lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e9bdcf44-e20a-4824-a0d4-8c6c52ed1e9b@notapiano>
Date: Tue, 16 Jul 2024 08:20:41 -0400
From: Nícolas F. R. A. Prado <nfraprado@...labora.com>
To: Chris Lu (陸稚泓) <Chris.Lu@...iatek.com>
Cc: "luiz.dentz@...il.com" <luiz.dentz@...il.com>,
	"marcel@...tmann.org" <marcel@...tmann.org>,
	"linux-mediatek@...ts.infradead.org" <linux-mediatek@...ts.infradead.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"kernelci@...ts.linux.dev" <kernelci@...ts.linux.dev>,
	"linux-bluetooth@...r.kernel.org" <linux-bluetooth@...r.kernel.org>,
	"regressions@...ts.linux.dev" <regressions@...ts.linux.dev>,
	"johan.hedberg@...il.com" <johan.hedberg@...il.com>,
	Steve Lee (李視誠) <steve.lee@...iatek.com>,
	"kernel@...labora.com" <kernel@...labora.com>,
	Sean Wang <Sean.Wang@...iatek.com>,
	Aaron Hou (侯俊仰) <Aaron.Hou@...iatek.com>
Subject: Re: [PATCH v7 8/8] Bluetooth: btusb: mediatek: add ISO data
 transmission functions

On Tue, Jul 16, 2024 at 07:59:53AM +0000, Chris Lu (陸稚泓) wrote:
> Hi Nicolas,
> 
> Thanks for reporting the crash issue, I've sent another patc to avoid
> this crash issue happened. kill anchor function wasn't protect well if
> MediaTek Bluetooth failed to setup. Add a flag check when running into
> btmtk_usb_suspend function.

Hi Chris,

thanks for the quick follow up! I see the patch at
https://lore.kernel.org/all/20240716074947.23073-1-chris.lu@mediatek.com/

I'll try it and reply there with my results.

Thanks,
Nícolas

> 
> Thanks a lot,
> Chris
> 
> On Mon, 2024-07-15 at 18:36 -0400, Nícolas F. R. A. Prado wrote:
> > On Thu, Jul 04, 2024 at 02:01:16PM +0800, Chris Lu wrote:
> > > This patch implements functions for ISO data send and receive in
> > > btusb
> > > driver for MediaTek's controller.
> > > 
> > > MediaTek defines a specific interrupt endpoint for ISO data
> > > transmissin
> > > because the characteristics of interrupt endpoint are similar to
> > > the
> > > application of ISO data which can support guaranteed transmissin
> > > bandwidth, enough maximum data length and error checking mechanism.
> > > 
> > > Driver sets up ISO interface and endpoints in btusb_mtk_setup and
> > > clears
> > > the setup in btusb_mtk_shutdown. These flow can't move to btmtk.c
> > > due to
> > > btusb_driver is only defined in btusb.c when claiming/relaesing
> > > interface.
> > > ISO packet anchor stops when driver suspending and resubmit
> > > interrupt urb
> > > for ISO data when driver resuming.
> > > 
> > > Signed-off-by: Chris Lu <chris.lu@...iatek.com>
> > > ---
> > 
> > Hi,
> > 
> > KernelCI has identified a boot regression originating from this
> > patch. It
> > affects the mt8195-cherry-tomato-r2 platform.
> > 
> > Through additional runs I've determined that it only happens when the
> > bluetooth
> > firmware (BT_RAM_CODE_MT7961_1_2_hdr.bin) isn't present. I realize
> > the firmware
> > should be present to make proper use of the bluetooth driver, and
> > I'll add it to
> > our testing images. Still, a panic shouldn't happen when it's
> > missing, hence
> > this report.
> > 
> > Reverting this patch fixes the issue.
> > 
> > This is the traceback:
> > 
> > [    6.734214] BUG: spinlock bad magic on CPU#3, kworker/3:1/104
> > [    6.740002]  lock: 0xffff2c7b8655f660, .magic: 00000000, .owner:
> > <none>/-1, .owner_cpu: 0
> > [    6.748207] CPU: 3 UID: 0 PID: 104 Comm: kworker/3:1 Not tainted
> > 6.10.0-next-20240715 #1 35893202ca8f99b37129997821441a29d2b23f0a
> > [    6.759874] Hardware name: Acer Tomato (rev2) board (DT)
> > [    6.765195] Workqueue: pm pm_runtime_work
> > [    6.769235] Call trace:
> > [    6.771689]  dump_backtrace+0x9c/0x100
> > [    6.775456]  show_stack+0x20/0x38
> > [    6.778786]  dump_stack_lvl+0x80/0xf8
> > [    6.782463]  dump_stack+0x18/0x28
> > [    6.785791]  spin_bug+0x90/0xd8
> > [    6.788950]  do_raw_spin_lock+0xf4/0x128
> > [    6.792890]  _raw_spin_lock_irq+0x30/0x70
> > [    6.796915]  usb_kill_anchored_urbs+0x48/0x1e0
> > [    6.801378]  btmtk_usb_suspend+0x20/0x38 [btmtk
> > 5f200a97badbdfda4266773fee49acfc8e0224d5]
> > [    6.809578]  btusb_suspend+0xd0/0x210 [btusb
> > 0bfbf19a87ff406c83b87268b87ce1e80e9a829b]
> > [    6.817527]  usb_suspend_both+0x90/0x288
> > [    6.821469]  usb_runtime_suspend+0x3c/0xa8
> > [    6.825585]  __rpm_callback+0x50/0x1f0
> > [    6.829351]  rpm_callback+0x70/0x88
> > [    6.832856]  rpm_suspend+0xe4/0x5a0
> > [    6.836361]  pm_runtime_work+0xd4/0xe0
> > [    6.840126]  process_one_work+0x18c/0x440
> > [    6.844156]  worker_thread+0x314/0x428
> > [    6.847923]  kthread+0x128/0x138
> > [    6.851167]  ret_from_fork+0x10/0x20
> > [    6.854769] Unable to handle kernel paging request at virtual
> > address ffffffffffffffd8
> > [    6.862694] Mem abort info:
> > [    6.865494]   ESR = 0x0000000096000006
> > [    6.869249]   EC = 0x25: DABT (current EL), IL = 32 bits
> > [    6.874571]   SET = 0, FnV = 0
> > [    6.877632]   EA = 0, S1PTW = 0
> > [    6.880780]   FSC = 0x06: level 2 translation fault
> > [    6.885665] Data abort info:
> > [    6.888553]   ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
> > [    6.894044]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
> > [    6.899103]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
> > [    6.904423] swapper pgtable: 4k pages, 48-bit VAs,
> > pgdp=0000000042533000
> > [    6.911134] [ffffffffffffffd8] pgd=0000000000000000,
> > p4d=0000000042e94003, pud=0000000042e95003, pmd=0000000000000000
> > lav[    6.921781] Internal error: Oops: 0000000096000006 [#1] PREEMPT
> > SMP
> > [    6.921794] Modules linked in: mt7921e mt7921_common mt792x_lib
> > mt76_connac_lib mt76 mtk_vcodec_dec_hw mac80211 cros_ec_lid_angle
> > cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer
> > cfg80211 kfifo_buf mtk_vcodec_dec mtk_jpeg v4l2_vp9 cros_ec_rpmsg
> > mtk_vcodec_enc v4l2_h264 mtk_jpeg_enc_hw btusb mtk_vcodec_dbgfs
> > mtk_jpeg_dec_hw mtk_dp mtk_vcodec_common btintel btbcm uvcvideo btmtk
> > mtk_mdp3 videobuf2_vmalloc v4l2_mem2mem btrtl uvc joydev
> > videobuf2_v4l2 videobuf2_dma_contig bluetooth elan_i2c
> > videobuf2_memops ecdh_generic ecc videobuf2_common cros_ec_sensorhub
> > cros_kbd_led_backlight mtk_scp snd_sof_mt8195 pcie_mediatek_gen3
> > mtk_rpmsg mtk_svs mtk_adsp_common snd_sof_xtensa_dsp rpmsg_core
> > lvts_thermal snd_sof_of mtk_scp_ipi snd_soc_mt8195_afe snd_sof
> > snd_sof_utils mtk_wdt mt6577_auxadc mt8195_mt6359
> > [    6.922087] CPU: 3 UID: 0 PID: 104 Comm: kworker/3:1 Not tainted
> > 6.10.0-next-20240715 #1 35893202ca8f99b37129997821441a29d2b23f0a
> > [    6.922106] Hardware name: Acer Tomato (rev2) board (DT)
> > [    6.922114] Workqueue: pm pm_runtime_work
> > [    6.922132] pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS
> > BTYPE=--)
> > [    6.922147] pc : usb_kill_anchored_urbs+0x6c/0x1e0
> > [    6.922164] lr : usb_kill_anchored_urbs+0x48/0x1e0
> > [    6.922181] sp : ffff800080903b60
> > [    6.922187] x29: ffff800080903b60 x28: ffff2c7b85c32b80 x27:
> > ffff2c7bbb370930
> > [    6.922211] x26: 00000000000f4240 x25: 00000000ffffffff x24:
> > ffffd49ece2dcb48
> > [    6.922233] x23: 0000000000000001 x22: ffff2c7b8655f660 x21:
> > ffff2c7b8655f628
> > [    6.922255] x20: ffffffffffffffd8 x19: 0000000000000000 x18:
> > 0000000000000006
> > [    6.922276] x17: 6531656337386238 x16: 3632373862333863 x15:
> > ffff800080903480
> > [    6.922297] x14: 0000000000000000 x13: 303278302f303178 x12:
> > ffffd49ecf090e30
> > [    6.922318] x11: 0000000000000001 x10: 0000000000000001 x9 :
> > ffffd49ecd2c5bb4
> > [    6.922339] x8 : c0000000ffffdfff x7 : ffffd49ecefe0db8 x6 :
> > 00000000000affa8
> > [    6.922360] x5 : ffff2c7bbb35dd48 x4 : 0000000000000000 x3 :
> > 0000000000000000
> > [    6.922379] x2 : 0000000000000000 x1 : 0000000000000003 x0 :
> > ffffffffffffffd8
> > [    6.922400] Call trace:
> > [    6.922405]  usb_kill_anchored_urbs+0x6c/0x1e0
> > [    6.922422]  btmtk_usb_suspend+0x20/0x38 [btmtk
> > 5f200a97badbdfda4266773fee49acfc8e0224d5]
> > [    6.922444]  btusb_suspend+0xd0/0x210 [btusb
> > 0bfbf19a87ff406c83b87268b87ce1e80e9a829b]
> > [    6.922469]  usb_suspend_both+0x90/0x288
> > [    6.922487]  usb_runtime_suspend+0x3c/0xa8
> > [    6.922507]  __rpm_callback+0x50/0x1f0
> > [    6.922523]  rpm_callback+0x70/0x88
> > [    6.922538]  rpm_suspend+0xe4/0x5a0
> > [    6.922553]  pm_runtime_work+0xd4/0xe0
> > [    6.922569]  process_one_work+0x18c/0x440
> > [    6.922588]  worker_thread+0x314/0x428
> > [    6.922606]  kthread+0x128/0x138
> > [    6.922621]  ret_from_fork+0x10/0x20
> > [    6.922644] Code: f100a274 54000520 d503201f d100a260 (b8370000)
> > [    6.922654] ---[ end trace 0000000000000000 ]---
> > a-148[    7.203910] Kernel panic - not syncing: Oops: Fatal exception
> > [    7.209649] SMP: stopping secondary CPUs
> > [    7.213713] Kernel Offset: 0x549e4c400000 from 0xffff800080000000
> > [    7.219796] PHYS_OFFSET: 0xfff0d38580000000
> > [    7.223969] CPU features: 0x04,0000000b,80140528,4200720b
> > [    7.229360] Memory Limit: none
> > 
> > Full kernel log: 
> > https://urldefense.com/v3/__http://0x0.st/X9rx.txt__;!!CTRNKA9wMg0ARbw!g_UleOH6C5AdZoKEVoko3ewb6zKCcWfDGfw3u6LV_x3JCST7WnvMrAzM7wP0A4WkiW4v0EM53wjf8el1gXWfqA$
> >  
> > Config: 
> > https://urldefense.com/v3/__http://0x0.st/X9r2.txt__;!!CTRNKA9wMg0ARbw!g_UleOH6C5AdZoKEVoko3ewb6zKCcWfDGfw3u6LV_x3JCST7WnvMrAzM7wP0A4WkiW4v0EM53wjf8enPGJN1sg$
> >  
> > 
> > #regzbot introduced: ee6bd4b95c66
> > #regzbot title: usb_kill_anchored_urbs panic during boot on mt8195-
> > cherry-tomato-r2
> > 
> > Thanks,
> > Nícolas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ