tech-kern: Another possible bugfix for usb?

Subject: Another possible bugfix for usb?
To: Lennart Augustsson <lennart@augustsson.net>
From: Alfred Perlstein <bright@mu.org>
List: tech-kern
Date: 03/07/2002 20:40:12
sorry for  the mangled diff...

Index: usbdi_util.c
===================================================================
RCS file: /home/netcvs/syssrc/sys/dev/usb/usbdi_util.c,v
retrieving revision 1.39
diff -u -r1.39 usbdi_util.c
--- usbdi_util.c        2001/12/27 11:24:42     1.39
+++ usbdi_util.c        2002/03/08 07:29:05
@@ -455,12 +456,12 @@
        splx(s);
        if (error) {
                DPRINTF(("usbd_bulk_transfer: tsleep=%d\n", error));
-               usbd_abort_pipe(pipe);
                return (USBD_INTERRUPTED);
        }
        usbd_get_xfer_status(xfer, NULL, NULL, size, &err);



I think that causes a double abort of the pipe and causes a
panic, somehow in:

#9  0xc012bece in ohci_device_bulk_abort (xfer=0xc0534880)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/ohci.c:2881
#10 0xc0251a14 in usbd_ar_pipe (pipe=0xc0534c80)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/usbdi.c:750
#11 0xc025173f in usbd_abort_pipe (pipe=0xc0534c80)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/usbdi.c:550
#12 0xc02528e0 in usbd_bulk_transfer (xfer=0xc0534880, pipe=0xc0534c80, 
    flags=1, timeout=0, buf=0xc6b34000, size=0xc6b30d4c, 
    lbl=0xc02be47c "ulptrd")
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/usbdi_util.c:459
#13 0xc025a154 in ulpt_do_io (sc=0xc0493100, uio=0xc6b30ee0, flags=16, dir=0)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/ulpt.c:665
#14 0xc025a27c in ulptread (dev=14656, uio=0xc6b30ee0, flags=16)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../dev/usb/ulpt.c:722
#15 0xc0172972 in spec_read (v=0xc6b30e3c)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../miscfs/specfs/spec_vnops.c:288
#16 0xc01e2417 in ufsspec_read (v=0xc6b30e3c)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../ufs/ufs/ufs_vnops.c:1714
#17 0xc0168a7b in VOP_READ (vp=0xc6a8180c, uio=0xc6b30ee0, ioflag=16, 
    cred=0xc0534900)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../kern/vnode_if.c:425
#18 0xc016834b in vn_read (fp=0xc68d87ec, offset=0xc68d8814, uio=0xc6b30ee0, 
    cred=0xc0534900, flags=1)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../kern/vfs_vnops.c:398
#19 0xc014cbee in dofileread (p=0xc6af3c9c, fd=9, fp=0xc68d87ec, 
    buf=0x8080000, nbyte=6, offset=0xc68d8814, flags=1, retval=0xc6b30f78)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../kern/sys_generic.c:142
#20 0xc014cb42 in sys_read (p=0xc6af3c9c, v=0xc6b30f80, retval=0xc6b30f78)
    at /usr/src/sys/arch/i386/compile/BRAZZEN_TINY/../../../../kern/sys_generic.

it looks like it's getting called twice...

Anyhow, now I get  a panic at close(), same place, looks like we shouldn't
be automagically aborting the pipe, either that or we need code to realize
that a pipe is already aborted and shouldn't be again.  Otherwise when you
call into ohci_device_bulk_abort() again it smashes the stack. :(
not tracking the 

-Alfred