lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 8 May 2019 20:25:58 -0700
From:   John Stultz <john.stultz@...aro.org>
To:     Andrzej Pietrasiewicz <andrzejtp2010@...il.com>
Cc:     Felipe Balbi <balbi@...nel.org>, "Yang, Fei" <fei.yang@...el.com>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Chen Yu <chenyu56@...wei.com>,
        lkml <linux-kernel@...r.kernel.org>,
        Linux USB List <linux-usb@...r.kernel.org>,
        Amit Pundir <amit.pundir@...aro.org>,
        Marek Szyprowski <m.szyprowski@...sung.com>
Subject: Re: [REGRESSION] usb: gadget: f_fs: Allow scatter-gather buffers

On Wed, May 8, 2019 at 12:01 AM Andrzej Pietrasiewicz
<andrzejtp2010@...il.com> wrote:
>
> Hi John,
>
> += Marek
>
> W dniu 08.05.2019 o 04:18, John Stultz pisze:
> > Since commit 772a7a724f69 ("usb: gadget: f_fs: Allow scatter-gather
> > buffers"), I've been seeing trouble with adb transfers in Android on
> > HiKey960, HiKey and now Dragonboard 845c.
> >
> > Sometimes things crash, but often the transfers just stop w/o any
> > obvious error messages.
> >
> > Initially I thought it was an issue with the HiKey960 dwc3 usb patches
> > being upstreamed, and was using the following hack workaround:
> >    https://git.linaro.org/people/john.stultz/android-dev.git/commit/?h=dev/hikey960-5.1&id=dcdadaaec9db7a7b78ea9b838dd1453359a2f388
> >
> > Then dwc2 added sg support, and I ended up having to revert it to get
> > by on HiKey:
> >    https://git.linaro.org/people/john.stultz/android-dev.git/commit/?h=dev/hikey-5.1&id=6e91b4c7bd1e94bdd835263403c53e85a677b848
> >
> > (See thread here: https://lkml.org/lkml/2019/3/8/765)
> >
> > And now I've reproduced the same issue (with the same dwc3 workaround)
> > on the already upstream code for Dragonboard 845c.
> >
> > Fei Yang has also reached out and mentioned he was seeing similar
> > problems with the f_fs sg support.
> >
> > Andrzej: Do you have any ideas or suggestions on this? I'm happy to
> > test or run any debug patches, if it would help narrow the issue down.
> >
>
> There is a patch:
>
> https://www.spinics.net/lists/linux-usb/msg178536.html
> https://www.spinics.net/lists/linux-usb/msg179653.html
>
> which fixes a subtle bug, but hasn't been applied yet.
>

So, the "fix zlp handling" doesn't seem to changes things on hikey w/
the dwc2 hardware.

I still see the following crash right away:
   13.571611] functionfs read size 512 > requested size 24, splitting
request into multiple reads.
[   13.571773] ------------[ cut here ]------------
[   13.585205] kernel BUG at mm/slub.c:3944!
[   13.589215] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[   13.594698] Modules linked in:
[   13.597754] Process adbd (pid: 408, stack limit = 0x000000001b71cb6b)
[   13.604197] CPU: 0 PID: 408 Comm: adbd Not tainted 5.1.0-06623-g27dc6c9 #168
[   13.611243] Hardware name: HiKey Development Board (DT)
[   13.616465] pstate: 40400005 (nZcv daif +PAN -UAO)
[   13.621266] pc : kfree+0x210/0x258
[   13.624672] lr : ffs_epfile_io.isra.12+0xf8/0x6b8
[   13.629371] sp : ffffff8011b63b50
[   13.632682] x29: ffffff8011b63b50 x28: ffffffc06b918e00
[   13.637993] x27: ffffffc0703af138 x26: 00000000000001e8
[   13.643303] x25: ffffff8011b63c98 x24: ffffffc074c3e800
[   13.648613] x23: ffffffc074affa00 x22: ffffff80114b9000
[   13.653923] x21: ffffff80108b19b0 x20: ffffff8011c2d000
[   13.659233] x19: ffffffbf00470b40 x18: 0000000000000000
[   13.664542] x17: 0000000000000000 x16: ffffffc06b918e00
[   13.669851] x15: 0000000000000000 x14: 0000000000000000
[   13.675160] x13: 0000000000000000 x12: 0000000000000000
[   13.680469] x11: 0000000000000000 x10: 0000000000000000
[   13.685779] x9 : 0000000000000000 x8 : 00000073d8dd6150
[   13.691088] x7 : 00000073d8dd6598 x6 : 0000007280805113
[   13.696398] x5 : 0000007280805113 x4 : 0000000000000000
[   13.701707] x3 : ffffffc0703af100 x2 : 0000000000000000
[   13.707020] x1 : ffffffbf00470b48 x0 : ffffffbf00470b48
[   13.712334] Call trace:
[   13.714784]  kfree+0x210/0x258
[   13.717837]  ffs_epfile_io.isra.12+0xf8/0x6b8
[   13.722191]  ffs_epfile_read_iter+0xb4/0x188
[   13.726459]  new_sync_read+0xf4/0x190
[   13.730118]  __vfs_read+0x2c/0x40
[   13.733430]  vfs_read+0x8c/0x148
[   13.736654]  ksys_read+0x64/0xf0
[   13.739878]  __arm64_sys_read+0x14/0x20
[   13.743715]  el0_svc_common.constprop.0+0xa8/0x100
[   13.748504]  el0_svc_handler+0x28/0x78
[   13.752250]  el0_svc+0x8/0xc
[   13.755132] Code: f9400260 378000a0 f9400660 37000060 (d4210000)
[   13.761225] ---[ end trace 0220b13deaa73ab7 ]---
[   13.783381] Kernel panic - not syncing: Fatal exception
[   13.788616] SMP: stopping secondary CPUs
[   13.792814] Kernel Offset: disabled
[   13.796301] CPU features: 0x002,24002004
[   13.800219] Memory Limit: none
[   13.820708] Rebooting in 5 seconds..

thanks
-john

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ