lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5a6a866e-3fbc-473d-bfcb-89c1e421ca32@quicinc.com>
Date: Wed, 27 Aug 2025 17:53:10 +0800
From: Shuai Zhang <quic_shuaz@...cinc.com>
To: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
CC: <marcel@...tmann.org>, <luiz.dentz@...il.com>,
        <linux-bluetooth@...r.kernel.org>, <stable@...r.kernel.org>,
        <linux-arm-msm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <quic_chejiang@...cinc.com>
Subject: Re: [PATCH v10] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail
 when BT_EN is pulled up by hw

Hi,Dmitry 

On 8/27/2025 9:57 AM, Dmitry Baryshkov wrote:
> On Mon, Aug 25, 2025 at 07:38:58PM +0800, Shuai Zhang wrote:
>> When the host actively triggers SSR and collects coredump data,
>> the Bluetooth stack sends a reset command to the controller. However, due
>> to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits,
>> the reset command times out.
>>
>> To address this, this patch clears the QCA_SSR_TRIGGERED and
>> QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when
>> HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller
>> completes the SSR process when BT_EN is always high due to hardware.
>>
>> For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to
>> the comment in `include/net/bluetooth/hci.h`.
>>
>> The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN,
>> and its presence can be used to determine whether BT_EN is defined in DTS.
>>
>> After SSR, host will not download the firmware, causing
>> controller to remain in the IBS_WAKE state. Host needs
>> to synchronize with the controller to maintain proper operation.
>>
>> Multiple triggers of SSR only first generate coredump file,
>> due to memcoredump_flag no clear.
>>
>> add clear coredump flag when ssr completed.
>>
>> When the SSR duration exceeds 2 seconds, it triggers
>> host tx_idle_timeout, which sets host TX state to sleep. due to the
>> hardware pulling up bt_en, the firmware is not downloaded after the SSR.
>> As a result, the controller does not enter sleep mode. Consequently,
>> when the host sends a command afterward, it sends 0xFD to the controller,
>> but the controller does not respond, leading to a command timeout.
>>
>> So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode.
>>
>> ---
>> Changs since v8-v9:
>> -- Update base patch to latest patch.
>> -- add Cc stable@...r.kernel.org on signed-of.
>>
>> Changes since v6-7:
>> - Merge the changes into a single patch.
>> - Update commit.
>>
>> Changes since v1-5:
>> - Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP.
>> - Add commments for msleep(50).
>> - Update format and commit.
>>
>> Signed-off-by: Shuai Zhang <quic_shuaz@...cinc.com>
>> Cc: stable@...r.kernel.org
>> ---
>>  drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++
>>  1 file changed, 33 insertions(+)
> 
>> +	if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
> 
> Please. Stop. I've asked several times to make sure that your patch
> builds. It still doesn't. You are still using some older kernel version
> as your baseline. This patch won't build even on released 6.16 (which is
> already too old for development).`
> 
> So... Please find somebody next to you who can do that.

I finally understand. I have modified test_bit, 
and I sincerely thank you for your repeated friendly reminders.

> 
>> +		/*
>> +		 * When the SSR (SubSystem Restart) duration exceeds 2 seconds,
>> +		 * it triggers host tx_idle_delay, which sets host TX state
>> +		 * to sleep. Reset tx_idle_timer after SSR to prevent
>> +		 * host enter TX IBS_Sleep mode.
>> +		 */
>> +		mod_timer(&qca->tx_idle_timer, jiffies +
>> +				  msecs_to_jiffies(qca->tx_idle_delay));
>> +
>> +		/* Controller reset completion time is 50ms */
>> +		msleep(50);
>> +
>> +		clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
>> +		clear_bit(QCA_IBS_DISABLED, &qca->flags);
>> +
>> +		qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
>> +		qca->memdump_state = QCA_MEMDUMP_IDLE;
>> +	}
>> +
>>  	clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
>>  }
>>  
>> -- 
>> 2.34.1
>>
> 
BR,
Shuai

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ