lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <33544.10.7.197.74.1365551736.squirrel@linux.intel.com>
Date:	Tue, 9 Apr 2013 16:55:36 -0700 (PDT)
From:	"Daniel Leung" <daniel.leung@...ux.intel.com>
To:	"Daniel Leung" <daniel.leung@...ux.intel.com>
Cc:	"Jiri Kosina" <jkosina@...e.cz>,
	"Srinivas Pandruvada" <srinivas.pandruvada@...ux.intel.com>,
	daniel.leung@...ux.intel.com, srinivas.pandruvada@...el.com,
	linux-input@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] HID: hid-sensor-hub: do not process feature reports in 
          raw_event

>> On Mon, 25 Mar 2013, Srinivas Pandruvada wrote:
>>
>>> Daniel,
>>>
>>> I am looking at 3.9.rc1.
>>> The only place I see the raw_event callback is called from
>>> hid/hid_input_report(). hid_input_report is called with type
>>> HID_INPUT_REPORT
>>> in all cases, except hid_ctrl(), where it can be different depending on
>>> xx.report->type. But here, the return value is not checked.
>>>
>>> Do you know the call chain for HID_FETURE_REPORT, where this is
>>> creating
>>> problem?
>>
>> This was exactly what I was wondering about when I have seen the initial
>> patch a few weeks ago.
>>
>> Daniel, could you please elaborate? Is there a out-of-tree driver for
>> Acer
>> Iconia W700?
>
> Sorry for the late reply. I was out of town and was having difficulties
> accessing the mail server.
>
> For the call path, here is what I got (using WARN_ON()):
>
> <4>[  150.943775] ------------[ cut here ]------------
> <4>[  150.943861] WARNING: at
> ../../../../../../../../../../home/dleung/android/ia/private/jb-mr1-internal/kernel/intel/drivers/hid/hid-sensor-hub.c:418
> sensor_hub_raw_event+0x2d0/0x3b0 [hid_sensor_hub]()
> <4>[  150.944028] Hardware name: ICONIA W700
> <7>[  150.944071] Modules linked in: hid_sensor_als hid_sensor_gyro_3d
> hid_sensor_accel_3d uvcvideo videobuf2_vmalloc videobuf2_memops
> videobuf2_core btusb bluetooth hid_multitouch ath9k ath9k_common ath9k_hw
> ath snd_hda_codec_hdmi snd_hda_codec_realtek ip6table_raw snd_hda_intel
> iptable_raw snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd
> soundcore hid_sensor_trigger hid_sensor_iio_common hid_sensor_hub
> industrialio_triggered_buffer kfifo_buf industrialio coretemp
> <7>[  150.944132] Pid: 0, comm: swapper/1 Not tainted
> 3.8.0-aia1-00043-gd7fd780-dirty #2
> <7>[  150.944136] Call Trace:
> <7>[  150.944141]  <IRQ>  [<ffffffff8105b5bf>]
> warn_slowpath_common+0x7f/0xc0
> <7>[  150.944163]  [<ffffffff8105b61a>] warn_slowpath_null+0x1a/0x20
> <7>[  150.944173]  [<ffffffffa00315e0>] sensor_hub_raw_event+0x2d0/0x3b0
> [hid_sensor_hub]
> <7>[  150.944184]  [<ffffffff819021e7>] ?
> _raw_spin_unlock_irqrestore+0x57/0x70
> <7>[  150.944195]  [<ffffffff816ccce3>] hid_input_report+0x283/0x2d0
> <7>[  150.944203]  [<ffffffff816d9faf>] hid_ctrl+0x9f/0x180
> <7>[  150.944212]  [<ffffffff815b2087>] usb_hcd_giveback_urb+0x77/0x110
> <7>[  150.944222]  [<ffffffff8160073f>] xhci_irq+0x60f/0x1530
> <7>[  150.944230]  [<ffffffff810df0fe>] ? handle_edge_irq+0x1e/0x130
> <7>[  150.944239]  [<ffffffff810af04f>] ?
> __lock_acquire.isra.31+0x28f/0xa70
> <7>[  150.944247]  [<ffffffff81601671>] xhci_msi_irq+0x11/0x20
> <7>[  150.944258]  [<ffffffff810dc395>] handle_irq_event_percpu+0x55/0x210
> <7>[  150.944267]  [<ffffffff810dc598>] handle_irq_event+0x48/0x70
> <7>[  150.944273]  [<ffffffff810df157>] handle_edge_irq+0x77/0x130
> <7>[  150.944283]  [<ffffffff81004180>] handle_irq+0x60/0x150
> <7>[  150.944293]  [<ffffffff81906406>] ?
> atomic_notifier_call_chain+0x16/0x20
> <7>[  150.944302]  [<ffffffff8190c38a>] do_IRQ+0x5a/0xe0
> <7>[  150.944309]  [<ffffffff8190266f>] common_interrupt+0x6f/0x6f
> <7>[  150.944313]  <EOI>  [<ffffffff816a97f5>] ?
> cpuidle_wrap_enter+0x55/0xa0
> <7>[  150.944327]  [<ffffffff816a97f1>] ? cpuidle_wrap_enter+0x51/0xa0
> <7>[  150.944334]  [<ffffffff816a9850>] cpuidle_enter_tk+0x10/0x20
> <7>[  150.944341]  [<ffffffff816a940f>] cpuidle_idle_call+0xaf/0x2b0
> <7>[  150.944350]  [<ffffffff8100b3aa>] cpu_idle+0xda/0x130
> <7>[  150.944360]  [<ffffffff818f081d>] start_secondary+0x266/0x268
> <4>[  150.944365] ---[ end trace 32319d39ebee5616 ]---
>
>
> You can see that it went through hid_ctrl().
>
> From what I can gather using usbmon, the sensor hub sends the feature
> report correctly. However, the in-kernel struct is not updated when the
> report comes in. Therefore, the report from sensor_hub_report() is always
> zero-filled. When calling sensor_hub_set_feature(), those zeros are being
> sent back to the device. The feature report contains fields for power
> state and reporting state. If they are set to zero, the firmware does not
> know what to do as zero means undefined state. Both power and reporting
> states have to be set for sensor to report values. Given the zero-filled
> report, and we can only deal with one field in sensor_hub_set_feature(),
> setting power state to non-zero also sends zero (i.e. undefined state) to
> the reporting state field, and vice versa.
>
> The sensor hub on Acer Iconia W700 is using drivers/hid/hid-sensor-hub.c.
> I also played with Sony Vaio Duo 11 a while back (before having this
> patch), and was having trouble turning on gyroscope. I suspect it is
> caused by the same issue. The sensor hub on Acer is from STMicro, while
> the one in Vaio Duo is from Freescale.

Just to clarify a little bit on the issue.

Although hid_ctrl() does not care the return value of hid_input_report(),
the issue is within hid_input_report(). In drivers/hid/hid-core.c:1317
where raw_event() is called, if return is non-zero, the following call of
hid_report_raw_event() is skipped. This call is needed to have the
in-kernel struct updated with the actual feature report from device.


Daniel
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ