lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 5 Jun 2014 08:55:07 -0700
From:	Dan Williams <dan.j.williams@...el.com>
To:	Valdis Kletnieks <Valdis.Kletnieks@...edu>
Cc:	Alan Stern <stern@...land.harvard.edu>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	USB list <linux-usb@...r.kernel.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Mathias Nyman <mathias.nyman@...ux.intel.com>
Subject: Re: linux-next crash in xhci_add_ep_to_interval

[ adding Mathias ]

On Thu, Jun 5, 2014 at 8:22 AM, Valdis Kletnieks
<Valdis.Kletnieks@...edu> wrote:
> Dell Latitude E6530, BIOS A11, seeing a crash in xhci_add_ep_to_interval
> when it's docked in a newer dock that has USB3.
>
> It's very possible that the BIOS is buggy - it isn't like I haven't found
> BIOS bugs in every single Dell laptop I've had. :)  But that shouldn't
> make the kernel crash....
>
> lsusb reports:
>
> Bus 002 Device 004: ID 0a5c:5801 Broadcom Corp. BCM5880 Secure Applications Processor with fingerprint swipe sensor
> Bus 002 Device 003: ID 413c:2513 Dell Computer Corp. internal USB Hub of E-Port Replicator
> Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
> Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 004 Device 002: ID 413c:5534 Dell Computer Corp.
> Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
> Bus 003 Device 003: ID 0e8f:0020 GreenAsia Inc. USB to PS/2 Adapter
> Bus 003 Device 002: ID 413c:2134 Dell Computer Corp.
> Bus 003 Device 004: ID 045e:0023 Microsoft Corp. Trackball Optical
> Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
>
>
> Git bisect comes down to this:
>
> commit d8521afe35862f4fbe3ccd6ca37897c0a304edf3
> Author: Dan Williams <dan.j.williams@...el.com>
> Date:   Tue May 20 18:08:28 2014 -0700
>
>     usb: assign default peer ports for root hubs
>
>     Assume that the peer of a superspeed port is the port with the same id
>     on the shared_hcd root hub.  This identification scheme is required of
>     external hubs by the USB3 spec [1].  However, for root hubs, tier mismatch
>     may be in effect [2].  Tier mismatch can only be enumerated via platform
>     firmware.  For now, simply perform the nominal association.
>
> Thanks to pstore, we have the explosion:
>
> [    3.974159] usb 3-4.1: New USB device found, idVendor=0e8f, idProduct=0020
> [    3.974173] usb 3-4.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
> [    3.974247] usb 3-4.1: Product: PS2toUSB Adapter
> [    3.974259] usb 3-4.1: Manufacturer: GASIA
> [    3.975475] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080
> [    3.975643] IP: [<ffffffff8139abd4>] xhci_add_ep_to_interval_table+0xc8/0x172
> [    3.975795] PGD 0
> [    3.975849] Oops: 0002 [#1] PREEMPT SMP
> [    3.975954] Modules linked in:
> [    3.976029] CPU: 0 PID: 37 Comm: khubd Not tainted 3.15.0-rc5-00299-g7e73be2 #234
> [    3.976169] Hardware name: Dell Inc. Latitude E6530/07Y85M, BIOS A11 03/12/2013
> [    3.976304] task: ffff880128e809d0 ti: ffff880128e84000 task.ti: ffff880128e84000
> [    3.976441] RIP: 0010:[<ffffffff8139abd4>]  [<ffffffff8139abd4>] xhci_add_ep_to_interval_table+0xc8/0x172
> [    3.976631] RSP: 0018:ffff880128e85608  EFLAGS: 00010006
> [    3.976732] RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffff8800c5861800
> [    3.976863] RDX: 0000000000000001 RSI: 0000000000000078 RDI: 0000000000000005
> [    3.976997] RBP: ffff880128e85640 R08: ffff8801288f2228 R09: 0000000000000000
> [    3.977125] R10: ffff880128e85968 R11: 0000000000000004 R12: ffff8801288f22fc
> [    3.977255] R13: ffff8800c5861800 R14: ffff88003f878000 R15: 0000000000000007
> [    3.977353] FS:  0000000000000000(0000) GS:ffff88012dc00000(0000) knlGS:0000000000000000
> [    3.977440] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [    3.977503] CR2: 0000000000000080 CR3: 00000000c5eb4000 CR4: 00000000001407f0
> [    3.977578] Stack:
> [    3.977606]  ffff8801288f2228 0000000000000000 ffff8801288f2000 ffff8801288f22fc
> [    3.977708]  ffff88003f878000 ffff8800c5d8b000 0000000000000003 ffff880128e85990
> [    3.977808]  ffffffff8139c76d ffff880128e85700 ffff880128e85680 0000000100000007
> [    3.977910] Call Trace:
> [    3.977948]  [<ffffffff8139c76d>] xhci_reserve_bandwidth+0x158/0x534
> [    3.978022]  [<ffffffff8107d810>] ? mark_held_locks+0x5d/0x74
> [    3.978086]  [<ffffffff8107d5da>] ? mark_lock+0x2a/0x203
> [    3.978148]  [<ffffffff8107e313>] ? __lock_acquire+0x696/0xedf
> [    3.978215]  [<ffffffff8112256b>] ? dma_pool_alloc+0x188/0x225
> [    3.978281]  [<ffffffff8107d5da>] ? mark_lock+0x2a/0x203
> [    3.980065]  [<ffffffff8107d5da>] ? mark_lock+0x2a/0x203
> [    3.981976]  [<ffffffff8107d810>] ? mark_held_locks+0x5d/0x74
> [    3.984302]  [<ffffffff8107d5da>] ? mark_lock+0x2a/0x203
> [    3.986919]  [<ffffffff8107e313>] ? __lock_acquire+0x696/0xedf
> [    3.989317]  [<ffffffff8139cb84>] ? xhci_configure_endpoint+0x3b/0x4b0
> [    3.991817]  [<ffffffff8107d5da>] ? mark_lock+0x2a/0x203
> [    3.994396]  [<ffffffff8107d810>] ? mark_held_locks+0x5d/0x74
> [    3.996896]  [<ffffffff8107eebf>] ? lock_acquire+0xc1/0x14e
> [    3.998795]  [<ffffffff8139cb84>] ? xhci_configure_endpoint+0x3b/0x4b0
> [    4.000407]  [<ffffffff813a84b0>] ? xhci_dbg_trace+0x3f/0x47
> [    4.002724]  [<ffffffff8139cc88>] xhci_configure_endpoint+0x13f/0x4b0
> [    4.005076]  [<ffffffff8139d706>] xhci_check_bandwidth+0x11e/0x231
> [    4.007457]  [<ffffffff813791ce>] usb_hcd_alloc_bandwidth+0x21d/0x2bd
> [    4.009787]  [<ffffffff8137be1b>] usb_set_configuration+0x282/0x6f9
> [    4.012008]  [<ffffffff81371927>] ? usb_hub_to_struct_hub+0x30/0x32
> [    4.014085]  [<ffffffff813847ec>] generic_probe+0x40/0x72
> [    4.015894]  [<ffffffff8137d7e9>] usb_probe_device+0x28/0x3b
> [    4.017332]  [<ffffffff81302f4d>] driver_probe_device+0xda/0x202
> [    4.019226]  [<ffffffff81303075>] ? driver_probe_device+0x202/0x202
> [    4.021241]  [<ffffffff8130309a>] __device_attach+0x25/0x38
> [    4.023357]  [<ffffffff81301636>] bus_for_each_drv+0x80/0x85
> [    4.025480]  [<ffffffff81302e36>] device_attach+0x66/0x87
> [    4.027587]  [<ffffffff81302456>] bus_probe_device+0x34/0xe1
> [    4.029659]  [<ffffffff8130099f>] device_add+0x325/0x531
> [    4.031661]  [<ffffffff813744ca>] usb_new_device+0x450/0x66a
> [    4.033502]  [<ffffffff8107d9df>] ? trace_hardirqs_on+0xd/0xf
> [    4.035347]  [<ffffffff81565f03>] ? __mutex_unlock_slowpath+0x19d/0x1af
> [    4.037082]  [<ffffffff81374ff2>] hub_port_connect+0x4be/0x700
> [    4.038873]  [<ffffffff8137586a>] hub_events+0x636/0x7ba
> [    4.040210]  [<ffffffff81375a23>] hub_thread+0x35/0x16b
> [    4.041518]  [<ffffffff81075c8c>] ? prepare_to_wait_exclusive+0x6c/0x6c
> [    4.043361]  [<ffffffff813759ee>] ? hub_events+0x7ba/0x7ba
> [    4.045170]  [<ffffffff81059cb3>] kthread+0xd6/0xde
> [    4.046884]  [<ffffffff81059bdd>] ? __kthread_parkme+0x62/0x62
> [    4.048760]  [<ffffffff8156e0fc>] ret_from_fork+0x7c/0xb0
> [    4.050117]  [<ffffffff81059bdd>] ? __kthread_parkme+0x62/0x62
> [    4.051467] Code: 00 e9 c2 00 00 00 83 f8 03 41 8b 04 24 74 03 83 e8 03 85 c0 75 07 41 8b 54 24 10 01 13 48 98 41 8b 54 24 08 48 6b f0 28 48 01 de <01> 56 08 41 83 7d 1c 05 77 27 41 8b 55 1c ff 24 d5 80 cb 68 81
> [    4.057974] RIP  [<ffffffff8139abd4>] xhci_add_ep_to_interval_table+0xc8/0x172
> [    4.059737]  RSP <ffff880128e85608>
> [    4.061767] CR2: 0000000000000080
> [    4.063775] ---[ end trace 581dd718db50beb0 ]---
>
> On a working boot, it progresses:

Is a working boot after reverting that change, or it intermittently
works?  If it's the latter I'm not sure I trust the bisect result,
yet.

> [    3.823139] usb 3-4.1: New USB device found, idVendor=0e8f, idProduct=0020
> [    3.823160] usb 3-4.1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
> [    3.823174] usb 3-4.1: Product: PS2toUSB Adapter
> [    3.823187] usb 3-4.1: Manufacturer: GASIA
> [    3.842836] input: GASIA PS2toUSB Adapter as /devices/pci0000:00/0000:00:14.0/usb3/3-4/3-4.1/3-4.1:1.0/0003:0E8F:0020.0001/input/input14
> [    3.848598] hid-generic 0003:0E8F:0020.0001: input,hidraw0: USB HID v1.10 Keyboard [GASIA PS2toUSB Adapter] on usb-0000:00:14.0-4.1/input0
> [    3.863592] input: GASIA PS2toUSB Adapter as /devices/pci0000:00/0000:00:14.0/usb3/3-4/3-4.1/3-4.1:1.1/0003:0E8F:0020.0002/input/input15
> [    3.878608] hid-generic 0003:0E8F:0020.0002: input,hidraw1: USB HID v1.10 Mouse [GASIA PS2toUSB Adapter] on usb-0000:00:14.0-4.1/input1
>
> So something about the PS2 adapter plugged into the dock gives it indigestion.
>
> ANy ideas?

It's a really odd place to crash relative to the peer port changes
since those do not affect any xhci internals.  At first glance this
also does not look related to the command queue changes.  Mathias, any
ideas?

Valdis, can you get me the output of:

$ gdb drivers/usb/host/xhci-hcd.ko
(gdb) li *(xhci_add_ep_to_interval_table+0xc8)

...for your build.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ