| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <eg6hush5t5r2seelkolmb3hqjlmh7w3yzekb3lnn4sm3qxufee@e3eberzr4izp>
Date: Fri, 22 Aug 2025 21:21:46 +0300
From: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
To: Shuai Zhang <quic_shuaz@...cinc.com>
Cc: marcel@...tmann.org, luiz.dentz@...il.com, linux-bluetooth@...r.kernel.org,
stable@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org, quic_chejiang@...cinc.com
Subject: Re: [PATCH v8] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail
when BT_EN is pulled up by hw
On Fri, Aug 22, 2025 at 08:36:05PM +0800, Shuai Zhang wrote:
> When the host actively triggers SSR and collects coredump data,
> the Bluetooth stack sends a reset command to the controller. However, due
> to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits,
> the reset command times out.
>
> To address this, this patch clears the QCA_SSR_TRIGGERED and
> QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when
> HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller
> completes the SSR process when BT_EN is always high due to hardware.
>
> For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to
> the comment in `include/net/bluetooth/hci.h`.
>
> The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN,
> and its presence can be used to determine whether BT_EN is defined in DTS.
>
> After SSR, host will not download the firmware, causing
> controller to remain in the IBS_WAKE state. Host needs
> to synchronize with the controller to maintain proper operation.
>
> Multiple triggers of SSR only first generate coredump file,
> due to memcoredump_flag no clear.
>
> add clear coredump flag when ssr completed.
>
> When the SSR duration exceeds 2 seconds, it triggers
> host tx_idle_timeout, which sets host TX state to sleep. due to the
> hardware pulling up bt_en, the firmware is not downloaded after the SSR.
> As a result, the controller does not enter sleep mode. Consequently,
> when the host sends a command afterward, it sends 0xFD to the controller,
> but the controller does not respond, leading to a command timeout.
>
> So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode.
>
> Changes since v6-7:
> - Merge the changes into a single patch.
> - Update commit.
>
> Changes since v1-5:
> - Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP.
> - Add commments for msleep(50).
> - Update format and commit.
Changelog doesn't belong to the commit message. It should be placed
under tripple-dash.
>
> Signed-off-by: Shuai Zhang <quic_shuaz@...cinc.com>
> ---
> drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++
> 1 file changed, 33 insertions(+)
>
> diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
> index 4e56782b0..9dc59b002 100644
> --- a/drivers/bluetooth/hci_qca.c
> +++ b/drivers/bluetooth/hci_qca.c
> @@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code)
> skb_queue_purge(&qca->rx_memdump_q);
> }
>
> + /*
> + * If the BT chip's bt_en pin is connected to a 3.3V power supply via
> + * hardware and always stays high, driver cannot control the bt_en pin.
> + * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and
> + * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset
> + * command timeout.
> + * Add an msleep delay to ensure controller completes the SSR process.
> + *
> + * Host will not download the firmware after SSR, controller to remain
> + * in the IBS_WAKE state, and the host needs to synchronize with it
> + *
> + * Since the bluetooth chip has been reset, clear the memdump state.
> + */
> + if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
Still based on some old tree. Could you please stop doing that?
--
With best wishes
Dmitry
Powered by blists - more mailing lists