Intel xhci: Limit number of active endpoints to 64.
Sarah Sharp [Wed, 11 May 2011 23:14:58 +0000 (16:14 -0700)]
The Panther Point chipset has an xHCI host controller that has a limit to
the number of active endpoints it can handle.  Ideally, it would signal
that it can't handle anymore endpoints by returning a Resource Error for
the Configure Endpoint command, but they don't.  Instead it needs software
to keep track of the number of active endpoints, across configure endpoint
commands, reset device commands, disable slot commands, and address device
commands.

Add a new endpoint context counter, xhci_hcd->num_active_eps, and use it
to track the number of endpoints the xHC has active.  This gets a little
tricky, because commands to change the number of active endpoints can
fail.  This patch adds a new xHCI quirk for these Intel hosts, and the new
code should not have any effect on other xHCI host controllers.

Fail a new device allocation if we don't have room for the new default
control endpoint.  Use the endpoint ring pointers to determine what
endpoints were active before a Reset Device command or a Disable Slot
command, and drop those once the command completes.

Fail a configure endpoint command if it would add too many new endpoints.
We have to be a bit over zealous here, and only count the number of new
endpoints to be added, without subtracting the number of dropped
endpoints.  That's because a second configure endpoint command for a
different device could sneak in before we know if the first command is
completed.  If the first command dropped resources, the host controller
fails the command for some reason, and we're nearing the limit of
endpoints, we could end up oversubscribing the host.

To fix this race condition, when evaluating whether a configure endpoint
command will fix in our bandwidth budget, only add the new endpoints to
xhci->num_active_eps, and don't subtract the dropped endpoints.  Ignore
changed endpoints (ones that are dropped and then re-added), as that
shouldn't effect the host's endpoint resources.  When the configure
endpoint command completes, subtract off the dropped endpoints.

This may mean some configuration changes may temporarily fail, but it's
always better to under-subscribe than over-subscribe resources.

(Originally my plan had been to push the resource allocation down into the
ring allocation functions.  However, that would cause us to allocate
unnecessary resources when endpoints were changed, because the xHCI driver
allocates a new ring for the changed endpoint, and only deletes the old
ring once the Configure Endpoint command succeeds.  A further complication
would have been dealing with the per-device endpoint ring cache.)

Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>

drivers/usb/host/xhci-pci.c
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h

index eafd17f..c408e9f 100644 (file)
@@ -121,6 +121,8 @@ static int xhci_pci_setup(struct usb_hcd *hcd)
        if (pdev->vendor == PCI_VENDOR_ID_INTEL &&
                        pdev->device == PCI_DEVICE_ID_INTEL_PANTHERPOINT_XHCI) {
                xhci->quirks |= XHCI_SPURIOUS_SUCCESS;
+               xhci->quirks |= XHCI_EP_LIMIT_QUIRK;
+               xhci->limit_active_eps = 64;
        }
 
        /* Make sure the HC is halted. */
index 56f6c58..cc1485b 100644 (file)
@@ -1081,8 +1081,13 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
                complete(&xhci->addr_dev);
                break;
        case TRB_TYPE(TRB_DISABLE_SLOT):
-               if (xhci->devs[slot_id])
+               if (xhci->devs[slot_id]) {
+                       if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
+                               /* Delete default control endpoint resources */
+                               xhci_free_device_endpoint_resources(xhci,
+                                               xhci->devs[slot_id], true);
                        xhci_free_virt_device(xhci, slot_id);
+               }
                break;
        case TRB_TYPE(TRB_CONFIG_EP):
                virt_dev = xhci->devs[slot_id];
index 58183d2..d9660eb 100644 (file)
@@ -1582,6 +1582,113 @@ static int xhci_evaluate_context_result(struct xhci_hcd *xhci,
        return ret;
 }
 
+static u32 xhci_count_num_new_endpoints(struct xhci_hcd *xhci,
+               struct xhci_container_ctx *in_ctx)
+{
+       struct xhci_input_control_ctx *ctrl_ctx;
+       u32 valid_add_flags;
+       u32 valid_drop_flags;
+
+       ctrl_ctx = xhci_get_input_control_ctx(xhci, in_ctx);
+       /* Ignore the slot flag (bit 0), and the default control endpoint flag
+        * (bit 1).  The default control endpoint is added during the Address
+        * Device command and is never removed until the slot is disabled.
+        */
+       valid_add_flags = ctrl_ctx->add_flags >> 2;
+       valid_drop_flags = ctrl_ctx->drop_flags >> 2;
+
+       /* Use hweight32 to count the number of ones in the add flags, or
+        * number of endpoints added.  Don't count endpoints that are changed
+        * (both added and dropped).
+        */
+       return hweight32(valid_add_flags) -
+               hweight32(valid_add_flags & valid_drop_flags);
+}
+
+static unsigned int xhci_count_num_dropped_endpoints(struct xhci_hcd *xhci,
+               struct xhci_container_ctx *in_ctx)
+{
+       struct xhci_input_control_ctx *ctrl_ctx;
+       u32 valid_add_flags;
+       u32 valid_drop_flags;
+
+       ctrl_ctx = xhci_get_input_control_ctx(xhci, in_ctx);
+       valid_add_flags = ctrl_ctx->add_flags >> 2;
+       valid_drop_flags = ctrl_ctx->drop_flags >> 2;
+
+       return hweight32(valid_drop_flags) -
+               hweight32(valid_add_flags & valid_drop_flags);
+}
+
+/*
+ * We need to reserve the new number of endpoints before the configure endpoint
+ * command completes.  We can't subtract the dropped endpoints from the number
+ * of active endpoints until the command completes because we can oversubscribe
+ * the host in this case:
+ *
+ *  - the first configure endpoint command drops more endpoints than it adds
+ *  - a second configure endpoint command that adds more endpoints is queued
+ *  - the first configure endpoint command fails, so the config is unchanged
+ *  - the second command may succeed, even though there isn't enough resources
+ *
+ * Must be called with xhci->lock held.
+ */
+static int xhci_reserve_host_resources(struct xhci_hcd *xhci,
+               struct xhci_container_ctx *in_ctx)
+{
+       u32 added_eps;
+
+       added_eps = xhci_count_num_new_endpoints(xhci, in_ctx);
+       if (xhci->num_active_eps + added_eps > xhci->limit_active_eps) {
+               xhci_dbg(xhci, "Not enough ep ctxs: "
+                               "%u active, need to add %u, limit is %u.\n",
+                               xhci->num_active_eps, added_eps,
+                               xhci->limit_active_eps);
+               return -ENOMEM;
+       }
+       xhci->num_active_eps += added_eps;
+       xhci_dbg(xhci, "Adding %u ep ctxs, %u now active.\n", added_eps,
+                       xhci->num_active_eps);
+       return 0;
+}
+
+/*
+ * The configure endpoint was failed by the xHC for some other reason, so we
+ * need to revert the resources that failed configuration would have used.
+ *
+ * Must be called with xhci->lock held.
+ */
+static void xhci_free_host_resources(struct xhci_hcd *xhci,
+               struct xhci_container_ctx *in_ctx)
+{
+       u32 num_failed_eps;
+
+       num_failed_eps = xhci_count_num_new_endpoints(xhci, in_ctx);
+       xhci->num_active_eps -= num_failed_eps;
+       xhci_dbg(xhci, "Removing %u failed ep ctxs, %u now active.\n",
+                       num_failed_eps,
+                       xhci->num_active_eps);
+}
+
+/*
+ * Now that the command has completed, clean up the active endpoint count by
+ * subtracting out the endpoints that were dropped (but not changed).
+ *
+ * Must be called with xhci->lock held.
+ */
+static void xhci_finish_resource_reservation(struct xhci_hcd *xhci,
+               struct xhci_container_ctx *in_ctx)
+{
+       u32 num_dropped_eps;
+
+       num_dropped_eps = xhci_count_num_dropped_endpoints(xhci, in_ctx);
+       xhci->num_active_eps -= num_dropped_eps;
+       if (num_dropped_eps)
+               xhci_dbg(xhci, "Removing %u dropped ep ctxs, %u now active.\n",
+                               num_dropped_eps,
+                               xhci->num_active_eps);
+}
+
 /* Issue a configure endpoint command or evaluate context command
  * and wait for it to finish.
  */
@@ -1602,6 +1709,15 @@ static int xhci_configure_endpoint(struct xhci_hcd *xhci,
        virt_dev = xhci->devs[udev->slot_id];
        if (command) {
                in_ctx = command->in_ctx;
+               if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK) &&
+                               xhci_reserve_host_resources(xhci, in_ctx)) {
+                       spin_unlock_irqrestore(&xhci->lock, flags);
+                       xhci_warn(xhci, "Not enough host resources, "
+                                       "active endpoint contexts = %u\n",
+                                       xhci->num_active_eps);
+                       return -ENOMEM;
+               }
+
                cmd_completion = command->completion;
                cmd_status = &command->status;
                command->command_trb = xhci->cmd_ring->enqueue;
@@ -1617,6 +1733,14 @@ static int xhci_configure_endpoint(struct xhci_hcd *xhci,
                list_add_tail(&command->cmd_list, &virt_dev->cmd_list);
        } else {
                in_ctx = virt_dev->in_ctx;
+               if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK) &&
+                               xhci_reserve_host_resources(xhci, in_ctx)) {
+                       spin_unlock_irqrestore(&xhci->lock, flags);
+                       xhci_warn(xhci, "Not enough host resources, "
+                                       "active endpoint contexts = %u\n",
+                                       xhci->num_active_eps);
+                       return -ENOMEM;
+               }
                cmd_completion = &virt_dev->cmd_completion;
                cmd_status = &virt_dev->cmd_status;
        }
@@ -1631,6 +1755,8 @@ static int xhci_configure_endpoint(struct xhci_hcd *xhci,
        if (ret < 0) {
                if (command)
                        list_del(&command->cmd_list);
+               if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK))
+                       xhci_free_host_resources(xhci, in_ctx);
                spin_unlock_irqrestore(&xhci->lock, flags);
                xhci_dbg(xhci, "FIXME allocate a new ring segment\n");
                return -ENOMEM;
@@ -1653,8 +1779,22 @@ static int xhci_configure_endpoint(struct xhci_hcd *xhci,
        }
 
        if (!ctx_change)
-               return xhci_configure_endpoint_result(xhci, udev, cmd_status);
-       return xhci_evaluate_context_result(xhci, udev, cmd_status);
+               ret = xhci_configure_endpoint_result(xhci, udev, cmd_status);
+       else
+               ret = xhci_evaluate_context_result(xhci, udev, cmd_status);
+
+       if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK)) {
+               spin_lock_irqsave(&xhci->lock, flags);
+               /* If the command failed, remove the reserved resources.
+                * Otherwise, clean up the estimate to include dropped eps.
+                */
+               if (ret)
+                       xhci_free_host_resources(xhci, in_ctx);
+               else
+                       xhci_finish_resource_reservation(xhci, in_ctx);
+               spin_unlock_irqrestore(&xhci->lock, flags);
+       }
+       return ret;
 }
 
 /* Called after one or more calls to xhci_add_endpoint() or
@@ -2272,6 +2412,34 @@ int xhci_free_streams(struct usb_hcd *hcd, struct usb_device *udev,
 }
 
 /*
+ * Deletes endpoint resources for endpoints that were active before a Reset
+ * Device command, or a Disable Slot command.  The Reset Device command leaves
+ * the control endpoint intact, whereas the Disable Slot command deletes it.
+ *
+ * Must be called with xhci->lock held.
+ */
+void xhci_free_device_endpoint_resources(struct xhci_hcd *xhci,
+       struct xhci_virt_device *virt_dev, bool drop_control_ep)
+{
+       int i;
+       unsigned int num_dropped_eps = 0;
+       unsigned int drop_flags = 0;
+
+       for (i = (drop_control_ep ? 0 : 1); i < 31; i++) {
+               if (virt_dev->eps[i].ring) {
+                       drop_flags |= 1 << i;
+                       num_dropped_eps++;
+               }
+       }
+       xhci->num_active_eps -= num_dropped_eps;
+       if (num_dropped_eps)
+               xhci_dbg(xhci, "Dropped %u ep ctxs, flags = 0x%x, "
+                               "%u now active.\n",
+                               num_dropped_eps, drop_flags,
+                               xhci->num_active_eps);
+}
+
+/*
  * This submits a Reset Device Command, which will set the device state to 0,
  * set the device address to 0, and disable all the endpoints except the default
  * control endpoint.  The USB core should come back and call
@@ -2412,6 +2580,14 @@ int xhci_discover_or_reset_device(struct usb_hcd *hcd, struct usb_device *udev)
                goto command_cleanup;
        }
 
+       /* Free up host controller endpoint resources */
+       if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK)) {
+               spin_lock_irqsave(&xhci->lock, flags);
+               /* Don't delete the default control endpoint resources */
+               xhci_free_device_endpoint_resources(xhci, virt_dev, false);
+               spin_unlock_irqrestore(&xhci->lock, flags);
+       }
+
        /* Everything but endpoint 0 is disabled, so free or cache the rings. */
        last_freed_endpoint = 1;
        for (i = 1; i < 31; ++i) {
@@ -2485,6 +2661,27 @@ void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
 }
 
 /*
+ * Checks if we have enough host controller resources for the default control
+ * endpoint.
+ *
+ * Must be called with xhci->lock held.
+ */
+static int xhci_reserve_host_control_ep_resources(struct xhci_hcd *xhci)
+{
+       if (xhci->num_active_eps + 1 > xhci->limit_active_eps) {
+               xhci_dbg(xhci, "Not enough ep ctxs: "
+                               "%u active, need to add 1, limit is %u.\n",
+                               xhci->num_active_eps, xhci->limit_active_eps);
+               return -ENOMEM;
+       }
+       xhci->num_active_eps += 1;
+       xhci_dbg(xhci, "Adding 1 ep ctx, %u now active.\n",
+                       xhci->num_active_eps);
+       return 0;
+}
+
+
+/*
  * Returns 0 if the xHC ran out of device slots, the Enable Slot command
  * timed out, or allocating memory failed.  Returns 1 on success.
  */
@@ -2519,24 +2716,39 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
                xhci_err(xhci, "Error while assigning device slot ID\n");
                return 0;
        }
-       /* xhci_alloc_virt_device() does not touch rings; no need to lock.
-        * Use GFP_NOIO, since this function can be called from
+
+       if ((xhci->quirks & XHCI_EP_LIMIT_QUIRK)) {
+               spin_lock_irqsave(&xhci->lock, flags);
+               ret = xhci_reserve_host_control_ep_resources(xhci);
+               if (ret) {
+                       spin_unlock_irqrestore(&xhci->lock, flags);
+                       xhci_warn(xhci, "Not enough host resources, "
+                                       "active endpoint contexts = %u\n",
+                                       xhci->num_active_eps);
+                       goto disable_slot;
+               }
+               spin_unlock_irqrestore(&xhci->lock, flags);
+       }
+       /* Use GFP_NOIO, since this function can be called from
         * xhci_discover_or_reset_device(), which may be called as part of
         * mass storage driver error handling.
         */
        if (!xhci_alloc_virt_device(xhci, xhci->slot_id, udev, GFP_NOIO)) {
-               /* Disable slot, if we can do it without mem alloc */
                xhci_warn(xhci, "Could not allocate xHCI USB device data structures\n");
-               spin_lock_irqsave(&xhci->lock, flags);
-               if (!xhci_queue_slot_control(xhci, TRB_DISABLE_SLOT, udev->slot_id))
-                       xhci_ring_cmd_db(xhci);
-               spin_unlock_irqrestore(&xhci->lock, flags);
-               return 0;
+               goto disable_slot;
        }
        udev->slot_id = xhci->slot_id;
        /* Is this a LS or FS device under a HS hub? */
        /* Hub or peripherial? */
        return 1;
+
+disable_slot:
+       /* Disable slot, if we can do it without mem alloc */
+       spin_lock_irqsave(&xhci->lock, flags);
+       if (!xhci_queue_slot_control(xhci, TRB_DISABLE_SLOT, udev->slot_id))
+               xhci_ring_cmd_db(xhci);
+       spin_unlock_irqrestore(&xhci->lock, flags);
+       return 0;
 }
 
 /*
index 5cfeb86..ac0196e 100644 (file)
@@ -1292,6 +1292,18 @@ struct xhci_hcd {
 #define XHCI_NEC_HOST          (1 << 2)
 #define XHCI_AMD_PLL_FIX       (1 << 3)
 #define XHCI_SPURIOUS_SUCCESS  (1 << 4)
+/*
+ * Certain Intel host controllers have a limit to the number of endpoint
+ * contexts they can handle.  Ideally, they would signal that they can't handle
+ * anymore endpoint contexts by returning a Resource Error for the Configure
+ * Endpoint command, but they don't.  Instead they expect software to keep track
+ * of the number of active endpoints for them, across configure endpoint
+ * commands, reset device commands, disable slot commands, and address device
+ * commands.
+ */
+#define XHCI_EP_LIMIT_QUIRK    (1 << 5)
+       unsigned int            num_active_eps;
+       unsigned int            limit_active_eps;
        /* There are two roothubs to keep track of bus suspend info for */
        struct xhci_bus_state   bus_state[2];
        /* Is each xHCI roothub port a USB 3.0, USB 2.0, or USB 1.1 port? */
@@ -1435,6 +1447,8 @@ void xhci_setup_streams_ep_input_ctx(struct xhci_hcd *xhci,
 void xhci_setup_no_streams_ep_input_ctx(struct xhci_hcd *xhci,
                struct xhci_ep_ctx *ep_ctx,
                struct xhci_virt_ep *ep);
+void xhci_free_device_endpoint_resources(struct xhci_hcd *xhci,
+       struct xhci_virt_device *virt_dev, bool drop_control_ep);
 struct xhci_ring *xhci_dma_to_transfer_ring(
                struct xhci_virt_ep *ep,
                u64 address);