| Message ID | 20240816064751.284786-1-neeraj.sanjaykale@nxp.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v1] Bluetooth: btnxpuart: Fix random crash seen while removing driver | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| tedd_an/CheckPatch | success | CheckPatch PASS |
| tedd_an/GitLint | fail | WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search 12: B1 Line exceeds max length (89>80): "[ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258" 20: B1 Line exceeds max length (142>80): "[ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000" 22: B1 Line exceeds max length (416>80): "[ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)]" 23: B1 Line exceeds max length (100>80): "[ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1" |
| tedd_an/SubjectPrefix | success | Gitlint PASS |
| tedd_an/BuildKernel | success | BuildKernel PASS |
| tedd_an/CheckAllWarning | success | CheckAllWarning PASS |
| tedd_an/CheckSparse | success | CheckSparse PASS |
Dear Neeraj, Thank you for your patch. Am 16.08.24 um 08:47 schrieb Neeraj Sanjay Kale: > This fixes the random kernel crash seen while removing the driver, when > running the load/unload test over multiple iterations. How can I run the test? > The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), > which gets scheduled after module is removed, causing a kernel crash. > > The new ps_cleanup() deasserts UART break immediately while closing > serdev device, cancels any scheduled ps_work and destroys the ps_lock > mutex. (I’d move the paragraph below the paste of the trace.) > [ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258 > [ 85.884624] Mem abort info: > [ 85.884625] ESR = 0x0000000086000007 > [ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits > [ 85.884633] SET = 0, FnV = 0 > [ 85.884636] EA = 0, S1PTW = 0 > [ 85.884638] FSC = 0x07: level 3 translation fault > [ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000 > [ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000 > [ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP > [ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)] > [ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1 > [ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT) > [ 85.936182] Workqueue: events 0xffffd4a61638f380 > [ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) > [ 85.952817] pc : 0xffffd4a61638f258 > [ 85.952823] lr : 0xffffd4a61638f258 > [ 85.952827] sp : ffff8000084fbd70 > [ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000 > [ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305 > [ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970 > [ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000 > [ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090 > [ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139 > [ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50 > [ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8 > [ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000 > [ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000 > [ 85.977443] Call trace: > [ 85.977446] 0xffffd4a61638f258 > [ 85.977451] 0xffffd4a61638f3e8 > [ 85.977455] process_one_work+0x1d4/0x330 > [ 85.977464] worker_thread+0x6c/0x430 > [ 85.977471] kthread+0x108/0x10c > [ 85.977476] ret_from_fork+0x10/0x20 > [ 85.977488] Code: bad PC value > [ 85.977491] ---[ end trace 0000000000000000 ]--- > > Message from syslogd@imx8mmevk-NH-DUT at Fri Jul 26 05:57:37 2024 ... > kernel: Code: bad PC value > > Message from syslogd@imx8mmevk-NH-DUT at Fri Jul 26 05:57:37 2024 ... > kernel: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP > > Fixes: 86d55f124b52 ("Bluetooth: btnxpuart: Deasset UART break before closing serdev device") (Just for me, present since 6.4-rc1.) > Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> > --- > drivers/bluetooth/btnxpuart.c | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) > > diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c > index f75b24bd3045..4bac4a81249c 100644 > --- a/drivers/bluetooth/btnxpuart.c > +++ b/drivers/bluetooth/btnxpuart.c > @@ -449,6 +449,23 @@ static bool ps_wakeup(struct btnxpuart_dev *nxpdev) > return false; > } > > +static void ps_cleanup(struct btnxpuart_dev *nxpdev) > +{ > + struct ps_data *psdata = &nxpdev->psdata; > + u8 ps_state; > + > + mutex_lock(&psdata->ps_lock); > + ps_state = psdata->ps_state; > + mutex_unlock(&psdata->ps_lock); > + > + if (ps_state != PS_STATE_AWAKE) > + ps_control(psdata->hdev, PS_STATE_AWAKE); > + > + ps_cancel_timer(nxpdev); > + cancel_work_sync(&psdata->work); > + mutex_destroy(&psdata->ps_lock); > +} > + > static int send_ps_cmd(struct hci_dev *hdev, void *data) > { > struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); > @@ -1363,7 +1380,6 @@ static int btnxpuart_close(struct hci_dev *hdev) > { > struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); > > - ps_wakeup(nxpdev); > serdev_device_close(nxpdev->serdev); > skb_queue_purge(&nxpdev->txq); > if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { > @@ -1516,8 +1532,8 @@ static void nxp_serdev_remove(struct serdev_device *serdev) > nxpdev->new_baudrate = nxpdev->fw_init_baudrate; > nxp_set_baudrate_cmd(hdev, NULL); > } > - ps_cancel_timer(nxpdev); > } > + ps_cleanup(nxpdev); > hci_unregister_dev(hdev); > hci_free_dev(hdev); > } Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de> Kind regards, Paul
Hi Paul Thank you for reviewing the patch. > > Fixes: 86d55f124b52 ("Bluetooth: btnxpuart: Deasset UART break before > > closing serdev device") > > (Just for me, present since 6.4-rc1.) > This issue is seen from v6.9.11. It was highlighted after default power save mechanism was set to enable. I have added the details to the commit message. Thanks, Neeraj
diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index f75b24bd3045..4bac4a81249c 100644 --- a/drivers/bluetooth/btnxpuart.c +++ b/drivers/bluetooth/btnxpuart.c @@ -449,6 +449,23 @@ static bool ps_wakeup(struct btnxpuart_dev *nxpdev) return false; } +static void ps_cleanup(struct btnxpuart_dev *nxpdev) +{ + struct ps_data *psdata = &nxpdev->psdata; + u8 ps_state; + + mutex_lock(&psdata->ps_lock); + ps_state = psdata->ps_state; + mutex_unlock(&psdata->ps_lock); + + if (ps_state != PS_STATE_AWAKE) + ps_control(psdata->hdev, PS_STATE_AWAKE); + + ps_cancel_timer(nxpdev); + cancel_work_sync(&psdata->work); + mutex_destroy(&psdata->ps_lock); +} + static int send_ps_cmd(struct hci_dev *hdev, void *data) { struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); @@ -1363,7 +1380,6 @@ static int btnxpuart_close(struct hci_dev *hdev) { struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); - ps_wakeup(nxpdev); serdev_device_close(nxpdev->serdev); skb_queue_purge(&nxpdev->txq); if (!IS_ERR_OR_NULL(nxpdev->rx_skb)) { @@ -1516,8 +1532,8 @@ static void nxp_serdev_remove(struct serdev_device *serdev) nxpdev->new_baudrate = nxpdev->fw_init_baudrate; nxp_set_baudrate_cmd(hdev, NULL); } - ps_cancel_timer(nxpdev); } + ps_cleanup(nxpdev); hci_unregister_dev(hdev); hci_free_dev(hdev); }
This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), which gets scheduled after module is removed, causing a kernel crash. The new ps_cleanup() deasserts UART break immediately while closing serdev device, cancels any scheduled ps_work and destroys the ps_lock mutex. [ 85.884604] Unable to handle kernel paging request at virtual address ffffd4a61638f258 [ 85.884624] Mem abort info: [ 85.884625] ESR = 0x0000000086000007 [ 85.884628] EC = 0x21: IABT (current EL), IL = 32 bits [ 85.884633] SET = 0, FnV = 0 [ 85.884636] EA = 0, S1PTW = 0 [ 85.884638] FSC = 0x07: level 3 translation fault [ 85.884642] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041dd0000 [ 85.884646] [ffffd4a61638f258] pgd=1000000095fff003, p4d=1000000095fff003, pud=100000004823d003, pmd=100000004823e003, pte=0000000000000000 [ 85.884662] Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP [ 85.890932] Modules linked in: algif_hash algif_skcipher af_alg overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 caam secvio error snd_soc_fsl_spdif snd_soc_fsl_micfil snd_soc_fsl_sai snd_soc_fsl_utils gpio_ir_recv rc_core fuse [last unloaded: btnxpuart(O)] [ 85.927297] CPU: 1 PID: 67 Comm: kworker/1:3 Tainted: G O 6.1.36+g937b1be4345a #1 [ 85.936176] Hardware name: FSL i.MX8MM EVK board (DT) [ 85.936182] Workqueue: events 0xffffd4a61638f380 [ 85.936198] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 85.952817] pc : 0xffffd4a61638f258 [ 85.952823] lr : 0xffffd4a61638f258 [ 85.952827] sp : ffff8000084fbd70 [ 85.952829] x29: ffff8000084fbd70 x28: 0000000000000000 x27: 0000000000000000 [ 85.963112] x26: ffffd4a69133f000 x25: ffff4bf1c8540990 x24: ffff4bf215b87305 [ 85.963119] x23: ffff4bf215b87300 x22: ffff4bf1c85409d0 x21: ffff4bf1c8540970 [ 85.977382] x20: 0000000000000000 x19: ffff4bf1c8540880 x18: 0000000000000000 [ 85.977391] x17: 0000000000000000 x16: 0000000000000133 x15: 0000ffffe2217090 [ 85.977399] x14: 0000000000000001 x13: 0000000000000133 x12: 0000000000000139 [ 85.977407] x11: 0000000000000001 x10: 0000000000000a60 x9 : ffff8000084fbc50 [ 85.977417] x8 : ffff4bf215b7d000 x7 : ffff4bf215b83b40 x6 : 00000000000003e8 [ 85.977424] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000000 [ 85.977432] x2 : 0000000000000000 x1 : ffff4bf1c4265880 x0 : 0000000000000000 [ 85.977443] Call trace: [ 85.977446] 0xffffd4a61638f258 [ 85.977451] 0xffffd4a61638f3e8 [ 85.977455] process_one_work+0x1d4/0x330 [ 85.977464] worker_thread+0x6c/0x430 [ 85.977471] kthread+0x108/0x10c [ 85.977476] ret_from_fork+0x10/0x20 [ 85.977488] Code: bad PC value [ 85.977491] ---[ end trace 0000000000000000 ]--- Message from syslogd@imx8mmevk-NH-DUT at Fri Jul 26 05:57:37 2024 ... kernel: Code: bad PC value Message from syslogd@imx8mmevk-NH-DUT at Fri Jul 26 05:57:37 2024 ... kernel: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP Fixes: 86d55f124b52 ("Bluetooth: btnxpuart: Deasset UART break before closing serdev device") Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com> --- drivers/bluetooth/btnxpuart.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-)