On 17/05/13(Fri) 19:25, YASUOKA Masahiko wrote:
> Hi,
>
> On Fri, 1 Mar 2013 13:43:00 +0000
> "Wade, Daniel" <dw...@meridium.com> wrote:
> > -----Original Message-----
> > From: owner-t...@openbsd.org [mailto:owner-t...@openbsd.org] On Behalf Of
> > Stefan Sperling
> > Sent: Thursday, February 28, 2013 12:16 PM
> > To: Edd Barrett
> > Cc: tech@openbsd.org
> > Subject: Re: Wake from zzz causes panic on thinkpad x60
> >
> > On Thu, Feb 28, 2013 at 04:59:12PM +0000, Edd Barrett wrote:
> >> Went to run some TESTS for release and I am seeing panics when waking
> >> my thinkpad x60 from zzz.
> >>
> >> I didn't have a serial line attached to get trace and ps, so I have
> >> taken pictures of the kernel debugger. Sorry about that.
> >>
> >> http://farm9.staticflickr.com/8505/8516467142_1f3580e87a_c.jpg
> >
> > I've seen this panic in usb_abort_task_thread() on an x60s before.
> > It doesn't happen often. It's not a new issue in recent snaps.
>
> Same problem happens on my sony vaio vgn-sz94s.
> Attached diff will fix the problem.
>
> Remove `abort_task' from usb task queue before recycling a `struct
> usbd_xfer object' which includes the `abort_task'. Otherwise
> usb_abort_task_thread() may try to dequeue the recycled task then it
> causes panic with page fault.
Good analysis, but what about the less intrusive diff below from FreeBSD?
It looks like when isochronous support has been imported, task
cancellation were forgotten from the abort path.
Does this also fix your panic?
Index: ehci.c
===================================================================
RCS file: /home/ncvs/src/sys/dev/usb/ehci.c,v
retrieving revision 1.131
diff -u -p -r1.131 ehci.c
--- ehci.c 19 Apr 2013 08:58:53 -0000 1.131
+++ ehci.c 17 May 2013 12:05:37 -0000
@@ -800,6 +800,7 @@ ehci_check_itd_intr(struct ehci_softc *s
done:
DPRINTFN(12, ("ehci_check_itd_intr: ex=%p done\n", ex));
timeout_del(&ex->xfer.timeout_handle);
+ usb_rem_task(ex->xfer.pipe->device, &ex->abort_task);
ehci_idone(ex);
}
@@ -2859,6 +2860,7 @@ ehci_abort_isoc_xfer(struct usbd_xfer *x
s = splusb();
xfer->status = status;
timeout_del(&xfer->timeout_handle);
+ usb_rem_task(epipe->pipe.device, &exfer->abort_task);
usb_transfer_complete(xfer);
splx(s);
return;
@@ -2883,6 +2885,7 @@ ehci_abort_isoc_xfer(struct usbd_xfer *x
xfer->status = status;
timeout_del(&xfer->timeout_handle);
+ usb_rem_task(epipe->pipe.device, &exfer->abort_task);
s = splusb();
for (itd = exfer->itdstart; itd != NULL; itd = itd->xfer_next) {
