subject:"\[xhci\] null pointer dereference on ring_doorbell_for_active

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-07-28 Thread Oleksij Rempel


Hi Mathias,

this bug makes me cry...
same kernel config, same git revision... but i just can't reproduce it 
this... grrr.
There is one more mysterious bug graphic related bug on this machine. 
May be they are related.



Am 25.07.2013 18:07, schrieb Mathias Nyman:


Hi

I just started looking at this issue as well from xhci perspective.
 From your Oops backtrace I can see that
ring_doorbell_for_active_rings() was called from handle_cmd_completion()

This should only happend if  XHCI_RESET_EP_QUIRK is set, i.e. you have a
Fresco Logic host controller.


It is not Fresco Logic HC, it is Intel Ivy Bridge.



In that case the ep_index calculation in handle_cmd_completion() look
suspicious, it looks like we do a -1 subtraction twice.

/* Input ctx add_flags are the endpoint index plus one */
ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags)) - 1;

xhci_last_valid_endpoint() already does a -1

could you try something like:

- ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags))
- 1;
+ ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags));

and see if it helps?


I will test it, so far i'll be able to reproduce this bug again. I do 
not know what i miss.



-Mathias

On 07/09/2013 08:08 PM, Oleksij Rempel wrote:

You have right.

this problem didn't disappear, it just masked and have other side effect.
I get corrupt buffers after reloading of ath9k_htc(wifi usb adapter) ...
some times laptop will crash in same way like the bug i reported you
before.. If I reduce command buffer size (and size of urb) or reload
xhci_hcd module i can avoid crashes or buffer corruption. Looks like
some part of memory is corrupt.
Then i noticed some problems with usb mouse. It just stop to respond. I
assumed hardware problem, but after reloading xhci_hcd i can bring mouse
back. In case of mouse, i just can't check if buffers are ok.

PS: I had similar problem with i915. It got null pointer dereference by
attaching vga cable. See:
https://bugs.freedesktop.org/show_bug.cgi?id=48652#c107
But it seems to be fixed by disabling Intel VT-d. Suddenly it wont
solve problem with xhcd... may be this problems have same root.

Am 08.07.2013 18:37, schrieb Sarah Sharp:

On Sat, Jul 06, 2013 at 11:13:15AM +0200, Oleksij Rempel wrote:

Hi Sarah,

thanks you or who ever fixed this issue. With latest wireless-testing
i can't reproduce my crash any more. Instead i get this messages:


What kernel is your wireless-testing branch based on?

It would be nice to know which patch fixed your issue, since AFAIK we
didn't make a concerted effort to fix it yet. Any chance you can do a
git bisect? I'm afraid some other change in the wireless stack is
masking an xHCI driver bug.

Sarah Sharp



[ 4510.621603] ath9k_htc: Driver unloaded
[ 4516.407764] usb 3-2: reset high-speed USB device number 4 using
xhci_hcd
[ 4516.430175] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c00
[ 4516.430179] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c40
[ 4516.430181] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c80
[ 4516.430183] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39cc0
[ 4516.430185] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d00
[ 4516.430186] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d40
[ 4516.430855] usb 3-2: ath9k_htc: Firmware htc_9271.fw requested
[ 4516.431139] usbcore: registered new interface driver ath9k_htc


Am 11.06.2013 19:34, schrieb Sarah Sharp:

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:

Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this
oops. Currently i do not know if real bug is in ath9k_htc or in
xhci. Same adapter with same kernel and my patches work fine on ehci
host... so may be it is xhci.


Which kernel version is this oops on? I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when
it is
suspended and then resumed. That will be a lot of output, so feel free
to compress it.

Sarah Sharp


i get oops on this line:
426 static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
427 unsigned int slot_id,
428 unsigned int ep_index)
429 {
430 unsigned int stream_id;
431 struct xhci_virt_ep *ep;
432
433 ep = xhci-devs[slot_id]-eps[ep_index];
^^^ ^^^

changes for ath9k_htc are in attachment and photo of oops here:
https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
--
Regards,
Oleksij



diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c
b/drivers/net/wireless/ath/ath9k/hif_usb.c
index f5dda84..3d74575 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -1368,6 +1368,7 @@ static struct usb_driver

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-07-25 Thread Mathias Nyman



Hi

I just started looking at this issue as well from xhci perspective.
From your Oops backtrace I can see that 
ring_doorbell_for_active_rings() was called from handle_cmd_completion()


This should only happend if  XHCI_RESET_EP_QUIRK is set, i.e. you have a 
Fresco Logic host controller.


In that case the ep_index calculation in handle_cmd_completion() look 
suspicious, it looks like we do a -1 subtraction twice.


/* Input ctx add_flags are the endpoint index plus one */
ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags)) - 1;

xhci_last_valid_endpoint() already does a -1

could you try something like:

- ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags)) - 1;
+ ep_index = xhci_last_valid_endpoint(le32_to_cpu(ctrl_ctx-add_flags));

and see if it helps?

-Mathias

On 07/09/2013 08:08 PM, Oleksij Rempel wrote:

You have right.

this problem didn't disappear, it just masked and have other side effect.
I get corrupt buffers after reloading of ath9k_htc(wifi usb adapter) ...
some times laptop will crash in same way like the bug i reported you
before.. If I reduce command buffer size (and size of urb) or reload
xhci_hcd module i can avoid crashes or buffer corruption. Looks like
some part of memory is corrupt.
Then i noticed some problems with usb mouse. It just stop to respond. I
assumed hardware problem, but after reloading xhci_hcd i can bring mouse
back. In case of mouse, i just can't check if buffers are ok.

PS: I had similar problem with i915. It got null pointer dereference by
attaching vga cable. See:
https://bugs.freedesktop.org/show_bug.cgi?id=48652#c107
But it seems to be fixed by disabling Intel VT-d. Suddenly it wont
solve problem with xhcd... may be this problems have same root.

Am 08.07.2013 18:37, schrieb Sarah Sharp:

On Sat, Jul 06, 2013 at 11:13:15AM +0200, Oleksij Rempel wrote:

Hi Sarah,

thanks you or who ever fixed this issue. With latest wireless-testing
i can't reproduce my crash any more. Instead i get this messages:


What kernel is your wireless-testing branch based on?

It would be nice to know which patch fixed your issue, since AFAIK we
didn't make a concerted effort to fix it yet. Any chance you can do a
git bisect? I'm afraid some other change in the wireless stack is
masking an xHCI driver bug.

Sarah Sharp



[ 4510.621603] ath9k_htc: Driver unloaded
[ 4516.407764] usb 3-2: reset high-speed USB device number 4 using
xhci_hcd
[ 4516.430175] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c00
[ 4516.430179] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c40
[ 4516.430181] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c80
[ 4516.430183] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39cc0
[ 4516.430185] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d00
[ 4516.430186] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d40
[ 4516.430855] usb 3-2: ath9k_htc: Firmware htc_9271.fw requested
[ 4516.431139] usbcore: registered new interface driver ath9k_htc


Am 11.06.2013 19:34, schrieb Sarah Sharp:

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:

Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this
oops. Currently i do not know if real bug is in ath9k_htc or in
xhci. Same adapter with same kernel and my patches work fine on ehci
host... so may be it is xhci.


Which kernel version is this oops on? I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when
it is
suspended and then resumed. That will be a lot of output, so feel free
to compress it.

Sarah Sharp


i get oops on this line:
426 static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
427 unsigned int slot_id,
428 unsigned int ep_index)
429 {
430 unsigned int stream_id;
431 struct xhci_virt_ep *ep;
432
433 ep = xhci-devs[slot_id]-eps[ep_index];
^^^ ^^^

changes for ath9k_htc are in attachment and photo of oops here:
https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
--
Regards,
Oleksij



diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c
b/drivers/net/wireless/ath/ath9k/hif_usb.c
index f5dda84..3d74575 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -1368,6 +1368,7 @@ static struct usb_driver ath9k_hif_usb_driver
= {
.suspend = ath9k_hif_usb_suspend,
.resume = ath9k_hif_usb_resume,
.reset_resume = ath9k_hif_usb_resume,
+ .supports_autosuspend = 1,
#endif
.id_table = ath9k_hif_usb_ids,
.soft_unbind = 1,
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
index 0743a47..20be8a1 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
+++

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-07-09 Thread Oleksij Rempel


You have right.

this problem didn't disappear, it just masked and have other side effect.
I get corrupt buffers after reloading of ath9k_htc(wifi usb adapter) ... 
some times laptop will crash in same way like the bug i reported you 
before.. If I reduce command buffer size (and size of urb) or reload 
xhci_hcd module i can avoid crashes or buffer corruption. Looks like 
some part of memory is corrupt.
Then i noticed some problems with usb mouse. It just stop to respond. I 
assumed hardware problem, but after reloading xhci_hcd i can bring mouse 
back. In case of mouse, i just can't check if buffers are ok.


PS: I had similar problem with i915. It got null pointer dereference by 
attaching vga cable. See:

https://bugs.freedesktop.org/show_bug.cgi?id=48652#c107
But it seems to be fixed by disabling Intel VT-d. Suddenly it wont 
solve problem with xhcd... may be this problems have same root.


Am 08.07.2013 18:37, schrieb Sarah Sharp:

On Sat, Jul 06, 2013 at 11:13:15AM +0200, Oleksij Rempel wrote:

Hi Sarah,

thanks you or who ever fixed this issue. With latest wireless-testing
i can't reproduce my crash any more. Instead i get this messages:


What kernel is your wireless-testing branch based on?

It would be nice to know which patch fixed your issue, since AFAIK we
didn't make a concerted effort to fix it yet.  Any chance you can do a
git bisect?  I'm afraid some other change in the wireless stack is
masking an xHCI driver bug.

Sarah Sharp



[ 4510.621603] ath9k_htc: Driver unloaded
[ 4516.407764] usb 3-2: reset high-speed USB device number 4 using xhci_hcd
[ 4516.430175] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c00
[ 4516.430179] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c40
[ 4516.430181] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39c80
[ 4516.430183] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39cc0
[ 4516.430185] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d00
[ 4516.430186] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
with disabled ep 880113f39d40
[ 4516.430855] usb 3-2: ath9k_htc: Firmware htc_9271.fw requested
[ 4516.431139] usbcore: registered new interface driver ath9k_htc


Am 11.06.2013 19:34, schrieb Sarah Sharp:

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:

Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this
oops. Currently i do not know if real bug is in ath9k_htc or in
xhci. Same adapter with same kernel and my patches work fine on ehci
host... so may be it is xhci.


Which kernel version is this oops on?  I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when it is
suspended and then resumed.  That will be a lot of output, so feel free
to compress it.

Sarah Sharp


i get oops on this line:
426 static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
427 unsigned int slot_id,
428 unsigned int ep_index)
429 {
430 unsigned int stream_id;
431 struct xhci_virt_ep *ep;
432 
433 ep = xhci-devs[slot_id]-eps[ep_index];
^^^ ^^^

changes for ath9k_htc are in attachment and photo of oops here:
https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
--
Regards,
Oleksij



diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c 
b/drivers/net/wireless/ath/ath9k/hif_usb.c
index f5dda84..3d74575 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -1368,6 +1368,7 @@ static struct usb_driver ath9k_hif_usb_driver = {
.suspend = ath9k_hif_usb_suspend,
.resume = ath9k_hif_usb_resume,
.reset_resume = ath9k_hif_usb_resume,
+   .supports_autosuspend = 1,
  #endif
.id_table = ath9k_hif_usb_ids,
.soft_unbind = 1,
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c 
b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
index 0743a47..20be8a1 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
@@ -905,6 +905,7 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
struct ath_hw *ah = priv-ah;
struct ath_common *common = ath9k_hw_common(ah);
struct ieee80211_channel *curchan = hw-conf.chandef.chan;
+   struct hif_device_usb *hif_dev = priv-htc-hif_dev;
struct ath9k_channel *init_channel;
int ret = 0;
enum htc_phymode mode;
@@ -917,6 +918,14 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
Starting driver with initial channel: %d MHz\n,
curchan-center_freq);

+   ret = usb_autopm_get_interface(hif_dev-interface);
+   if (ret  0) {
+

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-07-08 Thread Sarah Sharp

On Sat, Jul 06, 2013 at 11:13:15AM +0200, Oleksij Rempel wrote:
 Hi Sarah,
 
 thanks you or who ever fixed this issue. With latest wireless-testing
 i can't reproduce my crash any more. Instead i get this messages:

What kernel is your wireless-testing branch based on?

It would be nice to know which patch fixed your issue, since AFAIK we
didn't make a concerted effort to fix it yet.  Any chance you can do a
git bisect?  I'm afraid some other change in the wireless stack is
masking an xHCI driver bug.

Sarah Sharp

 
 [ 4510.621603] ath9k_htc: Driver unloaded
 [ 4516.407764] usb 3-2: reset high-speed USB device number 4 using xhci_hcd
 [ 4516.430175] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39c00
 [ 4516.430179] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39c40
 [ 4516.430181] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39c80
 [ 4516.430183] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39cc0
 [ 4516.430185] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39d00
 [ 4516.430186] xhci_hcd :00:14.0: xHCI xhci_drop_endpoint called
 with disabled ep 880113f39d40
 [ 4516.430855] usb 3-2: ath9k_htc: Firmware htc_9271.fw requested
 [ 4516.431139] usbcore: registered new interface driver ath9k_htc
 
 
 Am 11.06.2013 19:34, schrieb Sarah Sharp:
 On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:
 Hello all,
 
 i'm working on usb_autosuspend for ath9k_htc and triggered this
 oops. Currently i do not know if real bug is in ath9k_htc or in
 xhci. Same adapter with same kernel and my patches work fine on ehci
 host... so may be it is xhci.
 
 Which kernel version is this oops on?  I suspect it's an xHCI issue.
 
 Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
 send me dmesg, from the beginning of connecting the device to when it is
 suspended and then resumed.  That will be a lot of output, so feel free
 to compress it.
 
 Sarah Sharp
 
 i get oops on this line:
 426 static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
 427 unsigned int slot_id,
 428 unsigned int ep_index)
 429 {
 430 unsigned int stream_id;
 431 struct xhci_virt_ep *ep;
 432 
 433 ep = xhci-devs[slot_id]-eps[ep_index];
 ^^^ ^^^
 
 changes for ath9k_htc are in attachment and photo of oops here:
 https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
 --
 Regards,
 Oleksij
 
 diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c 
 b/drivers/net/wireless/ath/ath9k/hif_usb.c
 index f5dda84..3d74575 100644
 --- a/drivers/net/wireless/ath/ath9k/hif_usb.c
 +++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
 @@ -1368,6 +1368,7 @@ static struct usb_driver ath9k_hif_usb_driver = {
 .suspend = ath9k_hif_usb_suspend,
 .resume = ath9k_hif_usb_resume,
 .reset_resume = ath9k_hif_usb_resume,
 +   .supports_autosuspend = 1,
   #endif
 .id_table = ath9k_hif_usb_ids,
 .soft_unbind = 1,
 diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c 
 b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 index 0743a47..20be8a1 100644
 --- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 +++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 @@ -905,6 +905,7 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
 struct ath_hw *ah = priv-ah;
 struct ath_common *common = ath9k_hw_common(ah);
 struct ieee80211_channel *curchan = hw-conf.chandef.chan;
 +   struct hif_device_usb *hif_dev = priv-htc-hif_dev;
 struct ath9k_channel *init_channel;
 int ret = 0;
 enum htc_phymode mode;
 @@ -917,6 +918,14 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
 Starting driver with initial channel: %d MHz\n,
 curchan-center_freq);
 
 +   ret = usb_autopm_get_interface(hif_dev-interface);
 +   if (ret  0) {
 +   ath_err(common,
 +   Unable wake up hardware\n);
 +   mutex_unlock(priv-mutex);
 +   return ret;
 +   }
 +
 /* Ensure that HW is awake before flushing RX */
 ath9k_htc_setpower(priv, ATH9K_PM_AWAKE);
 WMI_CMD(WMI_FLUSH_RECV_CMDID);
 @@ -972,6 +981,7 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
   {
 struct ath9k_htc_priv *priv = hw-priv;
 struct ath_hw *ah = priv-ah;
 +   struct hif_device_usb *hif_dev = priv-htc-hif_dev;
 struct ath_common *common = ath9k_hw_common(ah);
 int ret __attribute__ ((unused));
 u8 cmd_rsp;
 @@ -1022,6 +1032,8 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
 
 set_bit(OP_INVALID, priv-op_flags);
 
 +   usb_autopm_put_interface(hif_dev-interface);
 +
 ath_dbg(common, CONFIG, Driver halt\n);
 mutex_unlock(priv-mutex);
   }
 
 
 --
 To unsubscribe from this list: send the line unsubscribe linux-usb in
 the body of a message to majord...@vger.kernel.org
 More

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-06-12 Thread Oleksij Rempel


Am 11.06.2013 19:34, schrieb Sarah Sharp:

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:

Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this
oops. Currently i do not know if real bug is in ath9k_htc or in
xhci. Same adapter with same kernel and my patches work fine on ehci
host... so may be it is xhci.


Which kernel version is this oops on?  I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when it is
suspended and then resumed.  That will be a lot of output, so feel free
to compress it.


i learned how to use kdump :) complete log is in attachment
--
Regards,
Oleksij


crash_log.bz2
Description: application/bzip

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-06-11 Thread Sarah Sharp

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:
 Hello all,
 
 i'm working on usb_autosuspend for ath9k_htc and triggered this
 oops. Currently i do not know if real bug is in ath9k_htc or in
 xhci. Same adapter with same kernel and my patches work fine on ehci
 host... so may be it is xhci.

Which kernel version is this oops on?  I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when it is
suspended and then resumed.  That will be a lot of output, so feel free
to compress it.

Sarah Sharp

 i get oops on this line:
 426   static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
 427   unsigned int slot_id,
 428   unsigned int ep_index)
 429   {
 430   unsigned int stream_id;
 431   struct xhci_virt_ep *ep;
 432   
 433   ep = xhci-devs[slot_id]-eps[ep_index];
 ^^^ ^^^
 
 changes for ath9k_htc are in attachment and photo of oops here:
 https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
 -- 
 Regards,
 Oleksij

 diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c 
 b/drivers/net/wireless/ath/ath9k/hif_usb.c
 index f5dda84..3d74575 100644
 --- a/drivers/net/wireless/ath/ath9k/hif_usb.c
 +++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
 @@ -1368,6 +1368,7 @@ static struct usb_driver ath9k_hif_usb_driver = {
   .suspend = ath9k_hif_usb_suspend,
   .resume = ath9k_hif_usb_resume,
   .reset_resume = ath9k_hif_usb_resume,
 + .supports_autosuspend = 1,
  #endif
   .id_table = ath9k_hif_usb_ids,
   .soft_unbind = 1,
 diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c 
 b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 index 0743a47..20be8a1 100644
 --- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 +++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
 @@ -905,6 +905,7 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
   struct ath_hw *ah = priv-ah;
   struct ath_common *common = ath9k_hw_common(ah);
   struct ieee80211_channel *curchan = hw-conf.chandef.chan;
 + struct hif_device_usb *hif_dev = priv-htc-hif_dev;
   struct ath9k_channel *init_channel;
   int ret = 0;
   enum htc_phymode mode;
 @@ -917,6 +918,14 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
   Starting driver with initial channel: %d MHz\n,
   curchan-center_freq);
  
 + ret = usb_autopm_get_interface(hif_dev-interface);
 + if (ret  0) {
 + ath_err(common,
 + Unable wake up hardware\n);
 + mutex_unlock(priv-mutex);
 + return ret;
 + }
 +
   /* Ensure that HW is awake before flushing RX */
   ath9k_htc_setpower(priv, ATH9K_PM_AWAKE);
   WMI_CMD(WMI_FLUSH_RECV_CMDID);
 @@ -972,6 +981,7 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
  {
   struct ath9k_htc_priv *priv = hw-priv;
   struct ath_hw *ah = priv-ah;
 + struct hif_device_usb *hif_dev = priv-htc-hif_dev;
   struct ath_common *common = ath9k_hw_common(ah);
   int ret __attribute__ ((unused));
   u8 cmd_rsp;
 @@ -1022,6 +1032,8 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
  
   set_bit(OP_INVALID, priv-op_flags);
  
 + usb_autopm_put_interface(hif_dev-interface);
 +
   ath_dbg(common, CONFIG, Driver halt\n);
   mutex_unlock(priv-mutex);
  }
 

--
To unsubscribe from this list: send the line unsubscribe linux-usb in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-06-11 Thread Oleksij Rempel


Am 11.06.2013 19:34, schrieb Sarah Sharp:

On Mon, Jun 10, 2013 at 08:55:56AM +0200, Oleksij Rempel wrote:

Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this
oops. Currently i do not know if real bug is in ath9k_htc or in
xhci. Same adapter with same kernel and my patches work fine on ehci
host... so may be it is xhci.


Which kernel version is this oops on?  I suspect it's an xHCI issue.

Please turn on CONFIG_USB_XHCI_HCD_DEBUGGING and CONFIG_USB_DEBUG and
send me dmesg, from the beginning of connecting the device to when it is
suspended and then resumed.  That will be a lot of output, so feel free
to compress it.

Sarah Sharp



Hi Sarah,

i use 3.10.0-rc4-wl-00055-gc341e6d, and i also tested v3.8 and v3.9 with 
same results.
Suddenly i'm not able to get log after crash. This chip do not support 
serial port and ehci debug port is not available i any way - i tried it 
really hard with soldering iron :) There is even no ethernet connection 
- only usb adapter. If you have some ideas, please tell me.


--
Regards,
Oleksij
--
To unsubscribe from this list: send the line unsubscribe linux-usb in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[xhci] null pointer dereference on ring_doorbell_for_active_rings

2013-06-10 Thread Oleksij Rempel


Hello all,

i'm working on usb_autosuspend for ath9k_htc and triggered this oops. 
Currently i do not know if real bug is in ath9k_htc or in xhci. Same 
adapter with same kernel and my patches work fine on ehci host... so may 
be it is xhci.


i get oops on this line:
426 static void ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
427 unsigned int slot_id,
428 unsigned int ep_index)
429 {
430 unsigned int stream_id;
431 struct xhci_virt_ep *ep;
432 
433 ep = xhci-devs[slot_id]-eps[ep_index];
^^^ ^^^

changes for ath9k_htc are in attachment and photo of oops here:
https://plus.google.com/u/0/102032716864870215256/posts/a9d8nFsLhYK
--
Regards,
Oleksij
diff --git a/drivers/net/wireless/ath/ath9k/hif_usb.c b/drivers/net/wireless/ath/ath9k/hif_usb.c
index f5dda84..3d74575 100644
--- a/drivers/net/wireless/ath/ath9k/hif_usb.c
+++ b/drivers/net/wireless/ath/ath9k/hif_usb.c
@@ -1368,6 +1368,7 @@ static struct usb_driver ath9k_hif_usb_driver = {
 	.suspend = ath9k_hif_usb_suspend,
 	.resume = ath9k_hif_usb_resume,
 	.reset_resume = ath9k_hif_usb_resume,
+	.supports_autosuspend = 1,
 #endif
 	.id_table = ath9k_hif_usb_ids,
 	.soft_unbind = 1,
diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_main.c b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
index 0743a47..20be8a1 100644
--- a/drivers/net/wireless/ath/ath9k/htc_drv_main.c
+++ b/drivers/net/wireless/ath/ath9k/htc_drv_main.c
@@ -905,6 +905,7 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
 	struct ath_hw *ah = priv-ah;
 	struct ath_common *common = ath9k_hw_common(ah);
 	struct ieee80211_channel *curchan = hw-conf.chandef.chan;
+	struct hif_device_usb *hif_dev = priv-htc-hif_dev;
 	struct ath9k_channel *init_channel;
 	int ret = 0;
 	enum htc_phymode mode;
@@ -917,6 +918,14 @@ static int ath9k_htc_start(struct ieee80211_hw *hw)
 		Starting driver with initial channel: %d MHz\n,
 		curchan-center_freq);
 
+	ret = usb_autopm_get_interface(hif_dev-interface);
+	if (ret  0) {
+		ath_err(common,
+			Unable wake up hardware\n);
+		mutex_unlock(priv-mutex);
+		return ret;
+	}
+
 	/* Ensure that HW is awake before flushing RX */
 	ath9k_htc_setpower(priv, ATH9K_PM_AWAKE);
 	WMI_CMD(WMI_FLUSH_RECV_CMDID);
@@ -972,6 +981,7 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
 {
 	struct ath9k_htc_priv *priv = hw-priv;
 	struct ath_hw *ah = priv-ah;
+	struct hif_device_usb *hif_dev = priv-htc-hif_dev;
 	struct ath_common *common = ath9k_hw_common(ah);
 	int ret __attribute__ ((unused));
 	u8 cmd_rsp;
@@ -1022,6 +1032,8 @@ static void ath9k_htc_stop(struct ieee80211_hw *hw)
 
 	set_bit(OP_INVALID, priv-op_flags);
 
+	usb_autopm_put_interface(hif_dev-interface);
+
 	ath_dbg(common, CONFIG, Driver halt\n);
 	mutex_unlock(priv-mutex);
 }

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

Re: [xhci] null pointer dereference on ring_doorbell_for_active_rings

[xhci] null pointer dereference on ring_doorbell_for_active_rings

8 matches

Site Navigation

Mail list logo

Footer information