lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMi1Hd1VBCFhf7+EXWHQWcGy4k=tcyLa7RGiFdprtRnegSG0Mw@mail.gmail.com>
Date:   Tue, 8 Nov 2022 22:58:16 +0530
From:   Amit Pundir <amit.pundir@...aro.org>
To:     Catalin Marinas <catalin.marinas@....com>,
        Robin Murphy <robin.murphy@....com>,
        Bjorn Andersson <andersson@...nel.org>,
        Sibi Sankar <quic_sibis@...cinc.com>,
        Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
Cc:     Will Deacon <will@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Subject: Re: [GIT PULL] arm64 updates for 6.1-rc1

On Tue, 25 Oct 2022 at 18:08, Amit Pundir <amit.pundir@...aro.org> wrote:
>
> On Wed, 12 Oct 2022 at 17:24, Catalin Marinas <catalin.marinas@....com> wrote:
> >
> > Hi Amit,
> >
> > On Sat, Oct 08, 2022 at 08:28:26PM +0530, Amit Pundir wrote:
> > > On Wed, 5 Oct 2022 at 20:11, Catalin Marinas <catalin.marinas@....com> wrote:
> > > > Will Deacon (2):
> > > >       arm64: dma: Drop cache invalidation from arch_dma_prep_coherent()
> > >
> > > Hi Will,
> > >
> > > This patch broke AOSP on Dragonboard 845c (SDM845). I don't see any
> > > relevant crash in the attached log and device silently reboots into
> > > USB crash dump mode. The crash is fairly reproducible on db845c. I
> > > could trigger it twice in 5 reboots and it always crash at the same
> > > point during the boot process. Reverting this patch fixes the crash.
> > >
> > > I'm happy to test run any debug patche(s), that would help narrow
> > > down this breakage.
> >
> > Cc'ing Robin, maybe he has a better idea (that's commit c44094eee32f).
> > Architecturally the change shouldn't make any difference since the cache
> > lines can be brought in via the linear mapping at any point. It's just
> > less likely to hit a real bug (software or hardware). It's also possible
> > that arch_dma_prep_coherent() is used outside the DMA API (if you have
> > out of tree drivers).
> >
> > Leaving the original log in place for Robin. A question I have, with a
> > successful boot, what's normally after the bpfloader lines are printed?
> > We should try to pinpoint which device/driver causes this. It looks like
> > it's well into user-space at that point (graphics about to start?)
>
> Further narrowed down the breakage to the userspace daemon rmtfs
> https://github.com/andersson/rmtfs. Is there anything specific in the
> userspace code that I should be paying attention to?
>
> console:/ #
> console:/ # start rmtfs
> [   56.425631][    T1] init: starting service 'rmtfs'...
> [   56.455541][    T1] init: Control message: Processed ctl.start for
> 'rmtfs' from pid: 1819 (start rmtfs)
> [   56.487524][  T344] type=1400 audit(1666698550.979:267): avc:
> denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=6325
> scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0 tclass=file
> permissive=1
> [   56.487662][ T1821] remoteproc remoteproc0: powering up 4080000.remoteproc
> [   56.506365][  T344] type=1400 audit(1666698550.979:268): avc:
> denied { open } for comm="rmtfs"
> path="/sys/devices/platform/remoteproc-cdsp/modalias" dev="sysfs"
> ino=6325 scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs:s0
> tclass=file permissive=1
> [   56.515137][ T1821] remoteproc remoteproc0: Booting fw image
> qcom/sdm845/mba.mbn, size 242400
> [   56.535020][  T344] type=1400 audit(1666698550.979:269): avc:
> denied { read } for comm="rmtfs" name="modalias" dev="sysfs" ino=7200
> scontext=u:r:rmtfs:s0 tcontext=u:object_r:sysfs_remoteproc:s0
> tclass=file permissive=1
> [   56.621541][ T1821] qcom-q6v5-mss 4080000.remoteproc: MBA booted
> without debug policy, loading mpss

Hi, I can reproduce this crash on v6.1-rc4 as well and would really
appreciate some help here.
I could narrow down the db845c crash into USB crash dump mode to:

# echo "start" > /sys/class/remoteproc/remoteproc0/state
[   50.987035][  T431] remoteproc remoteproc0: powering up 4080000.remoteproc
[   50.999628][  T431] remoteproc remoteproc0: Booting fw image
qcom/sdm845/mba.mbn, size 242400
[   51.095967][  T431] qcom-q6v5-mss 4080000.remoteproc: MBA booted
without debug policy, loading mpss


Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.XF.2.0-00371-SDM845LZB-1
S - IMAGE_VARIANT_STRING=SDM845LA
S - OEM_IMAGE_VERSION_STRING=TSBJ-FA-PC-02170
S - Boot Interface: UFS
S - Secure Boot: Off
S - Boot Config @ 0x00786070 = 0x000000c1
S - JTAG ID @ 0x00786130 = 0x2008e0e1
S - OEM ID @ 0x00786138 = 0x00000000
S - Serial Number @ 0x00784138 = 0x710cee0b
S - OEM Config Row 0 @ 0x00784188 = 0x0000000400000000
S - OEM Config Row 1 @ 0x00784190 = 0x0000000000000000
S - Feature Config Row 0 @ 0x007841a0 = 0x0050200080000400
S - Feature Config Row 1 @ 0x007841a8 = 0xe000ffff00007fff
S - Core 0 Frequency, 1516 MHz
S - PBL Patch Ver: 1
S - PBL freq: 600 MHZ
B -        94 - PBL, Start
B -      5279 - bootable_media_detect_entry
B -     44106 - bootable_media_detect_success
B -     44483 - elf_loader_entry
B -     45046 - auth_hash_seg_entry
B -     45242 - auth_hash_seg_exit
B -     51093 - elf_segs_hash_verify_entry
B -     57888 - elf_segs_hash_verify_exit
B -     58515 - auth_xbl_sec_hash_seg_entry
B -     65894 - auth_xbl_sec_hash_seg_exit
B -     65896 - xbl_sec_segs_hash_verify_entry
B -     66654 - xbl_sec_segs_hash_verify_exit
B -     66679 - PBL, End
B -     81191 - SBL1, Start
B -    205082 - boot_flash_init, Start
D -         0 - boot_flash_init, Delta
B -    208620 - xblconfig_init, Start
D -       549 - Auth Metadata
D -    188459 - xblconfig_init, Delta
B -    402051 - sbl1_ddr_set_default_params, Start
D -         0 - sbl1_ddr_set_default_params, Delta
B -    410042 - boot_config_data_table_init, Start
B -    414708 - CDT not programmed, using default
D -      4544 - boot_config_data_table_init, Delta - (54 Bytes)
B -    429226 - CDT Version:3,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B -    434930 - pm_device_init, Start
B -   1514660 - PM: PON REASON: PM0=0x8000024000020021:0x0
PM1=0x8000084000080020:0x0 PM2=0x8000084000080020:0x0
B -   1574837 - PM: SET_VAL:Skip
D -   1140425 - pm_device_init, Delta
B -   1577826 - pm_driver_init, Start
D -      5337 - pm_driver_init, Delta
B -   1586610 - PM: Trigger FG IMA Reset
B -   1590239 - PM: Trigger FG IMA Reset.Completed
B -   1599450 - PM: EntryVbat: 4221; EntrySOC: -1
B -   1599481 - PM: ADSP result: 0
B -   1604025 - PM: Manually set ICL 500mA
B -   1607106 - PM: BATT TEMP: 29 DegC
B -   1611132 - vsense_init, Start
D -         0 - vsense_init, Delta
B -   1647762 - Pre_DDR_clock_init, Start
D -        61 - Pre_DDR_clock_init, Delta
D -   1651575 - sbl1_ddr_set_params, Delta
B -   1655326 - sbl1_ddr_init, Start
B -   1659261 - Freeze IOs = 0x1, 0x1, 0x1, 0x1, DBG PDC Tr = 0x0,
First Pass expire = 0x0, First Pass complete = 0x1
D -      9058 - sbl1_ddr_init, Delta
B -   1673169 - do_ddr_training, Start
D -         0 - do_ddr_training, Delta
B -   1679787 - pImem Init Start
D -      4422 - pImem Init End, Delta
B -   1691743 - clock_init, Start
D -       244 - clock_init, Delta
B -   1695037 - Image Load, Start
D -      2867 - APDP Image Loaded, Delta - (0 Bytes)
B -   1707024 - usb: chgr -  SDP_CHARGER
B -   1707359 - usb: qusb2_1: hstx , 0x5
B -   1710836 - usb: PLL1 locked , 0x5
B -   1714435 - TCSR reg value 0x10
B -   1718034 - Image Load, Start
D -       457 - Auth Metadata
D -      2837 - Segments hash check
D -     13664 - XBLRamDump Image Loaded, Delta - (582427 Bytes)
B -   1811090 - DisplayLib: LAB/IBB GetStatus(LabVregOk) failed after 25ms

B -   1818166 - DisplayDxe: Resolution 1440x2560 (2 intf)

B -   2129632 - usb: init start
B -   2130760 - usb: ss_lane_1st
B -   2132834 - usb: usb_lane
B -   2136708 - usb: qusb2_1: hstx , 0x5
B -   2138385 - usb: PLL1 locked , 0x5
B -   2142137 - usb: id_p , 0x1009b
B -   2145461 - usb: VBUS High!
B -   2245898 - usb: suspended
B -   2435120 - usb: HIGH , 0x900e
B -   2567246 - usb: HIGH , 0x900e
B -   2670702 - usb: ENUM success

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ