From patchwork Wed Dec 16 13:39:24 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Laurent Vivier <lvivier@redhat.com>
X-Patchwork-Id: 557466
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 50E981402A0
	for <incoming@patchwork.ozlabs.org>;
	Thu, 17 Dec 2015 00:40:00 +1100 (AEDT)
Received: from localhost ([::1]:47454 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1a9CJB-0006M3-M8
	for incoming@patchwork.ozlabs.org; Wed, 16 Dec 2015 08:39:57 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50795)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lvivier@redhat.com>) id 1a9CIm-0005og-Qt
	for qemu-devel@nongnu.org; Wed, 16 Dec 2015 08:39:33 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <lvivier@redhat.com>) id 1a9CIj-0000vm-1w
	for qemu-devel@nongnu.org; Wed, 16 Dec 2015 08:39:32 -0500
Received: from mx1.redhat.com ([209.132.183.28]:49137)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <lvivier@redhat.com>) id 1a9CIi-0000vi-SQ
	for qemu-devel@nongnu.org; Wed, 16 Dec 2015 08:39:28 -0500
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (Postfix) with ESMTPS id 82A2B694
	for <qemu-devel@nongnu.org>; Wed, 16 Dec 2015 13:39:28 +0000 (UTC)
Received: from thinkpad.redhat.com (vpn1-4-191.ams2.redhat.com [10.36.4.191])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id tBGDdPXf026098; Wed, 16 Dec 2015 08:39:27 -0500
From: Laurent Vivier <lvivier@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed, 16 Dec 2015 14:39:24 +0100
Message-Id: <1450273165-2367-2-git-send-email-lvivier@redhat.com>
In-Reply-To: <1450273165-2367-1-git-send-email-lvivier@redhat.com>
References: <1450273165-2367-1-git-send-email-lvivier@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 209.132.183.28
Cc: lvivier@redhat.com, Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH 1/2] ohci: delay first SOF interrupt
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

On overcommitted CPU, kernel can be so slow that an interrupt can
be triggered by the device whereas the driver is not ready to receive
it. This drives us into an infinite loop.

This does not happen on real hardware because real hardware never send
interrupt immediately after the controller has been moved to OPERATION state.

This patch tries to delay the first SOF interrupt to let driver exits from
the critical section (which is not protected against interrupts...)

Some details:

- ohci_irq(): the OHCI interrupt handler, acknowledges the SOF IRQ
  only if the state of the driver (rh_state) is OHCI_STATE_RUNNING.
  So if this interrupt happens and the driver is not in this state,
  the function is called again and again, moving the system to a
  CPU starvation.

- ohci_rh_resume(): the driver re-enables operation with OHCI_USB_OPER.
  In QEMU this start the SOF timer and QEMU starts to send IRQs. As
  the driver is not in OHCI_STATE_RUNNING and not protected against IRQ,
  the ohci_irq() can be called and the driver never moved to
  OHCI_STATE_RUNNING.

Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
 hw/usb/hcd-ohci.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c
index 7d65818..5f15ebb 100644
--- a/hw/usb/hcd-ohci.c
+++ b/hw/usb/hcd-ohci.c
@@ -1232,11 +1232,13 @@ static int ohci_service_ed_list(OHCIState *ohci, uint32_t head, int completion)
 }
 
 /* Generate a SOF event, and set a timer for EOF */
-static void ohci_sof(OHCIState *ohci)
+static void ohci_sof(OHCIState *ohci, bool first)
 {
     ohci->sof_time = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
     timer_mod(ohci->eof_timer, ohci->sof_time + usb_frame_time);
-    ohci_set_interrupt(ohci, OHCI_INTR_SF);
+    if (!first) {
+        ohci_set_interrupt(ohci, OHCI_INTR_SF);
+    }
 }
 
 /* Process Control and Bulk lists.  */
@@ -1318,7 +1320,7 @@ static void ohci_frame_boundary(void *opaque)
         ohci->done_count--;
 
     /* Do SOF stuff here */
-    ohci_sof(ohci);
+    ohci_sof(ohci, false);
 
     /* Writeback HCCA */
     if (ohci_put_hcca(ohci, ohci->hcca, &hcca)) {
@@ -1343,7 +1345,7 @@ static int ohci_bus_start(OHCIState *ohci)
 
     trace_usb_ohci_start(ohci->name);
 
-    ohci_sof(ohci);
+    ohci_sof(ohci, true);
 
     return 1;
 }