From: David Mosberger <davidm@napali.hpl.hp.com>
To: David Brownell <david-b@pacbell.net>
Cc: davidm@hpl.hp.com, Greg KH <greg@kroah.com>,
vojtech@suse.cz, linux-usb-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, linux-ia64@vger.kernel.org,
pochini@shiny.it
Subject: Re: [linux-usb-devel] Re: serious 2.6 bug in USB subsystem?
Date: Fri, 5 Mar 2004 21:49:20 -0800 [thread overview]
Message-ID: <16457.26208.980359.82768@napali.hpl.hp.com> (raw)
In-Reply-To: <404959A5.6040809@pacbell.net>
>>>>> On Fri, 05 Mar 2004 20:55:01 -0800, David Brownell <david-b@pacbell.net> said:
>> Turns out it's this patch that was causing the crashes:
>> http://linux.bkbits.net:8080/linux-2.5/cset@1.1619.1.17
David.B> Maybe in 2.6.4-rc2... but not in 2.6.0-test{8,9}!!
Of course. What I'm saying is that in 2.6.0-test{8,9} it was rare to
trigger the problem (only with BTC keyboard) and the change above made
it trivial to trigger the keyboard. Basically, your fix in
cset 1.1619.1.17 made it more common for stuff to be unlinked in
the "deferred" (proper) manner and that made it much more likely to
trigger the bug.
David.B> The reason I keep ending up thinking that readl-elimination
David.B> must be OK (me agreeing with Martin) is that the memory
David.B> there came from dma_alloc_coherent() ... so if anything's
David.B> wrong, it'd be at most lack of rmb(), not a stale-cache
David.B> kind of thing.
It's not an issue of DMA coherency, it's an issue of DMA vs. interrupt
ordering. I believe the WHD interrupt is arriving at the CPU before
the DMA update to the HCCA is done. In my second patch, the readl()
at the beginning of the interrupt ensures that the DMA update to
the HCCA is completed before the readl() returns data.
David.B> It reads the frame number directly from the controller, so
David.B> it's not possible that it can be so stale that an rmb()
David.B> wouldn't fix sequencing issues.
Eh, it's read like this:
#define OHCI_FRAME_NO(hccap) ((u16)le32_to_cpup(&(hccap)->frame_no))
finish_unlinks (ohci, OHCI_FRAME_NO(ohci->hcca), ptregs);
The HCCA is in host memory.
>> - HCD ends up dereferencing a bad pointer and ends up reading
>> from address 0xf0000000, which on our ia64 machines is a
>> read-only area, which then results in a machine-check abort
David.B> I'm surprised that DMA from a read-only area would be a
David.B> problem! :) If OHCI is getting a PCI error, I'd expect a
David.B> "UE" IRQ.
You must have not received my follow-up message. There was a typo in
my message: it was supposed to say "write-only" area.
David.B> I still suspect some problem in the HID code. But right
David.B> now I'm quite certain of a recent-ish OHCI issue.
I'm 99% certain that the problem I saw back in October (BTC keyboard)
was identical to the one triggered by cset 1.1619.1.17.
--david
next prev parent reply other threads:[~2004-03-06 5:49 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-27 22:35 serious 2.6 bug in USB subsystem? David Mosberger
2003-10-28 1:30 ` Greg KH
2003-10-28 3:00 ` David Mosberger
2003-10-30 15:11 ` [linux-usb-devel] " David Brownell
2003-10-30 20:15 ` David Mosberger
[not found] ` <16289.55171.278494.17172@napali.hpl.hp.com>
2003-10-31 16:23 ` David Brownell
2003-10-31 18:34 ` David Mosberger
2003-10-31 18:50 ` Valdis.Kletnieks
2003-10-31 19:28 ` David Brownell
2003-10-31 19:50 ` David Mosberger
2003-10-31 20:06 ` David S. Miller
2004-03-06 2:08 ` David Mosberger
2004-03-06 2:13 ` David Mosberger
2004-03-06 4:55 ` David Brownell
2004-03-06 5:49 ` David Mosberger [this message]
2004-03-06 7:21 ` David Mosberger
2004-03-06 8:39 ` David Mosberger
2004-03-06 16:37 ` David Brownell
2004-03-08 6:18 ` Grant Grundler
2004-03-08 18:58 ` David Mosberger
2004-03-08 21:48 ` David Brownell
2004-03-09 9:15 ` David Mosberger
2004-03-09 17:36 ` David Brownell
2004-03-09 17:58 ` David Mosberger
2004-03-09 20:39 ` David Brownell
2004-03-09 23:32 ` David Mosberger
2004-03-10 2:53 ` David Brownell
2004-03-10 6:11 ` David Mosberger
2004-03-10 6:59 ` David Mosberger
2004-03-10 7:52 ` Wouter Lueks
2004-03-10 16:49 ` David Mosberger
2004-03-10 19:49 ` Wouter Lueks
2004-03-10 16:22 ` David Brownell
2004-03-10 18:04 ` David Mosberger
2004-03-11 2:43 ` David Brownell
2004-03-11 5:35 ` David Mosberger
2004-03-10 19:29 ` Colin Leroy
2004-03-06 9:17 ` [linux-usb-devel] " David Mosberger
2004-03-06 17:30 ` David Brownell
2004-03-07 13:48 ` Matthias Andree
2004-03-08 18:49 ` David Mosberger
2003-11-03 3:46 ` David Brownell
2003-11-03 21:25 ` David Mosberger
2004-03-03 12:33 ` Wouter Lueks
2004-03-03 15:30 ` Wouter Lueks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=16457.26208.980359.82768@napali.hpl.hp.com \
--to=davidm@napali.hpl.hp.com \
--cc=david-b@pacbell.net \
--cc=davidm@hpl.hp.com \
--cc=greg@kroah.com \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb-devel@lists.sourceforge.net \
--cc=pochini@shiny.it \
--cc=vojtech@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).