Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Macbook Pro (15-inch 2018) - bce module insmod causes OS freezes #4

Open
ptrkmik opened this issue Sep 27, 2019 · 0 comments
Open

Macbook Pro (15-inch 2018) - bce module insmod causes OS freezes #4

ptrkmik opened this issue Sep 27, 2019 · 0 comments

Comments

@ptrkmik
Copy link

ptrkmik commented Sep 27, 2019

Kernel 5.2.11-1-default #1 SMP
OS: OpenSUSE Tumbleweed

Patched module brcmfmac alone works OK - wifi has stable link with AP (no bce.ko loaded - so no internal keyboard/touchpad works) - OS is stable.
Bce.ko insmod alone - keyboard and touchpad works ok (no wifi as brcmfmac is not loaded) - OS is stable.

When brcmfmac is loaded and later bce.ko is loaded (with insmod) after several seconds OS freezes (the same in oposite direction - bce is loaded first, and then brcmfmac is loaded)

Dmesg main problems area watchdog: BUG: soft lockup - CPU#11 stuck for 22s! :

`
[ 377.948036] BUG: workqueue lockup - pool cpus=8 node=0 flags=0x0 nice=0 stuck for 51s!

...

[ 645.866897] CPU: 3 PID: 3639 Comm: pulseaudio Tainted: G OEL 5.2.11-1-default #1 openSUSE Tumbleweed (unreleased)
[ 645.866898] Hardware name: Apple Inc. MacBookPro15,1/Mac-, BIOS 220.270.99.0.0 (iBridge: 16.16.6571.0.0,0) 07/11/2019
[ 645.866902] RIP: 0010:smp_call_function_many+0x208/0x270
[ 645.866904] Code: e8 3d 4a 78 00 3b 05 bb 28 23 01 89 c7 0f 83 7d fe ff ff 48 63 c7 48 8b 0b 48 03 0c c5 c0 aa f7 a4 8b 41 18 a8 01 74 0a f3 90 <8b> 51 18 83 e2 01 75 f6 eb c9 48 c7 c2 80 61 16 a5 4c 89 fe 89 df
[ 645.866906] RSP: 0018:ffffae5002ef7c08 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13
[ 645.866908] RAX: 0000000000000003 RBX: ffff9ed3ae8ee640 RCX: ffff9ed3aea344e0
[ 645.866909] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000008
[ 645.866911] RBP: ffffffffa3e7eaf0 R08: ffff9ed3ae8ee648 R09: 0000000000000000
[ 645.866912] R10: 0000000000000007 R11: 0000000000000008 R12: 0000000000000000
[ 645.866913] R13: ffff9ed3ae8ee648 R14: 0000000000000001 R15: 0000000000000200
[ 645.866914] FS: 00007f09259ac840(0000) GS:ffff9ed3ae8c0000(0000) knlGS:0000000000000000
[ 645.866916] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 645.866917] CR2: 00007f0921654b03 CR3: 0000000438154006 CR4: 00000000003606e0
[ 645.866918] Call Trace:
[ 645.866922] ? load_new_mm_cr3+0xe0/0xe0
[ 645.866923] on_each_cpu+0x28/0x80
[ 645.866926] __purge_vmap_area_lazy+0x65/0x130
[ 645.866928] _vm_unmap_aliases+0xf1/0x130
[ 645.866930] change_page_attr_set_clr+0xaa/0x1c0
[ 645.866933] set_memory_ro+0x26/0x30
[ 645.866935] bpf_int_jit_compile+0x255/0x30d
[ 645.866938] bpf_prog_select_runtime+0xcd/0x150
[ 645.866940] bpf_prepare_filter+0x42b/0x4b0
[ 645.866942] sk_attach_filter+0x14/0x50
[ 645.866944] ? _copy_from_user+0x37/0x60
[ 645.866947] sock_setsockopt+0x6c5/0xcc0
[ 645.866949] ? aa_sk_perm+0x3e/0x160
[ 645.866950] __sys_setsockopt+0xbc/0xd0
[ 645.866952] __x64_sys_setsockopt+0x21/0x30
[ 645.866954] do_syscall_64+0x6e/0x1e0
[ 645.866956] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 645.866958] RIP: 0033:0x7f092621bcea
[ 645.866960] Code: ff ff ff c3 48 8b 15 ad e1 0b 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 49 89 ca b8 36 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7e e1 0b 00 f7 d8 64 89 01 48
[ 645.866963] RSP: 002b:00007ffcd8f5a578 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 645.866965] RAX: ffffffffffffffda RBX: 00007ffcd8f5a5e0 RCX: 00007f092621bcea
[ 645.866967] RDX: 000000000000001a RSI: 0000000000000001 RDI: 000000000000000e
[ 645.866969] RBP: 0000000000000006 R08: 0000000000000010 R09: 00000000ffffffff
[ 645.866970] R10: 00007ffcd8f5a5d0 R11: 0000000000000246 R12: 0000000000000008
[ 645.866971] R13: 00007ffcd8f5a5b0 R14: 00007ffcd8f5a618 R15: 00007ffcd8f5a610
[ 645.867005] watchdog: BUG: soft lockup - CPU#11 stuck for 22s! [chromium:3642]
`

mac15_lspci.txt
mac15_dmidecode.txt
bce_insmod_after_brcmfmac_is_loaded_crash.txt
strohel referenced this issue in strohel/apple-bce-drv Apr 12, 2021
@strohel
apple_bce_probe: fix null pointer dereference in fail: case
edd3ba3 
The fail case caused following kernel oops:

apple-bce: capturing our device
BUG: kernel NULL pointer dereference, address: 0000000000000020
PGD 0 P4D 0
Oops: 0000 [t2linux#1] PREEMPT SMP PTI
CPU: 3 PID: 932 Comm: modprobe Tainted: G           O      5.10.12 t2linux#4
Hardware name: Apple Inc. MacBookPro15,1/Mac-937A206F2EE63C01, BIOS 1554.60.15.0.0 (iBridge: 18.16.13030.0.0,0) 11/30/2020
RIP: 0010:apple_bce_probe+0x42a/0x4d6 [apple_bce]
Code: ef e8 f2 a2 ce e0 eb 7b 41 bc ed ff ff ff 31 ed eb 10 41 bc ea ff ff ff 31 ed eb 06 41 bc f4 ff ff ff 48 89 ef e8 4e 4e 99 e0 <48> 8b 75 20 48 85 f6 74 11 48 81 fe 00 f0 ff ff 77 08 4c 89 ef e8
RSP: 0018:ffffc9000054fc18 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc9000054fc98 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffffa08f28e2 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000087
R10: ffff8881138c3010 R11: 0000000000000002 R12: 00000000ffffffea
R13: ffff888100fbd800 R14: 0000000000000013 R15: 0000000000000000
FS:  00007f0eb0443b80(0000) GS:ffff88846eac0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000020 CR3: 000000011411a002 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 local_pci_probe+0x42/0x80
 ? pci_match_device+0xd7/0x100
 pci_device_probe+0xc7/0x170
 ? sysfs_do_create_link_sd+0x69/0xd0
 really_probe+0xed/0x430
 driver_probe_device+0x4f/0xb0
 device_driver_attach+0xa1/0xb0
 __driver_attach+0x74/0x110
 ? device_driver_attach+0xb0/0xb0
 bus_for_each_dev+0x7a/0xc0
 bus_add_driver+0x10b/0x1c0
 driver_register+0x8b/0xe0
 ? 0xffffffffa0903000
 apple_bce_module_init+0x8c/0xd5 [apple_bce]
 do_one_initcall+0x4d/0x210
 ? kmem_cache_alloc_trace+0x32/0x4e0
 do_init_module+0x5c/0x260
 __do_sys_finit_module+0xa0/0xe0
 do_syscall_64+0x33/0x40
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f0eb0558e39
Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ff 0f 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007fff1aee4bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 00005598989d5b80 RCX: 00007f0eb0558e39
RDX: 0000000000000000 RSI: 00005598981d53a0 RDI: 0000000000000003
RBP: 0000000000040000 R08: 0000000000000000 R09: 00005598989d7260
R10: 0000000000000003 R11: 0000000000000206 R12: 00005598981d53a0
R13: 0000000000000000 R14: 00005598989d5d60 R15: 00005598989d5b80
Modules linked in: apple_bce(O+) des_generic libdes sha1_ssse3 sha1_generic md4 algif_skcipher bnep amdgpu gpu_sched ttm i2c_algo_bit drm_kms_helper brcmfmac hid_lenovo syscopyarea 8250_dw 8250 sysfillrect brcmutil sysimgblt 8250_base usbhid intel_rapl_msr fb_sys_fops serial_mctrl_gpio intel_rapl_common idma64 intel_pch_thermal serial_core virt_dma intel_pmc_core_pltdrv intel_pmc_core hci_uart btbcm btintel apple_gmux apple_bl drm pkcs8_key_parser agpgart efivarfs
CR2: 0000000000000020
---[ end trace 34128af5a2b69617 ]---
RIP: 0010:apple_bce_probe+0x42a/0x4d6 [apple_bce]
Code: ef e8 f2 a2 ce e0 eb 7b 41 bc ed ff ff ff 31 ed eb 10 41 bc ea ff ff ff 31 ed eb 06 41 bc f4 ff ff ff 48 89 ef e8 4e 4e 99 e0 <48> 8b 75 20 48 85 f6 74 11 48 81 fe 00 f0 ff ff 77 08 4c 89 ef e8
RSP: 0018:ffffc9000054fc18 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffffc9000054fc98 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffffa08f28e2 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000087
R10: ffff8881138c3010 R11: 0000000000000002 R12: 00000000ffffffea
R13: ffff888100fbd800 R14: 0000000000000013 R15: 0000000000000000
FS:  00007f0eb0443b80(0000) GS:ffff88846eac0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000020 CR3: 000000011411a002 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Now it correctly reports failure:

apple-bce: capturing our device
apple-bce: probe of 0000:02:00.1 failed with error -22
aaudio: capturing our device
aaudio 0000:02:00.3: enabling device (0000 -> 0002)
aaudio 0000:02:00.3: aaudio: No BCE available
aaudio: probe of 0000:02:00.3 failed with error -22

This fix is similar to ones already present in forks:
mikroskeem@8c4b400
Ecos-hj@a419694
LukeShortCloud pushed a commit to LukeShortCloud/mbp2018-bridge-drv that referenced this issue Jul 1, 2021
@aunali1
Merge pull request MCMrARM#4 from strohel/fix-null-dereference
f93c656 
apple_bce_probe: fix null pointer dereference in fail: case
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ptrkmik