Skip to content

Commit bb1b40c

Browse files
Alexander Kappnerdavem330
Alexander Kappner
authored and
davem330
committed
usbnet: ipheth: prevent TX queue timeouts when device not ready
iOS devices require the host to be "trusted" before servicing network packets. Establishing trust requires the user to confirm a dialog on the iOS device.Until trust is established, the iOS device will silently discard network packets from the host. Currently, the ipheth driver does not detect whether an iOS device has established trust with the host, and immediately sets up the transmit queues. This causes the following problems: - Kernel taint due to WARN() in netdev watchdog. - Dmesg spam ("TX timeout"). - Disruption of user space networking activity (dhcpd, etc...) when new interface comes up but cannot be used. - Unnecessary host and device wakeups and USB traffic Example dmesg output: [ 1101.319778] NETDEV WATCHDOG: eth1 (ipheth): transmit queue 0 timed out [ 1101.319817] ------------[ cut here ]------------ [ 1101.319828] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:316 dev_watchdog+0x20f/0x220 [ 1101.319831] Modules linked in: ipheth usbmon nvidia_drm(PO) nvidia_modeset(PO) nvidia(PO) iwlmvm mac80211 iwlwifi btusb btrtl btbcm btintel qmi_wwan bluetooth cfg80211 ecdh_generic thinkpad_acpi rfkill [last unloaded: ipheth] [ 1101.319861] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P O 4.13.12.1 #1 [ 1101.319864] Hardware name: LENOVO 20ENCTO1WW/20ENCTO1WW, BIOS N1EET62W (1.35 ) 11/10/2016 [ 1101.319867] task: ffffffff81e11500 task.stack: ffffffff81e00000 [ 1101.319873] RIP: 0010:dev_watchdog+0x20f/0x220 [ 1101.319876] RSP: 0018:ffff8810a3c03e98 EFLAGS: 00010292 [ 1101.319880] RAX: 000000000000003a RBX: 0000000000000000 RCX: 0000000000000000 [ 1101.319883] RDX: ffff8810a3c15c48 RSI: ffffffff81ccbfc2 RDI: 00000000ffffffff [ 1101.319886] RBP: ffff880c04ebc41c R08: 0000000000000000 R09: 0000000000000379 [ 1101.319889] R10: 00000100696589d0 R11: 0000000000000378 R12: ffff880c04ebc000 [ 1101.319892] R13: 0000000000000000 R14: 0000000000000001 R15: ffff880c2865fc80 [ 1101.319896] FS: 0000000000000000(0000) GS:ffff8810a3c00000(0000) knlGS:0000000000000000 [ 1101.319899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1101.319902] CR2: 00007f3ff24ac000 CR3: 0000000001e0a000 CR4: 00000000003406f0 [ 1101.319905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1101.319908] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1101.319910] Call Trace: [ 1101.319914] <IRQ> [ 1101.319921] ? dev_graft_qdisc+0x70/0x70 [ 1101.319928] ? dev_graft_qdisc+0x70/0x70 [ 1101.319934] ? call_timer_fn+0x2e/0x170 [ 1101.319939] ? dev_graft_qdisc+0x70/0x70 [ 1101.319944] ? run_timer_softirq+0x1ea/0x440 [ 1101.319951] ? timerqueue_add+0x54/0x80 [ 1101.319956] ? enqueue_hrtimer+0x38/0xa0 [ 1101.319963] ? __do_softirq+0xed/0x2e7 [ 1101.319970] ? irq_exit+0xb4/0xc0 [ 1101.319976] ? smp_apic_timer_interrupt+0x39/0x50 [ 1101.319981] ? apic_timer_interrupt+0x8c/0xa0 [ 1101.319983] </IRQ> [ 1101.319992] ? cpuidle_enter_state+0xfa/0x2a0 [ 1101.319999] ? do_idle+0x1a3/0x1f0 [ 1101.320004] ? cpu_startup_entry+0x5f/0x70 [ 1101.320011] ? start_kernel+0x444/0x44c [ 1101.320017] ? early_idt_handler_array+0x120/0x120 [ 1101.320023] ? x86_64_start_kernel+0x145/0x154 [ 1101.320028] ? secondary_startup_64+0x9f/0x9f [ 1101.320033] Code: 20 04 00 00 eb 9f 4c 89 e7 c6 05 59 44 71 00 01 e8 a7 df fd ff 89 d9 4c 89 e6 48 c7 c7 70 b7 cd 81 48 89 c2 31 c0 e8 97 64 90 ff <0f> ff eb bf 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 [ 1101.320103] ---[ end trace 0cc4d251e2b57080 ]--- [ 1101.320110] ipheth 1-5:4.2: ipheth_tx_timeout: TX timeout The last message "TX timeout" is repeated every 5 seconds until trust is established or the device is disconnected, filling up dmesg. The proposed patch eliminates the problem by, upon connection, keeping the TX queue and carrier disabled until a packet is first received from the iOS device. This is reflected by the confirmed_pairing variable in the device structure. Only after at least one packet has been received from the iOS device, the transmit queue and carrier are brought up during the periodic device poll in ipheth_carrier_set. Because the iOS device will always send a packet immediately upon trust being established, this should not delay the interface becoming useable. To prevent failed UBRs in ipheth_rcvbulk_callback from perpetually re-enabling the queue if it was disabled, a new check is added so only successful transfers re-enable the queue, whereas failed transfers only trigger an immediate poll. This has the added benefit of removing the periodic control requests to the iOS device until trust has been established and thus should reduce wakeup events on both the host and the iOS device. Signed-off-by: Alexander Kappner <agk@godking.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent feb8892 commit bb1b40c

File tree

1 file changed

+21
-9
lines changed

1 file changed

+21
-9
lines changed

drivers/net/usb/ipheth.c

Lines changed: 21 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,7 @@ struct ipheth_device {
149149
u8 bulk_in;
150150
u8 bulk_out;
151151
struct delayed_work carrier_work;
152+
bool confirmed_pairing;
152153
};
153154

154155
static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags);
@@ -259,7 +260,7 @@ static void ipheth_rcvbulk_callback(struct urb *urb)
259260

260261
dev->net->stats.rx_packets++;
261262
dev->net->stats.rx_bytes += len;
262-
263+
dev->confirmed_pairing = true;
263264
netif_rx(skb);
264265
ipheth_rx_submit(dev, GFP_ATOMIC);
265266
}
@@ -281,14 +282,21 @@ static void ipheth_sndbulk_callback(struct urb *urb)
281282
__func__, status);
282283

283284
dev_kfree_skb_irq(dev->tx_skb);
284-
netif_wake_queue(dev->net);
285+
if (status == 0)
286+
netif_wake_queue(dev->net);
287+
else
288+
// on URB error, trigger immediate poll
289+
schedule_delayed_work(&dev->carrier_work, 0);
285290
}
286291

287292
static int ipheth_carrier_set(struct ipheth_device *dev)
288293
{
289294
struct usb_device *udev = dev->udev;
290295
int retval;
291-
296+
if (!dev)
297+
return 0;
298+
if (!dev->confirmed_pairing)
299+
return 0;
292300
retval = usb_control_msg(udev,
293301
usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
294302
IPHETH_CMD_CARRIER_CHECK, /* request */
@@ -303,11 +311,14 @@ static int ipheth_carrier_set(struct ipheth_device *dev)
303311
return retval;
304312
}
305313

306-
if (dev->ctrl_buf[0] == IPHETH_CARRIER_ON)
314+
if (dev->ctrl_buf[0] == IPHETH_CARRIER_ON) {
307315
netif_carrier_on(dev->net);
308-
else
316+
if (dev->tx_urb->status != -EINPROGRESS)
317+
netif_wake_queue(dev->net);
318+
} else {
309319
netif_carrier_off(dev->net);
310-
320+
netif_stop_queue(dev->net);
321+
}
311322
return 0;
312323
}
313324

@@ -387,7 +398,6 @@ static int ipheth_open(struct net_device *net)
387398
return retval;
388399

389400
schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
390-
netif_start_queue(net);
391401
return retval;
392402
}
393403

@@ -491,7 +501,7 @@ static int ipheth_probe(struct usb_interface *intf,
491501
dev->udev = udev;
492502
dev->net = netdev;
493503
dev->intf = intf;
494-
504+
dev->confirmed_pairing = false;
495505
/* Set up endpoints */
496506
hintf = usb_altnum_to_altsetting(intf, IPHETH_ALT_INTFNUM);
497507
if (hintf == NULL) {
@@ -542,7 +552,9 @@ static int ipheth_probe(struct usb_interface *intf,
542552
retval = -EIO;
543553
goto err_register_netdev;
544554
}
545-
555+
// carrier down and transmit queues stopped until packet from device
556+
netif_carrier_off(netdev);
557+
netif_tx_stop_all_queues(netdev);
546558
dev_info(&intf->dev, "Apple iPhone USB Ethernet device attached\n");
547559
return 0;
548560

0 commit comments

Comments
 (0)