| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56f4b9fc-69ba-c867-653b-7ea28ad8ab0b@quicinc.com>
Date: Wed, 9 Apr 2025 16:55:39 +0530
From: Krishna Chaitanya Chundru <quic_krichai@...cinc.com>
To: Muhammad Usama Anjum <usama.anjum@...labora.com>,
Manivannan Sadhasivam
<manivannan.sadhasivam@...aro.org>,
Jeff Hugo <jeff.hugo@....qualcomm.com>,
Youssef Samir <quic_yabdulra@...cinc.com>,
Matthew Leung
<quic_mattleun@...cinc.com>,
Yan Zhen <yanzhen@...o.com>, Qiang Yu
<quic_qianyu@...cinc.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kunwu Chan <chentao@...inos.cn>
CC: Carl Vanderlip <quic_carlv@...cinc.com>,
Sumit Garg
<sumit.garg@...nel.org>, <mhi@...ts.linux.dev>,
<linux-arm-msm@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/1] bus: mhi: host: don't free bhie tables during power
off
On 4/9/2025 1:54 PM, Muhammad Usama Anjum wrote:
> Fix dma_direct_alloc() failure at resume time during bhie_table
> allocation. There is a crash report where at resume time, the memory
> from the dma doesn't get allocated and MHI fails to re-initialize.
> There may be fragmentation of some kind which fails the allocation
> call.
>
> To fix it, don't free the memory at power down. Use the same allocated
> memory again and again after every resume/hibernation. This patch has
> been tested with resume and hibernation both.
How do you handle the mhi un-register case, in that case all the MHI
memory needs to be freed.
>
> Here are the crash logs:
>
> [ 3029.338587] mhi mhi0: Requested to power ON
> [ 3029.338621] mhi mhi0: Power on setup success
> [ 3029.668654] kworker/u33:8: page allocation failure: order:7, mode:0xc04(GFP_NOIO|GFP_DMA32), nodemask=(null),cpuset=/,mems_allowed=0
> [ 3029.668682] CPU: 4 UID: 0 PID: 2744 Comm: kworker/u33:8 Not tainted 6.11.11-valve10-1-neptune-611-gb69e902b4338 #1ed779c892334112fb968aaa3facf9686b5ff0bd7
> [ 3029.668690] Hardware name: Valve Galileo/Galileo, BIOS F7G0112 08/01/2024
> [ 3029.668694] Workqueue: mhi_hiprio_wq mhi_pm_st_worker [mhi]
> [ 3029.668717] Call Trace:
> [ 3029.668722] <TASK>
> [ 3029.668728] dump_stack_lvl+0x4e/0x70
> [ 3029.668738] warn_alloc+0x164/0x190
> [ 3029.668747] ? srso_return_thunk+0x5/0x5f
> [ 3029.668754] ? __alloc_pages_direct_compact+0xaf/0x360
> [ 3029.668761] __alloc_pages_slowpath.constprop.0+0xc75/0xd70
> [ 3029.668774] __alloc_pages_noprof+0x321/0x350
> [ 3029.668782] __dma_direct_alloc_pages.isra.0+0x14a/0x290
> [ 3029.668790] dma_direct_alloc+0x70/0x270
> [ 3029.668796] mhi_alloc_bhie_table+0xe8/0x190 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
> [ 3029.668814] mhi_fw_load_handler+0x1bc/0x310 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
> [ 3029.668830] mhi_pm_st_worker+0x5c8/0xaa0 [mhi faa917c5aa23a5f5b12d6a2c597067e16d2fedc0]
> [ 3029.668844] ? srso_return_thunk+0x5/0x5f
> [ 3029.668853] process_one_work+0x17e/0x330
> [ 3029.668861] worker_thread+0x2ce/0x3f0
> [ 3029.668868] ? __pfx_worker_thread+0x10/0x10
> [ 3029.668873] kthread+0xd2/0x100
> [ 3029.668879] ? __pfx_kthread+0x10/0x10
> [ 3029.668885] ret_from_fork+0x34/0x50
> [ 3029.668892] ? __pfx_kthread+0x10/0x10
> [ 3029.668898] ret_from_fork_asm+0x1a/0x30
> [ 3029.668910] </TASK>
>
> Tested-on: QCNFA765 WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
> Signed-off-by: Muhammad Usama Anjum <usama.anjum@...labora.com>
> ---
> drivers/bus/mhi/host/boot.c | 11 +++++++----
> drivers/bus/mhi/host/init.c | 15 +++------------
> 2 files changed, 10 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c
> index efa3b6dddf4d2..8b3d2b9d239c3 100644
> --- a/drivers/bus/mhi/host/boot.c
> +++ b/drivers/bus/mhi/host/boot.c
> @@ -323,6 +323,7 @@ void mhi_free_bhie_table(struct mhi_controller *mhi_cntrl,
> mhi_buf->buf, mhi_buf->dma_addr);
>
> kfree(image_info->mhi_buf);
> + image_info->mhi_buf = NULL;
image_info is getting freed in the next line. why do we need this?
- Krishna Chaitanya.
> kfree(image_info);
> }
>
> @@ -584,10 +585,12 @@ void mhi_fw_load_handler(struct mhi_controller *mhi_cntrl)
> * device transitioning into MHI READY state
> */
> if (fw_load_type == MHI_FW_LOAD_FBC) {
> - ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
> - if (ret) {
> - release_firmware(firmware);
> - goto error_fw_load;
> + if (!mhi_cntrl->fbc_image) {
> + ret = mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->fbc_image, fw_sz);
> + if (ret) {
> + release_firmware(firmware);
> + goto error_fw_load;
> + }
> }
>
> /* Load the firmware into BHIE vec table */
> diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c
> index 13e7a55f54ff4..3c20e4541357e 100644
> --- a/drivers/bus/mhi/host/init.c
> +++ b/drivers/bus/mhi/host/init.c
> @@ -1173,8 +1173,9 @@ int mhi_prepare_for_power_up(struct mhi_controller *mhi_cntrl)
> /*
> * Allocate RDDM table for debugging purpose if specified
> */
> - mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
> - mhi_cntrl->rddm_size);
> + if (!mhi_cntrl->rddm_image)
> + mhi_alloc_bhie_table(mhi_cntrl, &mhi_cntrl->rddm_image,
> + mhi_cntrl->rddm_size);
> if (mhi_cntrl->rddm_image) {
> ret = mhi_rddm_prepare(mhi_cntrl,
> mhi_cntrl->rddm_image);
> @@ -1202,16 +1203,6 @@ EXPORT_SYMBOL_GPL(mhi_prepare_for_power_up);
>
> void mhi_unprepare_after_power_down(struct mhi_controller *mhi_cntrl)
> {
> - if (mhi_cntrl->fbc_image) {
> - mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->fbc_image);
> - mhi_cntrl->fbc_image = NULL;
> - }
> -
> - if (mhi_cntrl->rddm_image) {
> - mhi_free_bhie_table(mhi_cntrl, mhi_cntrl->rddm_image);
> - mhi_cntrl->rddm_image = NULL;
> - }
> -
> mhi_cntrl->bhi = NULL;
> mhi_cntrl->bhie = NULL;
>
Powered by blists - more mailing lists