On Mon, 13 Dec 2004, Duncan Sands wrote:
> > This patch fixes a bug in the usbfs code. The driver is too zealous about
> > checking for disconnected devices before doing things. In particular, it
> > is necessary to reap all outstanding asynchronous URBs and unbind from
> > interfaces when the device file is closed, even if the device is no longer
> > connected.
>
> Hi Alan, is that really so? IIRC, the reaping etc happens when the device is
> disconnected, and then it is not possible to submit more stuff. The
> interfaces
> are also supposed to be released at disconnect time (again IIRC).
There are two possible points of confusion here. First, "device is
disconnected" is ambiguous because disconnect processing takes place in
two stages. The initial stage is when udev->state is set to
USB_STATE_NOTATTACHED (that's what the "connected" inline routine tests
for). The final stage is when khubd notices and starts unbinding
drivers and so on (that's when the reaping and releasing you mention above
happen).
The other point of confusion has to do with device disconnection vs. the
user process closing the device file. When the file is closed
usbdev_release does all that reaping and unbinding stuff (if the device is
still connected) and then deallocates the ps structure. So the reaping &
unbinding happen in both paths: disconnect and close.
The problem arises when the following sequence of events occurs:
udev->state is set to USB_STATE_NOTATTACHED
user process closes the device file (usbdev_release)
khubd calls driver_disconnect
As the code stands now, usbdev_release won't reap anything or release the
interfaces because the state is already set to NOTATTACHED. But it does
deallocate ps, so when driver_disconnect runs it causes an oops.
Although this sequence looks a bit unlikely, it's actually quite likely to
happen during a firmware update. The last thing to happen after the
firmware has been transferred is a port reset, and the reset code notices
that the descriptors have changed (thanks to the updated firmware) and so
marks the device as NOTATTACHED. The user program immediately closes the
file descriptor because its work is done, and not until khubd wakes up
does the rest of the processing take place.
Alan Stern
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
[EMAIL PROTECTED]
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
