lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250409082444.582295-1-usama.anjum@collabora.com>
Date: Wed,  9 Apr 2025 13:24:26 +0500
From: Muhammad Usama Anjum <usama.anjum@...labora.com>
To: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>,
	Jeff Hugo <jeff.hugo@....qualcomm.com>,
	Youssef Samir <quic_yabdulra@...cinc.com>,
	Matthew Leung <quic_mattleun@...cinc.com>,
	Muhammad Usama Anjum <usama.anjum@...labora.com>,
	Yan Zhen <yanzhen@...o.com>,
	Qiang Yu <quic_qianyu@...cinc.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Kunwu Chan <chentao@...inos.cn>
Cc: Carl Vanderlip <quic_carlv@...cinc.com>,
	Sumit Garg <sumit.garg@...nel.org>,
	mhi@...ts.linux.dev,
	linux-arm-msm@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH 1/1] bus: mhi: host: don't free bhie tables during power off

Fix dma_direct_alloc() failure at resume time during bhie_table
allocation. There is a crash report where at resume time, the memory
from the dma doesn't get allocated and MHI fails to re-initialize.
There may be fragmentation of some kind which fails the allocation
call.

To fix it, don't free the memory at power down. Use the same allocated
memory again and again after every resume/hibernation. This patch has
been tested with resume and hibernation both.

Here are the crash logs:

[ 3029.338587] mhi mhi0: Requested to power ON
[ 3029.338621] mhi mhi0: Power on setup success
[ 3029.668654] kworker/u33:8: page allocation failure: order:7, mode:0xc04(GFP_NOIO|GFP_DMA32), nodemask=(null),cpuset=/,mems_allowed=0
[ 3029.668682] CPU: 4 UID: 0 PID: 2744 Comm: kworker/u33:8 Not tainted 6.11.11-valve10-1-neptune-611-gb69e902b4338 #1ed779c892334112fb968aaa3facf9686b5ff0bd7
[ 3029.668690] Hardware name: Valve Galileo/Galileo, BIOS F7G0112 08/01/2024
[ 3029.668694] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
[ 3029.668717] Call Trace:
[ 3029.668722]  <TASK>
[ 3029.668728]  dump_stack_lvl+0x4e/0x70
[ 3029.668738]  warn_alloc+0x164/0x190
[ 3029.668747]  ? srso_return_thunk+0x5/0x5f
[ 3029.668754]  ? __alloc_pages_direct_compact+0xaf/0x360
[ 3029.668761]  __alloc_pages_slowpath.constprop.0+0xc75/0xd70
[ 3029.668774]  __alloc_pages_noprof+0x321/0x350
[ 3029.668782]  __dma_direct_alloc_pages.isra.0+0x14a/0x290
[ 3029.668790]  dma_direct_alloc+0x70/0x270
[ 3029.668796]  mhi_alloc_bhie_table+0xe8/0x190 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
[ 3029.668814]  mhi_fw_load_handler+0x1bc/0x310 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
[ 3029.668830]  mhi_pm_st_worker+0x5c8/0xaa0 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
[ 3029.668844]  ? srso_return_thunk+0x5/0x5f
[ 3029.668853]  process_one_work+0x17e/0x330
[ 3029.668861]  worker_thread+0x2ce/0x3f0
[ 3029.668868]  ? __pfx_worker_thread+0x10/0x10
[ 3029.668873]  kthread+0xd2/0x100
[ 3029.668879]  ? __pfx_kthread+0x10/0x10
[ 3029.668885]  ret_from_fork+0x34/0x50
[ 3029.668892]  ? __pfx_kthread+0x10/0x10
[ 3029.668898]  ret_from_fork_asm+0x1a/0x30
[ 3029.668910]  </TASK>

Tested-on: QCNFA765 WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
---
 drivers/bus/mhi/host/boot.c | 11 +++++++----
 drivers/bus/mhi/host/init.c | 15 +++------------
 2 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c
index efa3b6dddf4d2..8b3d2b9d239c3 100644
--- a/drivers/bus/mhi/host/boot.c
+++ b/drivers/bus/mhi/host/boot.c
@@ -323,6 +323,7 @@ void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl,
 				  mhi_buf->buf, mhi_buf->dma_addr);
 
 	kfree(image_info->mhi_buf);
+	image_info->mhi_buf = NULL;
 	kfree(image_info);
 }
 
@@ -584,10 +585,12 @@ void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
 	 * device transitioning into MHI READY state
 	 */
 	if (fw_load_type == MHI_FW_LOAD_FBC) {
-		ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
-		if (ret) {
-			release_firmware(firmware);
-			goto error_fw_load;
+		if (!mhi_cntrl->fbc_image) {
+			ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
+			if (ret) {
+				release_firmware(firmware);
+				goto error_fw_load;
+			}
 		}
 
 		/* Load the firmware into BHIE vec table */
diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c
index 13e7a55f54ff4..3c20e4541357e 100644
--- a/drivers/bus/mhi/host/init.c
+++ b/drivers/bus/mhi/host/init.c
@@ -1173,8 +1173,9 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
 		/*
 		 * Allocate RDDM table for debugging purpose if specified
 		 */
-		mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
-				     mhi_cntrl->rddm_size);
+		if (!mhi_cntrl->rddm_image)
+			mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
+					     mhi_cntrl->rddm_size);
 		if (mhi_cntrl->rddm_image) {
 			ret = mhi_rddm_prepare(mhi_cntrl,
 					       mhi_cntrl->rddm_image);
@@ -1202,16 +1203,6 @@ EXPORT_SYMBOL_GPL(mhi_prepare_for_power_up);
 
 void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl)
 {
-	if (mhi_cntrl->fbc_image) {
-		mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
-		mhi_cntrl->fbc_image = NULL;
-	}
-
-	if (mhi_cntrl->rddm_image) {
-		mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->rddm_image);
-		mhi_cntrl->rddm_image = NULL;
-	}
-
 	mhi_cntrl->bhi = NULL;
 	mhi_cntrl->bhie = NULL;
 
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ