d68a867d74
commit 0d9cfc9b8cb17dbc29a98792d36ec39a1cf1395f upstream.
The Gemalto Cinterion PLS83-W modem (cdc_ether) is emitting confusing link
up and down events when the WWAN interface is activated on the modem-side.
Interrupt URBs will in consecutive polls grab:
* Link Connected
* Link Disconnected
* Link Connected
Where the last Connected is then a stable link state.
When the system is under load this may cause the unlink_urbs() work in
__handle_link_change() to not complete before the next usbnet_link_change()
call turns the carrier on again, allowing rx_submit() to queue new SKBs.
In that event the URB queue is filled faster than it can drain, ending up
in a RCU stall:
rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 0-.... } 33108 jiffies s: 201 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
Call trace:
arch_local_irq_enable+0x4/0x8
local_bh_enable+0x18/0x20
__netdev_alloc_skb+0x18c/0x1cc
rx_submit+0x68/0x1f8 [usbnet]
rx_alloc_submit+0x4c/0x74 [usbnet]
usbnet_bh+0x1d8/0x218 [usbnet]
usbnet_bh_tasklet+0x10/0x18 [usbnet]
tasklet_action_common+0xa8/0x110
tasklet_action+0x2c/0x34
handle_softirqs+0x2cc/0x3a0
__do_softirq+0x10/0x18
____do_softirq+0xc/0x14
call_on_irq_stack+0x24/0x34
do_softirq_own_stack+0x18/0x20
__irq_exit_rcu+0xa8/0xb8
irq_exit_rcu+0xc/0x30
el1_interrupt+0x34/0x48
el1h_64_irq_handler+0x14/0x1c
el1h_64_irq+0x68/0x6c
_raw_spin_unlock_irqrestore+0x38/0x48
xhci_urb_dequeue+0x1ac/0x45c [xhci_hcd]
unlink1+0xd4/0xdc [usbcore]
usb_hcd_unlink_urb+0x70/0xb0 [usbcore]
usb_unlink_urb+0x24/0x44 [usbcore]
unlink_urbs.constprop.0.isra.0+0x64/0xa8 [usbnet]
__handle_link_change+0x34/0x70 [usbnet]
usbnet_deferred_kevent+0x1c0/0x320 [usbnet]
process_scheduled_works+0x2d0/0x48c
worker_thread+0x150/0x1dc
kthread+0xd8/0xe8
ret_from_fork+0x10/0x20
Get around the problem by delaying the carrier on to the scheduled work.
This needs a new flag to keep track of the necessary action.
The carrier ok check cannot be removed as it remains required for the
LINK_RESET event flow.
Fixes: 4b49f58fff ("usbnet: handle link change")
Cc: stable@vger.kernel.org
Signed-off-by: John Ernberg <john.ernberg@actia.se>
Link: https://patch.msgid.link/20250723102526.1305339-1-john.ernberg@actia.se
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
302 lines
10 KiB
C
302 lines
10 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* USB Networking Link Interface
|
|
*
|
|
* Copyright (C) 2000-2005 by David Brownell <dbrownell@users.sourceforge.net>
|
|
* Copyright (C) 2003-2005 David Hollis <dhollis@davehollis.com>
|
|
*/
|
|
|
|
#ifndef __LINUX_USB_USBNET_H
|
|
#define __LINUX_USB_USBNET_H
|
|
|
|
#include <linux/mii.h>
|
|
#include <linux/netdevice.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/types.h>
|
|
#include <linux/usb.h>
|
|
|
|
/* interface from usbnet core to each USB networking link we handle */
|
|
struct usbnet {
|
|
/* housekeeping */
|
|
struct usb_device *udev;
|
|
struct usb_interface *intf;
|
|
const struct driver_info *driver_info;
|
|
const char *driver_name;
|
|
void *driver_priv;
|
|
wait_queue_head_t wait;
|
|
struct mutex phy_mutex;
|
|
unsigned char suspend_count;
|
|
unsigned char pkt_cnt, pkt_err;
|
|
unsigned short rx_qlen, tx_qlen;
|
|
unsigned can_dma_sg:1;
|
|
|
|
/* i/o info: pipes etc */
|
|
unsigned in, out;
|
|
struct usb_host_endpoint *status;
|
|
unsigned maxpacket;
|
|
struct timer_list delay;
|
|
const char *padding_pkt;
|
|
|
|
/* protocol/interface state */
|
|
struct net_device *net;
|
|
int msg_enable;
|
|
unsigned long data[5];
|
|
u32 xid;
|
|
u32 hard_mtu; /* count any extra framing */
|
|
size_t rx_urb_size; /* size for rx urbs */
|
|
struct mii_if_info mii;
|
|
long rx_speed; /* If MII not used */
|
|
long tx_speed; /* If MII not used */
|
|
# define SPEED_UNSET -1
|
|
|
|
/* various kinds of pending driver work */
|
|
struct sk_buff_head rxq;
|
|
struct sk_buff_head txq;
|
|
struct sk_buff_head done;
|
|
struct sk_buff_head rxq_pause;
|
|
struct urb *interrupt;
|
|
unsigned interrupt_count;
|
|
struct mutex interrupt_mutex;
|
|
struct usb_anchor deferred;
|
|
struct tasklet_struct bh;
|
|
|
|
struct work_struct kevent;
|
|
unsigned long flags;
|
|
# define EVENT_TX_HALT 0
|
|
# define EVENT_RX_HALT 1
|
|
# define EVENT_RX_MEMORY 2
|
|
# define EVENT_STS_SPLIT 3
|
|
# define EVENT_LINK_RESET 4
|
|
# define EVENT_RX_PAUSED 5
|
|
# define EVENT_DEV_ASLEEP 6
|
|
# define EVENT_DEV_OPEN 7
|
|
# define EVENT_DEVICE_REPORT_IDLE 8
|
|
# define EVENT_NO_RUNTIME_PM 9
|
|
# define EVENT_RX_KILL 10
|
|
# define EVENT_LINK_CHANGE 11
|
|
# define EVENT_SET_RX_MODE 12
|
|
# define EVENT_NO_IP_ALIGN 13
|
|
# define EVENT_LINK_CARRIER_ON 14
|
|
/* This one is special, as it indicates that the device is going away
|
|
* there are cyclic dependencies between tasklet, timer and bh
|
|
* that must be broken
|
|
*/
|
|
# define EVENT_UNPLUG 31
|
|
};
|
|
|
|
static inline bool usbnet_going_away(struct usbnet *ubn)
|
|
{
|
|
return test_bit(EVENT_UNPLUG, &ubn->flags);
|
|
}
|
|
|
|
static inline void usbnet_mark_going_away(struct usbnet *ubn)
|
|
{
|
|
set_bit(EVENT_UNPLUG, &ubn->flags);
|
|
}
|
|
|
|
static inline struct usb_driver *driver_of(struct usb_interface *intf)
|
|
{
|
|
return to_usb_driver(intf->dev.driver);
|
|
}
|
|
|
|
/* interface from the device/framing level "minidriver" to core */
|
|
struct driver_info {
|
|
char *description;
|
|
|
|
int flags;
|
|
/* framing is CDC Ethernet, not writing ZLPs (hw issues), or optionally: */
|
|
#define FLAG_FRAMING_NC 0x0001 /* guard against device dropouts */
|
|
#define FLAG_FRAMING_GL 0x0002 /* genelink batches packets */
|
|
#define FLAG_FRAMING_Z 0x0004 /* zaurus adds a trailer */
|
|
#define FLAG_FRAMING_RN 0x0008 /* RNDIS batches, plus huge header */
|
|
|
|
#define FLAG_NO_SETINT 0x0010 /* device can't set_interface() */
|
|
#define FLAG_ETHER 0x0020 /* maybe use "eth%d" names */
|
|
|
|
#define FLAG_FRAMING_AX 0x0040 /* AX88772/178 packets */
|
|
#define FLAG_WLAN 0x0080 /* use "wlan%d" names */
|
|
#define FLAG_AVOID_UNLINK_URBS 0x0100 /* don't unlink urbs at usbnet_stop() */
|
|
#define FLAG_SEND_ZLP 0x0200 /* hw requires ZLPs are sent */
|
|
#define FLAG_WWAN 0x0400 /* use "wwan%d" names */
|
|
|
|
#define FLAG_LINK_INTR 0x0800 /* updates link (carrier) status */
|
|
|
|
#define FLAG_POINTTOPOINT 0x1000 /* possibly use "usb%d" names */
|
|
|
|
/*
|
|
* Indicates to usbnet, that USB driver accumulates multiple IP packets.
|
|
* Affects statistic (counters) and short packet handling.
|
|
*/
|
|
#define FLAG_MULTI_PACKET 0x2000
|
|
#define FLAG_RX_ASSEMBLE 0x4000 /* rx packets may span >1 frames */
|
|
#define FLAG_NOARP 0x8000 /* device can't do ARP */
|
|
|
|
/* init device ... can sleep, or cause probe() failure */
|
|
int (*bind)(struct usbnet *, struct usb_interface *);
|
|
|
|
/* cleanup device ... can sleep, but can't fail */
|
|
void (*unbind)(struct usbnet *, struct usb_interface *);
|
|
|
|
/* reset device ... can sleep */
|
|
int (*reset)(struct usbnet *);
|
|
|
|
/* stop device ... can sleep */
|
|
int (*stop)(struct usbnet *);
|
|
|
|
/* see if peer is connected ... can sleep */
|
|
int (*check_connect)(struct usbnet *);
|
|
|
|
/* (dis)activate runtime power management */
|
|
int (*manage_power)(struct usbnet *, int);
|
|
|
|
/* for status polling */
|
|
void (*status)(struct usbnet *, struct urb *);
|
|
|
|
/* link reset handling, called from defer_kevent */
|
|
int (*link_reset)(struct usbnet *);
|
|
|
|
/* fixup rx packet (strip framing) */
|
|
int (*rx_fixup)(struct usbnet *dev, struct sk_buff *skb);
|
|
|
|
/* fixup tx packet (add framing) */
|
|
struct sk_buff *(*tx_fixup)(struct usbnet *dev,
|
|
struct sk_buff *skb, gfp_t flags);
|
|
|
|
/* recover from timeout */
|
|
void (*recover)(struct usbnet *dev);
|
|
|
|
/* early initialization code, can sleep. This is for minidrivers
|
|
* having 'subminidrivers' that need to do extra initialization
|
|
* right after minidriver have initialized hardware. */
|
|
int (*early_init)(struct usbnet *dev);
|
|
|
|
/* called by minidriver when receiving indication */
|
|
void (*indication)(struct usbnet *dev, void *ind, int indlen);
|
|
|
|
/* rx mode change (device changes address list filtering) */
|
|
void (*set_rx_mode)(struct usbnet *dev);
|
|
|
|
/* for new devices, use the descriptor-reading code instead */
|
|
int in; /* rx endpoint */
|
|
int out; /* tx endpoint */
|
|
|
|
unsigned long data; /* Misc driver specific data */
|
|
};
|
|
|
|
/* Minidrivers are just drivers using the "usbnet" core as a powerful
|
|
* network-specific subroutine library ... that happens to do pretty
|
|
* much everything except custom framing and chip-specific stuff.
|
|
*/
|
|
extern int usbnet_probe(struct usb_interface *, const struct usb_device_id *);
|
|
extern int usbnet_suspend(struct usb_interface *, pm_message_t);
|
|
extern int usbnet_resume(struct usb_interface *);
|
|
extern void usbnet_disconnect(struct usb_interface *);
|
|
extern void usbnet_device_suggests_idle(struct usbnet *dev);
|
|
|
|
extern int usbnet_read_cmd(struct usbnet *dev, u8 cmd, u8 reqtype,
|
|
u16 value, u16 index, void *data, u16 size);
|
|
extern int usbnet_write_cmd(struct usbnet *dev, u8 cmd, u8 reqtype,
|
|
u16 value, u16 index, const void *data, u16 size);
|
|
extern int usbnet_read_cmd_nopm(struct usbnet *dev, u8 cmd, u8 reqtype,
|
|
u16 value, u16 index, void *data, u16 size);
|
|
extern int usbnet_write_cmd_nopm(struct usbnet *dev, u8 cmd, u8 reqtype,
|
|
u16 value, u16 index, const void *data, u16 size);
|
|
extern int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype,
|
|
u16 value, u16 index, const void *data, u16 size);
|
|
|
|
/* Drivers that reuse some of the standard USB CDC infrastructure
|
|
* (notably, using multiple interfaces according to the CDC
|
|
* union descriptor) get some helper code.
|
|
*/
|
|
struct cdc_state {
|
|
struct usb_cdc_header_desc *header;
|
|
struct usb_cdc_union_desc *u;
|
|
struct usb_cdc_ether_desc *ether;
|
|
struct usb_interface *control;
|
|
struct usb_interface *data;
|
|
};
|
|
|
|
extern void usbnet_cdc_update_filter(struct usbnet *dev);
|
|
extern int usbnet_generic_cdc_bind(struct usbnet *, struct usb_interface *);
|
|
extern int usbnet_ether_cdc_bind(struct usbnet *dev, struct usb_interface *intf);
|
|
extern int usbnet_cdc_bind(struct usbnet *, struct usb_interface *);
|
|
extern void usbnet_cdc_unbind(struct usbnet *, struct usb_interface *);
|
|
extern void usbnet_cdc_status(struct usbnet *, struct urb *);
|
|
extern int usbnet_cdc_zte_rx_fixup(struct usbnet *dev, struct sk_buff *skb);
|
|
|
|
/* CDC and RNDIS support the same host-chosen packet filters for IN transfers */
|
|
#define DEFAULT_FILTER (USB_CDC_PACKET_TYPE_BROADCAST \
|
|
|USB_CDC_PACKET_TYPE_ALL_MULTICAST \
|
|
|USB_CDC_PACKET_TYPE_PROMISCUOUS \
|
|
|USB_CDC_PACKET_TYPE_DIRECTED)
|
|
|
|
|
|
/* we record the state for each of our queued skbs */
|
|
enum skb_state {
|
|
illegal = 0,
|
|
tx_start, tx_done,
|
|
rx_start, rx_done, rx_cleanup,
|
|
unlink_start
|
|
};
|
|
|
|
struct skb_data { /* skb->cb is one of these */
|
|
struct urb *urb;
|
|
struct usbnet *dev;
|
|
enum skb_state state;
|
|
long length;
|
|
unsigned long packets;
|
|
};
|
|
|
|
/* Drivers that set FLAG_MULTI_PACKET must call this in their
|
|
* tx_fixup method before returning an skb.
|
|
*/
|
|
static inline void
|
|
usbnet_set_skb_tx_stats(struct sk_buff *skb,
|
|
unsigned long packets, long bytes_delta)
|
|
{
|
|
struct skb_data *entry = (struct skb_data *) skb->cb;
|
|
|
|
entry->packets = packets;
|
|
entry->length = bytes_delta;
|
|
}
|
|
|
|
extern int usbnet_open(struct net_device *net);
|
|
extern int usbnet_stop(struct net_device *net);
|
|
extern netdev_tx_t usbnet_start_xmit(struct sk_buff *skb,
|
|
struct net_device *net);
|
|
extern void usbnet_tx_timeout(struct net_device *net, unsigned int txqueue);
|
|
extern int usbnet_change_mtu(struct net_device *net, int new_mtu);
|
|
|
|
extern int usbnet_get_endpoints(struct usbnet *, struct usb_interface *);
|
|
extern int usbnet_get_ethernet_addr(struct usbnet *, int);
|
|
extern void usbnet_defer_kevent(struct usbnet *, int);
|
|
extern void usbnet_skb_return(struct usbnet *, struct sk_buff *);
|
|
extern void usbnet_unlink_rx_urbs(struct usbnet *);
|
|
|
|
extern void usbnet_pause_rx(struct usbnet *);
|
|
extern void usbnet_resume_rx(struct usbnet *);
|
|
extern void usbnet_purge_paused_rxq(struct usbnet *);
|
|
|
|
extern int usbnet_get_link_ksettings_mii(struct net_device *net,
|
|
struct ethtool_link_ksettings *cmd);
|
|
extern int usbnet_set_link_ksettings_mii(struct net_device *net,
|
|
const struct ethtool_link_ksettings *cmd);
|
|
extern int usbnet_get_link_ksettings_internal(struct net_device *net,
|
|
struct ethtool_link_ksettings *cmd);
|
|
extern u32 usbnet_get_link(struct net_device *net);
|
|
extern u32 usbnet_get_msglevel(struct net_device *);
|
|
extern void usbnet_set_msglevel(struct net_device *, u32);
|
|
extern void usbnet_set_rx_mode(struct net_device *net);
|
|
extern void usbnet_get_drvinfo(struct net_device *, struct ethtool_drvinfo *);
|
|
extern int usbnet_nway_reset(struct net_device *net);
|
|
|
|
extern int usbnet_manage_power(struct usbnet *, int);
|
|
extern void usbnet_link_change(struct usbnet *, bool, bool);
|
|
|
|
extern int usbnet_status_start(struct usbnet *dev, gfp_t mem_flags);
|
|
extern void usbnet_status_stop(struct usbnet *dev);
|
|
|
|
extern void usbnet_update_max_qlen(struct usbnet *dev);
|
|
|
|
#endif /* __LINUX_USB_USBNET_H */
|