mirror of
https://review.haiku-os.org/haiku
synced 2024-11-23 07:18:40 +01:00
USB: Always delete transfers even when force-canceling.
We can't call the callbacks (as the comments correctly indicated), but we can certainly delete the transfer objects, since they rightfully belong to us. Should fix #19242, #19241, #19180 and possibly other recent regressions. Also fixes a long-standing memory leak from this scenario.
This commit is contained in:
Augustin Cavalier
parent
75a4dfe4a1
commit
f8a8e56595
@ -1761,18 +1761,13 @@ EHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
descriptor = descriptor->next_log;
|
||||
}
|
||||
|
||||
if (!force) {
|
||||
// if the transfer is canceled by force, the one causing the
|
||||
// cancel is probably not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
}
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
}
|
||||
|
||||
current->canceled = true;
|
||||
@ -1785,7 +1780,13 @@ EHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
|
||||
while (list != NULL) {
|
||||
transfer_entry *next = list->next;
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
// if the transfer is canceled by force, the one causing the
|
||||
// cancel is possibly not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
if (!force)
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
delete list->transfer;
|
||||
free(list);
|
||||
list = next;
|
||||
|
||||
@ -704,38 +704,34 @@ OHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
current->endpoint->head_physical_descriptor
|
||||
= current->endpoint->tail_physical_descriptor;
|
||||
|
||||
if (!force) {
|
||||
if (pipe->Type() & USB_OBJECT_ISO_PIPE) {
|
||||
ohci_isochronous_td *descriptor
|
||||
= (ohci_isochronous_td *)current->first_descriptor;
|
||||
while (descriptor) {
|
||||
uint16 frame = OHCI_ITD_GET_STARTING_FRAME(
|
||||
descriptor->flags);
|
||||
_ReleaseIsochronousBandwidth(frame,
|
||||
OHCI_ITD_GET_FRAME_COUNT(descriptor->flags));
|
||||
if (descriptor
|
||||
== (ohci_isochronous_td*)current->last_descriptor)
|
||||
// this is the last ITD of the transfer
|
||||
break;
|
||||
if (pipe->Type() & USB_OBJECT_ISO_PIPE) {
|
||||
ohci_isochronous_td *descriptor
|
||||
= (ohci_isochronous_td *)current->first_descriptor;
|
||||
while (descriptor) {
|
||||
uint16 frame = OHCI_ITD_GET_STARTING_FRAME(
|
||||
descriptor->flags);
|
||||
_ReleaseIsochronousBandwidth(frame,
|
||||
OHCI_ITD_GET_FRAME_COUNT(descriptor->flags));
|
||||
if (descriptor
|
||||
== (ohci_isochronous_td*)current->last_descriptor)
|
||||
// this is the last ITD of the transfer
|
||||
break;
|
||||
|
||||
descriptor
|
||||
= (ohci_isochronous_td *)
|
||||
descriptor->next_done_descriptor;
|
||||
}
|
||||
}
|
||||
|
||||
// If the transfer is canceled by force, the one causing the
|
||||
// cancel is probably not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
descriptor
|
||||
= (ohci_isochronous_td *)
|
||||
descriptor->next_done_descriptor;
|
||||
}
|
||||
}
|
||||
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
}
|
||||
|
||||
current->canceled = true;
|
||||
}
|
||||
current = current->link;
|
||||
@ -745,7 +741,13 @@ OHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
|
||||
while (list != NULL) {
|
||||
transfer_entry *next = list->next;
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
// If the transfer is canceled by force, the one causing the
|
||||
// cancel is possibly not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
if (!force)
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
delete list->transfer;
|
||||
free(list);
|
||||
list = next;
|
||||
|
||||
@ -1006,18 +1006,13 @@ UHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
descriptor = (uhci_td *)descriptor->link_log;
|
||||
}
|
||||
|
||||
if (!force) {
|
||||
// if the transfer is canceled by force, the one causing the
|
||||
// cancel is probably not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
}
|
||||
transfer_entry *entry
|
||||
= (transfer_entry *)malloc(sizeof(transfer_entry));
|
||||
if (entry != NULL) {
|
||||
entry->transfer = current->transfer;
|
||||
current->transfer = NULL;
|
||||
entry->next = list;
|
||||
list = entry;
|
||||
}
|
||||
|
||||
current->canceled = true;
|
||||
@ -1029,7 +1024,13 @@ UHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
|
||||
while (list != NULL) {
|
||||
transfer_entry *next = list->next;
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
// if the transfer is canceled by force, the one causing the
|
||||
// cancel is possibly not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore
|
||||
if (!force)
|
||||
list->transfer->Finished(B_CANCELED, 0);
|
||||
|
||||
delete list->transfer;
|
||||
free(list);
|
||||
list = next;
|
||||
|
||||
@ -1117,12 +1117,8 @@ XHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
if (td->transfer == NULL)
|
||||
continue;
|
||||
|
||||
// We can't cancel or delete transfers under "force", as they probably
|
||||
// are not safe to use anymore.
|
||||
if (!force) {
|
||||
transfers[transfersCount] = td->transfer;
|
||||
transfersCount++;
|
||||
}
|
||||
transfers[transfersCount] = td->transfer;
|
||||
transfersCount++;
|
||||
td->transfer = NULL;
|
||||
}
|
||||
|
||||
@ -1179,7 +1175,12 @@ XHCI::CancelQueuedTransfers(Pipe *pipe, bool force)
|
||||
endpointLocker.Unlock();
|
||||
|
||||
for (int32 i = 0; i < transfersCount; i++) {
|
||||
transfers[i]->Finished(B_CANCELED, 0);
|
||||
// If the transfer is canceled by force, the one causing the
|
||||
// cancel is possibly not the one who initiated the transfer
|
||||
// and the callback is likely not safe anymore.
|
||||
if (!force)
|
||||
transfers[i]->Finished(B_CANCELED, 0);
|
||||
|
||||
delete transfers[i];
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user