From: Johan Hovold <johan@kernel.org>
To: Chris Lew <quic_clew@quicinc.com>
Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Hemant Kumar <quic_hemantk@quicinc.com>,
Loic Poulain <loic.poulain@linaro.org>,
Maxim Kochetkov <fido_max@inbox.ru>,
Manivannan Sadhasivam <mani@kernel.org>,
Bjorn Andersson <bjorn.andersson@oss.qualcomm.com>,
linux-arm-msm@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org,
Bhaumik Bhatt <bbhatt@codeaurora.org>
Subject: Re: [PATCH] net: qrtr: mhi: synchronize qrtr and mhi preparation
Date: Tue, 18 Mar 2025 09:03:52 +0100 [thread overview]
Message-ID: <Z9ko6PIObQZfTSvM@hovoldconsulting.com> (raw)
In-Reply-To: <b1e22673-2768-445c-8c67-eae93206cca5@quicinc.com>
Hi Chris,
On Thu, Nov 21, 2024 at 04:28:41PM -0800, Chris Lew wrote:
> On 11/8/2024 2:32 AM, Johan Hovold wrote:
> > On Mon, Nov 04, 2024 at 05:29:37PM -0800, Chris Lew wrote:
> >> From: Bhaumik Bhatt <bbhatt@codeaurora.org>
> >>
> >> The call to qrtr_endpoint_register() was moved before
> >> mhi_prepare_for_transfer_autoqueue() to prevent a case where a dl
> >> callback can occur before the qrtr endpoint is registered.
> >>
> >> Now the reverse can happen where qrtr will try to send a packet
> >> before the channels are prepared. Add a wait in the sending path to
> >> ensure the channels are prepared before trying to do a ul transfer.
> >>
> >> Fixes: 68a838b84eff ("net: qrtr: start MHI channel after endpoit creation")
> >> Reported-by: Johan Hovold <johan@kernel.org>
> >> Closes: https://lore.kernel.org/linux-arm-msm/ZyTtVdkCCES0lkl4@hovoldconsulting.com/
> >> Signed-off-by: Bhaumik Bhatt <bbhatt@codeaurora.org>
> >> Signed-off-by: Chris Lew <quic_clew@quicinc.com>
> >
> >> @@ -53,6 +54,10 @@ static int qcom_mhi_qrtr_send(struct qrtr_endpoint *ep, struct sk_buff *skb)
> >> if (skb->sk)
> >> sock_hold(skb->sk);
> >>
> >> + rc = wait_for_completion_interruptible(&qdev->prepared);
> >> + if (rc)
> >> + goto free_skb;
> >> +
> >> rc = skb_linearize(skb);
> >> if (rc)
> >> goto free_skb;
> >> @@ -85,6 +90,7 @@ static int qcom_mhi_qrtr_probe(struct mhi_device *mhi_dev,
> >> qdev->mhi_dev = mhi_dev;
> >> qdev->dev = &mhi_dev->dev;
> >> qdev->ep.xmit = qcom_mhi_qrtr_send;
> >> + init_completion(&qdev->prepared);
> >>
> >> dev_set_drvdata(&mhi_dev->dev, qdev);
> >> rc = qrtr_endpoint_register(&qdev->ep, QRTR_EP_NID_AUTO);
> >> @@ -97,6 +103,7 @@ static int qcom_mhi_qrtr_probe(struct mhi_device *mhi_dev,
> >> qrtr_endpoint_unregister(&qdev->ep);
> >> return rc;
> >> }
> >> + complete_all(&qdev->prepared);
> >>
> >> dev_dbg(qdev->dev, "Qualcomm MHI QRTR driver probed\n");
> >
> > While this probably works, it still looks like a bit of a hack.
> >
> > Why can't you restructure the code so that the channels are fully
> > initialised before you register or enable them instead?
>
> Ok, I think we will have to stop using the autoqueue feature of MHI and
> change the flow to be mhi_prepare_for_transfer() -->
> qrtr_endpoint_register() --> mhi_queue_buf(DMA_FROM_DEVICE). This would
> make it so ul_transfers only happen after mhi_prepare_for_transfer() and
> dl_transfers happen after qrtr_endpoint_register().
>
> I'll take a stab at implementing this.
This bug still exists in mainline and occasionally triggers a
NULL-pointer dereference on boot with the in-kernel pd-mapper on X Elite
laptops like the T14s.
Have you made any progress in reworking the code to address the race?
Johan
next prev parent reply other threads:[~2025-03-18 8:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-05 1:29 [PATCH] net: qrtr: mhi: synchronize qrtr and mhi preparation Chris Lew
2024-11-06 9:14 ` Maxim Kochetkov
2024-11-07 11:27 ` Manivannan Sadhasivam
2024-11-07 19:58 ` Chris Lew
2024-11-08 10:32 ` Johan Hovold
2024-11-22 0:28 ` Chris Lew
2024-11-24 15:04 ` Manivannan Sadhasivam
2024-11-25 19:05 ` Chris Lew
2025-03-18 8:03 ` Johan Hovold [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-07-21 1:42 Bhaumik Bhatt
2021-07-21 17:52 ` hemantk
2021-07-21 18:07 ` Bhaumik Bhatt
2021-07-21 22:27 ` hemantk
2021-07-22 19:04 ` Bhaumik Bhatt
2021-07-22 19:50 ` Bhaumik Bhatt
2021-07-23 2:45 ` hemantk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z9ko6PIObQZfTSvM@hovoldconsulting.com \
--to=johan@kernel.org \
--cc=bbhatt@codeaurora.org \
--cc=bjorn.andersson@oss.qualcomm.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fido_max@inbox.ru \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=loic.poulain@linaro.org \
--cc=mani@kernel.org \
--cc=manivannan.sadhasivam@linaro.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=quic_clew@quicinc.com \
--cc=quic_hemantk@quicinc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.