Message ID | 20231121-guenter-mini-v3-2-d8a5eae2312b@chromium.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | uvcvideo: Attempt N to land UVC race conditions fixes | expand |
On (23/11/21 19:53), Ricardo Ribalda wrote: > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > index 08fcd2ffa727..413c32867617 100644 > --- a/drivers/media/usb/uvc/uvc_driver.c > +++ b/drivers/media/usb/uvc/uvc_driver.c > @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) > return; > > uvc_unregister_video(dev); > + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ > + smp_store_release(&dev->disconnected, true); > kref_put(&dev->ref, uvc_delete); > } [..] > +void uvc_video_stop_streaming(struct uvc_streaming *stream) > +{ > + uvc_video_stop_transfer(stream, 1); > + > + /* > + * Barrier needed to synchronize with uvc_disconnect(). > + * We cannot call usb_* functions on a disconnected USB device. > + */ > + if (!smp_load_acquire(&stream->dev->disconnected)) > + uvc_video_halt(stream); > + > uvc_video_clock_cleanup(stream); > } Can the following happen? CPU0 CPU1 uvc_disconnect() uvc_video_stop_streaming() usb_set_intfdata() uvc_unregister_video() if (!smp_load(&dev->disconnected)) uvc_video_halt() smp_store_release(&dev->disconnected, true); kref_put(&dev->ref, uvc_delete);
On (23/11/22 16:47), Sergey Senozhatsky wrote: > Can the following happen? Consider the following case (when CPU1 experienced a delay, a preemption or anything): > CPU0 CPU1 > uvc_disconnect() > uvc_video_stop_streaming() > usb_set_intfdata() > uvc_unregister_video() > > if (!smp_load(&dev->disconnected)) > > smp_store_release(&dev->disconnected, true); > > kref_put(&dev->ref, uvc_delete); > uvc_video_halt() That uvc_video_halt() cannot be legal, right?
Hi Sergey On Wed, 22 Nov 2023 at 09:01, Sergey Senozhatsky <senozhatsky@chromium.org> wrote: > > On (23/11/22 16:47), Sergey Senozhatsky wrote: > > Can the following happen? > > Consider the following case (when CPU1 experienced a delay, a preemption > or anything): > > > CPU0 CPU1 > > uvc_disconnect() > > uvc_video_stop_streaming() > > usb_set_intfdata() > > uvc_unregister_video() > > > > if (!smp_load(&dev->disconnected)) > > > > smp_store_release(&dev->disconnected, true); > > > > kref_put(&dev->ref, uvc_delete); > > > uvc_video_halt() > > That uvc_video_halt() cannot be legal, right? This patch only takes care of calls to uvc_video_stop_streaming() after .disconnect. Guenter's patch from this series should take care of the concurrent calls. I will resend making it explicit. Thanks!
Hi Ricardo, Thank you for the patch. On Tue, Nov 21, 2023 at 07:53:49PM +0000, Ricardo Ribalda wrote: > usb drivers should not call to any usb_() function after the > .disconnect() callback has been triggered. > > If the camera is streaming, the uvc driver will call usb_set_interface or > usb_clear_halt once the device is being released. Let's fix this issue. > > This is probably not the only driver affected with this kind of bug, but > until there is a better way to do it in the core this is the way to > solve this issue. > > When/if a different mechanism is implemented in the core to solve the > lifetime of devices we will adopt it in uvc. > > Trace: > [ 1065.389723] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > [ 1065.390160] drivers/media/usb/uvc/uvc_driver.c:2264 uvc_disconnect exit > [ 1065.433956] drivers/media/usb/uvc/uvc_v4l2.c:659 uvc_v4l2_release enter > [ 1065.433973] drivers/media/usb/uvc/uvc_video.c:2274 uvc_video_stop_streaming enter > [ 1065.434560] drivers/media/usb/uvc/uvc_video.c:2285 uvc_video_stop_streaming exit > [ 1065.435154] drivers/media/usb/uvc/uvc_v4l2.c:680 uvc_v4l2_release exit > [ 1065.435188] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> > --- > drivers/media/usb/uvc/uvc_driver.c | 2 ++ > drivers/media/usb/uvc/uvc_video.c | 45 ++++++++++++++++++++++++-------------- > drivers/media/usb/uvc/uvcvideo.h | 2 ++ > 3 files changed, 32 insertions(+), 17 deletions(-) > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > index 08fcd2ffa727..413c32867617 100644 > --- a/drivers/media/usb/uvc/uvc_driver.c > +++ b/drivers/media/usb/uvc/uvc_driver.c > @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) > return; > > uvc_unregister_video(dev); > + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ > + smp_store_release(&dev->disconnected, true); > kref_put(&dev->ref, uvc_delete); > } > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > index 28dde08ec6c5..032b44e45b22 100644 > --- a/drivers/media/usb/uvc/uvc_video.c > +++ b/drivers/media/usb/uvc/uvc_video.c > @@ -2243,28 +2243,39 @@ int uvc_video_start_streaming(struct uvc_streaming *stream) > return ret; > } > > -void uvc_video_stop_streaming(struct uvc_streaming *stream) > +static void uvc_video_halt(struct uvc_streaming *stream) > { > - uvc_video_stop_transfer(stream, 1); > + unsigned int epnum; > + unsigned int pipe; > + unsigned int dir; > > if (stream->intf->num_altsetting > 1) { Doesn't this imply the device is using isochronous mode? > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > - } else { > - /* > - * UVC doesn't specify how to inform a bulk-based device > - * when the video stream is stopped. Windows sends a > - * CLEAR_FEATURE(HALT) request to the video streaming > - * bulk endpoint, mimic the same behaviour. > - */ > - unsigned int epnum = stream->header.bEndpointAddress > - & USB_ENDPOINT_NUMBER_MASK; > - unsigned int dir = stream->header.bEndpointAddress > - & USB_ENDPOINT_DIR_MASK; > - unsigned int pipe; > - > - pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > - usb_clear_halt(stream->dev->udev, pipe); > + return; > } > > + /* > + * UVC doesn't specify how to inform a bulk-based device Then this comment doesn't look right. What about the code? This isn't mentioned in the commit message either. > + * when the video stream is stopped. Windows sends a > + * CLEAR_FEATURE(HALT) request to the video streaming > + * bulk endpoint, mimic the same behaviour. > + */ > + epnum = stream->header.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; > + dir = stream->header.bEndpointAddress & USB_ENDPOINT_DIR_MASK; > + pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > + usb_clear_halt(stream->dev->udev, pipe); > +} > + > +void uvc_video_stop_streaming(struct uvc_streaming *stream) > +{ > + uvc_video_stop_transfer(stream, 1); > + > + /* > + * Barrier needed to synchronize with uvc_disconnect(). > + * We cannot call usb_* functions on a disconnected USB device. > + */ > + if (!smp_load_acquire(&stream->dev->disconnected)) > + uvc_video_halt(stream); > + > uvc_video_clock_cleanup(stream); > } > diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h > index 6fb0a78b1b00..4318ce8e31db 100644 > --- a/drivers/media/usb/uvc/uvcvideo.h > +++ b/drivers/media/usb/uvc/uvcvideo.h > @@ -559,6 +559,8 @@ struct uvc_device { > unsigned int users; > atomic_t nmappings; > > + bool disconnected; > + > /* Video control interface */ > #ifdef CONFIG_MEDIA_CONTROLLER > struct media_device mdev; >
Hi Sakari On Wed, 22 Nov 2023 at 11:25, Sakari Ailus <sakari.ailus@iki.fi> wrote: > > Hi Ricardo, > > Thank you for the patch. > > On Tue, Nov 21, 2023 at 07:53:49PM +0000, Ricardo Ribalda wrote: > > usb drivers should not call to any usb_() function after the > > .disconnect() callback has been triggered. > > > > If the camera is streaming, the uvc driver will call usb_set_interface or > > usb_clear_halt once the device is being released. Let's fix this issue. > > > > This is probably not the only driver affected with this kind of bug, but > > until there is a better way to do it in the core this is the way to > > solve this issue. > > > > When/if a different mechanism is implemented in the core to solve the > > lifetime of devices we will adopt it in uvc. > > > > Trace: > > [ 1065.389723] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > [ 1065.390160] drivers/media/usb/uvc/uvc_driver.c:2264 uvc_disconnect exit > > [ 1065.433956] drivers/media/usb/uvc/uvc_v4l2.c:659 uvc_v4l2_release enter > > [ 1065.433973] drivers/media/usb/uvc/uvc_video.c:2274 uvc_video_stop_streaming enter > > [ 1065.434560] drivers/media/usb/uvc/uvc_video.c:2285 uvc_video_stop_streaming exit > > [ 1065.435154] drivers/media/usb/uvc/uvc_v4l2.c:680 uvc_v4l2_release exit > > [ 1065.435188] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > > > Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> > > --- > > drivers/media/usb/uvc/uvc_driver.c | 2 ++ > > drivers/media/usb/uvc/uvc_video.c | 45 ++++++++++++++++++++++++-------------- > > drivers/media/usb/uvc/uvcvideo.h | 2 ++ > > 3 files changed, 32 insertions(+), 17 deletions(-) > > > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > > index 08fcd2ffa727..413c32867617 100644 > > --- a/drivers/media/usb/uvc/uvc_driver.c > > +++ b/drivers/media/usb/uvc/uvc_driver.c > > @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) > > return; > > > > uvc_unregister_video(dev); > > + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ > > + smp_store_release(&dev->disconnected, true); > > kref_put(&dev->ref, uvc_delete); > > } > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > > index 28dde08ec6c5..032b44e45b22 100644 > > --- a/drivers/media/usb/uvc/uvc_video.c > > +++ b/drivers/media/usb/uvc/uvc_video.c > > @@ -2243,28 +2243,39 @@ int uvc_video_start_streaming(struct uvc_streaming *stream) > > return ret; > > } > > > > -void uvc_video_stop_streaming(struct uvc_streaming *stream) > > +static void uvc_video_halt(struct uvc_streaming *stream) > > { > > - uvc_video_stop_transfer(stream, 1); > > + unsigned int epnum; > > + unsigned int pipe; > > + unsigned int dir; > > > > if (stream->intf->num_altsetting > 1) { > > Doesn't this imply the device is using isochronous mode? I haven't changed the behaviour for halt, it is just that git diff is being a bit too creative here: Basically it is doing: void video_halt() { if (is_isoc()) { usb_set_interface(stream->dev->udev, stream->intfnum, 0); return; } usb_clear_halt(); } instead of the old: void video_halt() { if (is_isoc()) { usb_set_interface(stream->dev->udev, stream->intfnum, 0); } else { usb_clear_halt(); } } Thanks! > > > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > > - } else { > > - /* > > - * UVC doesn't specify how to inform a bulk-based device > > - * when the video stream is stopped. Windows sends a > > - * CLEAR_FEATURE(HALT) request to the video streaming > > - * bulk endpoint, mimic the same behaviour. > > - */ > > - unsigned int epnum = stream->header.bEndpointAddress > > - & USB_ENDPOINT_NUMBER_MASK; > > - unsigned int dir = stream->header.bEndpointAddress > > - & USB_ENDPOINT_DIR_MASK; > > - unsigned int pipe; > > - > > - pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > - usb_clear_halt(stream->dev->udev, pipe); > > + return; > > } > > > > + /* > > + * UVC doesn't specify how to inform a bulk-based device > > Then this comment doesn't look right. What about the code? This isn't > mentioned in the commit message either. > > > + * when the video stream is stopped. Windows sends a > > + * CLEAR_FEATURE(HALT) request to the video streaming > > + * bulk endpoint, mimic the same behaviour. > > + */ > > + epnum = stream->header.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; > > + dir = stream->header.bEndpointAddress & USB_ENDPOINT_DIR_MASK; > > + pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > + usb_clear_halt(stream->dev->udev, pipe); > > +} > > + > > +void uvc_video_stop_streaming(struct uvc_streaming *stream) > > +{ > > + uvc_video_stop_transfer(stream, 1); > > + > > + /* > > + * Barrier needed to synchronize with uvc_disconnect(). > > + * We cannot call usb_* functions on a disconnected USB device. > > + */ > > + if (!smp_load_acquire(&stream->dev->disconnected)) > > + uvc_video_halt(stream); > > + > > uvc_video_clock_cleanup(stream); > > } > > diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h > > index 6fb0a78b1b00..4318ce8e31db 100644 > > --- a/drivers/media/usb/uvc/uvcvideo.h > > +++ b/drivers/media/usb/uvc/uvcvideo.h > > @@ -559,6 +559,8 @@ struct uvc_device { > > unsigned int users; > > atomic_t nmappings; > > > > + bool disconnected; > > + > > /* Video control interface */ > > #ifdef CONFIG_MEDIA_CONTROLLER > > struct media_device mdev; > > > > -- > Kind regards, > > Sakari Ailus
Hi Ricardo, On Wed, Nov 22, 2023 at 11:32:16AM +0100, Ricardo Ribalda wrote: > Hi Sakari > > On Wed, 22 Nov 2023 at 11:25, Sakari Ailus <sakari.ailus@iki.fi> wrote: > > > > Hi Ricardo, > > > > Thank you for the patch. > > > > On Tue, Nov 21, 2023 at 07:53:49PM +0000, Ricardo Ribalda wrote: > > > usb drivers should not call to any usb_() function after the > > > .disconnect() callback has been triggered. > > > > > > If the camera is streaming, the uvc driver will call usb_set_interface or > > > usb_clear_halt once the device is being released. Let's fix this issue. > > > > > > This is probably not the only driver affected with this kind of bug, but > > > until there is a better way to do it in the core this is the way to > > > solve this issue. > > > > > > When/if a different mechanism is implemented in the core to solve the > > > lifetime of devices we will adopt it in uvc. > > > > > > Trace: > > > [ 1065.389723] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > > [ 1065.390160] drivers/media/usb/uvc/uvc_driver.c:2264 uvc_disconnect exit > > > [ 1065.433956] drivers/media/usb/uvc/uvc_v4l2.c:659 uvc_v4l2_release enter > > > [ 1065.433973] drivers/media/usb/uvc/uvc_video.c:2274 uvc_video_stop_streaming enter > > > [ 1065.434560] drivers/media/usb/uvc/uvc_video.c:2285 uvc_video_stop_streaming exit > > > [ 1065.435154] drivers/media/usb/uvc/uvc_v4l2.c:680 uvc_v4l2_release exit > > > [ 1065.435188] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > > > > > Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> > > > --- > > > drivers/media/usb/uvc/uvc_driver.c | 2 ++ > > > drivers/media/usb/uvc/uvc_video.c | 45 ++++++++++++++++++++++++-------------- > > > drivers/media/usb/uvc/uvcvideo.h | 2 ++ > > > 3 files changed, 32 insertions(+), 17 deletions(-) > > > > > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > > > index 08fcd2ffa727..413c32867617 100644 > > > --- a/drivers/media/usb/uvc/uvc_driver.c > > > +++ b/drivers/media/usb/uvc/uvc_driver.c > > > @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) > > > return; > > > > > > uvc_unregister_video(dev); > > > + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ > > > + smp_store_release(&dev->disconnected, true); > > > kref_put(&dev->ref, uvc_delete); > > > } > > > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > > > index 28dde08ec6c5..032b44e45b22 100644 > > > --- a/drivers/media/usb/uvc/uvc_video.c > > > +++ b/drivers/media/usb/uvc/uvc_video.c > > > @@ -2243,28 +2243,39 @@ int uvc_video_start_streaming(struct uvc_streaming *stream) > > > return ret; > > > } > > > > > > -void uvc_video_stop_streaming(struct uvc_streaming *stream) > > > +static void uvc_video_halt(struct uvc_streaming *stream) > > > { > > > - uvc_video_stop_transfer(stream, 1); > > > + unsigned int epnum; > > > + unsigned int pipe; > > > + unsigned int dir; > > > > > > if (stream->intf->num_altsetting > 1) { > > > > Doesn't this imply the device is using isochronous mode? > > I haven't changed the behaviour for halt, it is just that git diff is > being a bit too creative here: > > Basically it is doing: > > void video_halt() { > if (is_isoc()) { > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > return; > } > usb_clear_halt(); > } > > instead of the old: > > void video_halt() { > if (is_isoc()) { > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > } else { > usb_clear_halt(); > } > } > > Thanks! Oops. I missed the removal of the else branch altogether while reading the patch. Shouldn't you also ensure the disconnect callback won't return until the streaming has been stopped here? > > > > > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > > > - } else { > > > - /* > > > - * UVC doesn't specify how to inform a bulk-based device > > > - * when the video stream is stopped. Windows sends a > > > - * CLEAR_FEATURE(HALT) request to the video streaming > > > - * bulk endpoint, mimic the same behaviour. > > > - */ > > > - unsigned int epnum = stream->header.bEndpointAddress > > > - & USB_ENDPOINT_NUMBER_MASK; > > > - unsigned int dir = stream->header.bEndpointAddress > > > - & USB_ENDPOINT_DIR_MASK; > > > - unsigned int pipe; > > > - > > > - pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > > - usb_clear_halt(stream->dev->udev, pipe); > > > + return; > > > } > > > > > > + /* > > > + * UVC doesn't specify how to inform a bulk-based device > > > > Then this comment doesn't look right. What about the code? This isn't > > mentioned in the commit message either. > > > > > + * when the video stream is stopped. Windows sends a > > > + * CLEAR_FEATURE(HALT) request to the video streaming > > > + * bulk endpoint, mimic the same behaviour. > > > + */ > > > + epnum = stream->header.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; > > > + dir = stream->header.bEndpointAddress & USB_ENDPOINT_DIR_MASK; > > > + pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > > + usb_clear_halt(stream->dev->udev, pipe); > > > +} > > > + > > > +void uvc_video_stop_streaming(struct uvc_streaming *stream) > > > +{ > > > + uvc_video_stop_transfer(stream, 1); > > > + > > > + /* > > > + * Barrier needed to synchronize with uvc_disconnect(). > > > + * We cannot call usb_* functions on a disconnected USB device. > > > + */ > > > + if (!smp_load_acquire(&stream->dev->disconnected)) > > > + uvc_video_halt(stream); > > > + > > > uvc_video_clock_cleanup(stream); > > > } > > > diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h > > > index 6fb0a78b1b00..4318ce8e31db 100644 > > > --- a/drivers/media/usb/uvc/uvcvideo.h > > > +++ b/drivers/media/usb/uvc/uvcvideo.h > > > @@ -559,6 +559,8 @@ struct uvc_device { > > > unsigned int users; > > > atomic_t nmappings; > > > > > > + bool disconnected; > > > + > > > /* Video control interface */ > > > #ifdef CONFIG_MEDIA_CONTROLLER > > > struct media_device mdev;
Hi On Wed, 22 Nov 2023 at 12:04, Sakari Ailus <sakari.ailus@iki.fi> wrote: > > Hi Ricardo, > > On Wed, Nov 22, 2023 at 11:32:16AM +0100, Ricardo Ribalda wrote: > > Hi Sakari > > > > On Wed, 22 Nov 2023 at 11:25, Sakari Ailus <sakari.ailus@iki.fi> wrote: > > > > > > Hi Ricardo, > > > > > > Thank you for the patch. > > > > > > On Tue, Nov 21, 2023 at 07:53:49PM +0000, Ricardo Ribalda wrote: > > > > usb drivers should not call to any usb_() function after the > > > > .disconnect() callback has been triggered. > > > > > > > > If the camera is streaming, the uvc driver will call usb_set_interface or > > > > usb_clear_halt once the device is being released. Let's fix this issue. > > > > > > > > This is probably not the only driver affected with this kind of bug, but > > > > until there is a better way to do it in the core this is the way to > > > > solve this issue. > > > > > > > > When/if a different mechanism is implemented in the core to solve the > > > > lifetime of devices we will adopt it in uvc. > > > > > > > > Trace: > > > > [ 1065.389723] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > > > [ 1065.390160] drivers/media/usb/uvc/uvc_driver.c:2264 uvc_disconnect exit > > > > [ 1065.433956] drivers/media/usb/uvc/uvc_v4l2.c:659 uvc_v4l2_release enter > > > > [ 1065.433973] drivers/media/usb/uvc/uvc_video.c:2274 uvc_video_stop_streaming enter > > > > [ 1065.434560] drivers/media/usb/uvc/uvc_video.c:2285 uvc_video_stop_streaming exit > > > > [ 1065.435154] drivers/media/usb/uvc/uvc_v4l2.c:680 uvc_v4l2_release exit > > > > [ 1065.435188] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter > > > > > > > > Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> > > > > --- > > > > drivers/media/usb/uvc/uvc_driver.c | 2 ++ > > > > drivers/media/usb/uvc/uvc_video.c | 45 ++++++++++++++++++++++++-------------- > > > > drivers/media/usb/uvc/uvcvideo.h | 2 ++ > > > > 3 files changed, 32 insertions(+), 17 deletions(-) > > > > > > > > diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c > > > > index 08fcd2ffa727..413c32867617 100644 > > > > --- a/drivers/media/usb/uvc/uvc_driver.c > > > > +++ b/drivers/media/usb/uvc/uvc_driver.c > > > > @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) > > > > return; > > > > > > > > uvc_unregister_video(dev); > > > > + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ > > > > + smp_store_release(&dev->disconnected, true); > > > > kref_put(&dev->ref, uvc_delete); > > > > } > > > > > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > > > > index 28dde08ec6c5..032b44e45b22 100644 > > > > --- a/drivers/media/usb/uvc/uvc_video.c > > > > +++ b/drivers/media/usb/uvc/uvc_video.c > > > > @@ -2243,28 +2243,39 @@ int uvc_video_start_streaming(struct uvc_streaming *stream) > > > > return ret; > > > > } > > > > > > > > -void uvc_video_stop_streaming(struct uvc_streaming *stream) > > > > +static void uvc_video_halt(struct uvc_streaming *stream) > > > > { > > > > - uvc_video_stop_transfer(stream, 1); > > > > + unsigned int epnum; > > > > + unsigned int pipe; > > > > + unsigned int dir; > > > > > > > > if (stream->intf->num_altsetting > 1) { > > > > > > Doesn't this imply the device is using isochronous mode? > > > > I haven't changed the behaviour for halt, it is just that git diff is > > being a bit too creative here: > > > > Basically it is doing: > > > > void video_halt() { > > if (is_isoc()) { > > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > > return; > > } > > usb_clear_halt(); > > } > > > > instead of the old: > > > > void video_halt() { > > if (is_isoc()) { > > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > > } else { > > usb_clear_halt(); > > } > > } > > > > Thanks! > > Oops. I missed the removal of the else branch altogether while reading the > patch. > > Shouldn't you also ensure the disconnect callback won't return until the > streaming has been stopped here? This patch is just for calls after .disconnect. It will not protect for concurrent calls. I have sent a v4 making this explicit. We still need: media: uvcvideo: Lock video streams and queues while unregistering or similar. Thanks! > > > > > > > > usb_set_interface(stream->dev->udev, stream->intfnum, 0); > > > > - } else { > > > > - /* > > > > - * UVC doesn't specify how to inform a bulk-based device > > > > - * when the video stream is stopped. Windows sends a > > > > - * CLEAR_FEATURE(HALT) request to the video streaming > > > > - * bulk endpoint, mimic the same behaviour. > > > > - */ > > > > - unsigned int epnum = stream->header.bEndpointAddress > > > > - & USB_ENDPOINT_NUMBER_MASK; > > > > - unsigned int dir = stream->header.bEndpointAddress > > > > - & USB_ENDPOINT_DIR_MASK; > > > > - unsigned int pipe; > > > > - > > > > - pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > > > - usb_clear_halt(stream->dev->udev, pipe); > > > > + return; > > > > } > > > > > > > > + /* > > > > + * UVC doesn't specify how to inform a bulk-based device > > > > > > Then this comment doesn't look right. What about the code? This isn't > > > mentioned in the commit message either. > > > > > > > + * when the video stream is stopped. Windows sends a > > > > + * CLEAR_FEATURE(HALT) request to the video streaming > > > > + * bulk endpoint, mimic the same behaviour. > > > > + */ > > > > + epnum = stream->header.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; > > > > + dir = stream->header.bEndpointAddress & USB_ENDPOINT_DIR_MASK; > > > > + pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; > > > > + usb_clear_halt(stream->dev->udev, pipe); > > > > +} > > > > + > > > > +void uvc_video_stop_streaming(struct uvc_streaming *stream) > > > > +{ > > > > + uvc_video_stop_transfer(stream, 1); > > > > + > > > > + /* > > > > + * Barrier needed to synchronize with uvc_disconnect(). > > > > + * We cannot call usb_* functions on a disconnected USB device. > > > > + */ > > > > + if (!smp_load_acquire(&stream->dev->disconnected)) > > > > + uvc_video_halt(stream); > > > > + > > > > uvc_video_clock_cleanup(stream); > > > > } > > > > diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h > > > > index 6fb0a78b1b00..4318ce8e31db 100644 > > > > --- a/drivers/media/usb/uvc/uvcvideo.h > > > > +++ b/drivers/media/usb/uvc/uvcvideo.h > > > > @@ -559,6 +559,8 @@ struct uvc_device { > > > > unsigned int users; > > > > atomic_t nmappings; > > > > > > > > + bool disconnected; > > > > + > > > > /* Video control interface */ > > > > #ifdef CONFIG_MEDIA_CONTROLLER > > > > struct media_device mdev; > > -- > Kind regards, > > Sakari Ailus
diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index 08fcd2ffa727..413c32867617 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -2257,6 +2257,8 @@ static void uvc_disconnect(struct usb_interface *intf) return; uvc_unregister_video(dev); + /* Barrier needed to synchronize with uvc_video_stop_streaming(). */ + smp_store_release(&dev->disconnected, true); kref_put(&dev->ref, uvc_delete); } diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index 28dde08ec6c5..032b44e45b22 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -2243,28 +2243,39 @@ int uvc_video_start_streaming(struct uvc_streaming *stream) return ret; } -void uvc_video_stop_streaming(struct uvc_streaming *stream) +static void uvc_video_halt(struct uvc_streaming *stream) { - uvc_video_stop_transfer(stream, 1); + unsigned int epnum; + unsigned int pipe; + unsigned int dir; if (stream->intf->num_altsetting > 1) { usb_set_interface(stream->dev->udev, stream->intfnum, 0); - } else { - /* - * UVC doesn't specify how to inform a bulk-based device - * when the video stream is stopped. Windows sends a - * CLEAR_FEATURE(HALT) request to the video streaming - * bulk endpoint, mimic the same behaviour. - */ - unsigned int epnum = stream->header.bEndpointAddress - & USB_ENDPOINT_NUMBER_MASK; - unsigned int dir = stream->header.bEndpointAddress - & USB_ENDPOINT_DIR_MASK; - unsigned int pipe; - - pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; - usb_clear_halt(stream->dev->udev, pipe); + return; } + /* + * UVC doesn't specify how to inform a bulk-based device + * when the video stream is stopped. Windows sends a + * CLEAR_FEATURE(HALT) request to the video streaming + * bulk endpoint, mimic the same behaviour. + */ + epnum = stream->header.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK; + dir = stream->header.bEndpointAddress & USB_ENDPOINT_DIR_MASK; + pipe = usb_sndbulkpipe(stream->dev->udev, epnum) | dir; + usb_clear_halt(stream->dev->udev, pipe); +} + +void uvc_video_stop_streaming(struct uvc_streaming *stream) +{ + uvc_video_stop_transfer(stream, 1); + + /* + * Barrier needed to synchronize with uvc_disconnect(). + * We cannot call usb_* functions on a disconnected USB device. + */ + if (!smp_load_acquire(&stream->dev->disconnected)) + uvc_video_halt(stream); + uvc_video_clock_cleanup(stream); } diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h index 6fb0a78b1b00..4318ce8e31db 100644 --- a/drivers/media/usb/uvc/uvcvideo.h +++ b/drivers/media/usb/uvc/uvcvideo.h @@ -559,6 +559,8 @@ struct uvc_device { unsigned int users; atomic_t nmappings; + bool disconnected; + /* Video control interface */ #ifdef CONFIG_MEDIA_CONTROLLER struct media_device mdev;
usb drivers should not call to any usb_() function after the .disconnect() callback has been triggered. If the camera is streaming, the uvc driver will call usb_set_interface or usb_clear_halt once the device is being released. Let's fix this issue. This is probably not the only driver affected with this kind of bug, but until there is a better way to do it in the core this is the way to solve this issue. When/if a different mechanism is implemented in the core to solve the lifetime of devices we will adopt it in uvc. Trace: [ 1065.389723] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter [ 1065.390160] drivers/media/usb/uvc/uvc_driver.c:2264 uvc_disconnect exit [ 1065.433956] drivers/media/usb/uvc/uvc_v4l2.c:659 uvc_v4l2_release enter [ 1065.433973] drivers/media/usb/uvc/uvc_video.c:2274 uvc_video_stop_streaming enter [ 1065.434560] drivers/media/usb/uvc/uvc_video.c:2285 uvc_video_stop_streaming exit [ 1065.435154] drivers/media/usb/uvc/uvc_v4l2.c:680 uvc_v4l2_release exit [ 1065.435188] drivers/media/usb/uvc/uvc_driver.c:2248 uvc_disconnect enter Signed-off-by: Ricardo Ribalda <ribalda@chromium.org> --- drivers/media/usb/uvc/uvc_driver.c | 2 ++ drivers/media/usb/uvc/uvc_video.c | 45 ++++++++++++++++++++++++-------------- drivers/media/usb/uvc/uvcvideo.h | 2 ++ 3 files changed, 32 insertions(+), 17 deletions(-)