mutex_exit(&sc->sc_lock);
+       uhidev_close(&sc->sc_hdev);
+fail1: selnotify(&sc->sc_rsel, POLLHUP, 0);
+       mutex_enter(&proc_lock);
+       sc->sc_async = NULL;
+       mutex_exit(&proc_lock);
+       if (sc->sc_osize > 0) {
+               kmem_free(sc->sc_obuf, sc->sc_osize);
+               sc->sc_obuf = NULL;
+       }
+       clfree(&sc->sc_q);
+fail0: mutex_enter(&sc->sc_lock);
+       KASSERT(sc->sc_open == 1);
+       sc->sc_open = 0;
+       cv_broadcast(&sc->sc_detach_cv);
+       atomic_store_relaxed(&sc->sc_state, 0);
+       mutex_exit(&sc->sc_lock);
+       return error;
 }
 
 static int
@@ -369,25 +415,80 @@
 
        DPRINTF(("uhidclose: sc=%p\n", sc));
 
+       /* We are closing up shop.  Prevent new opens until we're done.  */
+       mutex_enter(&sc->sc_lock);
+       KASSERT(sc->sc_open == 2);
+       sc->sc_open = 1;
+       mutex_exit(&sc->sc_lock);
+
+       /* Prevent further interrupts.  */
+       uhidev_close(&sc->sc_hdev);
+
+       /* Hang up all select/poll.  */
+       selnotify(&sc->sc_rsel, POLLHUP, 0);
+
+       /* Reset SIGIO.  */
        mutex_enter(&proc_lock);
        sc->sc_async = NULL;
        mutex_exit(&proc_lock);
 
-       mutex_enter(&sc->sc_access_lock);
-
-       uhidev_stop(&sc->sc_hdev);
-
+       /* Free the buffer and queue.  */
+       if (sc->sc_osize > 0) {
+               kmem_free(sc->sc_obuf, sc->sc_osize);
+               sc->sc_obuf = NULL;



Home | Main Index | Thread Index | Old Index