Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1457602pxb; Thu, 4 Nov 2021 02:38:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzB+KhRFgM4Leg8NRsQt7crBbwQzn5gfQia7It+SWF0rlDy/PjiMHNo9C2wNM15tP2TEWDD X-Received: by 2002:a50:d8ce:: with SMTP id y14mr67813578edj.92.1636018735485; Thu, 04 Nov 2021 02:38:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1636018735; cv=none; d=google.com; s=arc-20160816; b=jDsEmDt/OJoGWpNIpkOSqW3cfAc2NzQnuYQf6LTT84MqjGRukMO+14xsp7WfZDJUIs CbpFCh+Iex0GGDCqaPUQQWDjQqKS+sTNyYsHZn2F/OsHO8Z8I4NjgXscKPRX/CICM2Zp RPfP3oltUwW/vEA2bwvR4YpwqgczhKV8Zi8YlW23C0I+gVwrilnd5Yh5YvBmgREWPhNI 5QVqf14vuHCIa1bbWQnVZWHYqE0P3BNj7B5Xw2qucHjZihoAlWwPyXYFzdsxNbXO5s7m KcNTEWFelb5ujZs3EB+tsauywk9uXgR+ZLc0Wn7liZb0Unk/+IM76k5ajHyHwc0Bt+XE b3qQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature; bh=OPpNag35nq3f5jzKifHa8+MYq8ja7qLgXfeSwdatLt4=; b=hk0pBU1z6W7yYJYOLIoORTIlUFUpLhiFspZRYFVxkrmMaqRbMY4HUNTI4dAm3XkSRM jcH7ZKRie/ixlOiYcPZY82ed8hTKMLpOj+kmRawtr14FpybUqFWBXplPWqXOUXvB1Eqb rA4O9qlStVmW6O43U553LDBDMoe9rE4Pm1v/0f/Uv56UPPC2XyDKuaFAVeqddEf/3Azj lsjX8g6c5UGmk4gM/bNC3R9+Sr26if6U1AP8NGCRiCync1v+zq8s+Z8aDaLMg2UMlazp w8J9NFogXKn53bOw6pNumq0KmoMYiQRzQQ9muRjr4qOhCqcB8WJrhjDA1zj1PfCMg9W2 AZXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b="o1fkXhK/"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l10si9642778ejo.308.2021.11.04.02.38.14; Thu, 04 Nov 2021 02:38:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@sipsolutions.net header.s=mail header.b="o1fkXhK/"; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=sipsolutions.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230492AbhKDJhI (ORCPT + 99 others); Thu, 4 Nov 2021 05:37:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32996 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230365AbhKDJhI (ORCPT ); Thu, 4 Nov 2021 05:37:08 -0400 Received: from sipsolutions.net (s3.sipsolutions.net [IPv6:2a01:4f8:191:4433::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FF0AC061714; Thu, 4 Nov 2021 02:34:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sipsolutions.net; s=mail; h=MIME-Version:Content-Type:References: In-Reply-To:Date:Cc:To:From:Subject:Message-ID:Content-Transfer-Encoding: Sender:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-To:Resent-Cc:Resent-Message-ID; bh=OPpNag35nq3f5jzKifHa8+MYq8ja7qLgXfeSwdatLt4=; t=1636018470; x=1637228070; b=o1fkXhK/UwTWcgaah0Rk8CiyqvxL3L1Fg+7O9JmRPvqc+TwQiDP+tzyCVr3CJvvEOW4jfPLNY6V E9og1UEizSQN2ub5j76g57F1em26AKntQ3AigOedN1b3EtDg1OsTPKHGjpefeorHx/TnK1sm0ROV1 RBfHZaBRn8LO0hDienMJMY+2QxgGZ6F4rU+gnjl5GJzxyhpbTue6/RGRrkazhOZHQ4bTe7vc5PWlv crNlMS8SYmk7SFRLOcBQSNcdCiRzGuXhIhmhx+agHGTOpFOq9rhDr1stMWuN/mz0aztEEadQ/abNn sjuMikfIHJVdjPM2mkTPXJ79BvPbd/CacO7Q==; Received: by sipsolutions.net with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.95) (envelope-from ) id 1miZ8a-00As0y-PU; Thu, 04 Nov 2021 10:34:24 +0100 Message-ID: Subject: Re: Userspace enumeration hang while btusb tries to load firmware of removed device From: Benjamin Berg To: Marcel Holtmann , Alan Stern Cc: linux-usb@vger.kernel.org, linux-bluetooth@vger.kernel.org Date: Thu, 04 Nov 2021 10:34:22 +0100 In-Reply-To: References: <20211103182303.GB1529362@rowland.harvard.edu> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-/EP9GhlX6OidL7rLeMc8" User-Agent: Evolution 3.40.4 (3.40.4-2.fc34) MIME-Version: 1.0 X-malware-bazaar: not-scanned X-malware-bazaar-2: OK Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org --=-/EP9GhlX6OidL7rLeMc8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Marcel and Alan, On Wed, 2021-11-03 at 20:31 +0100, Marcel Holtmann wrote: > > I'm not familiar with the btusb driver, so someone on the=20 > > linux-bluetooth mailing list would have a better idea about this.=20 > > However, it does look as though btusb keeps the device locked during th= e=20 > > entire 10-second period while it tries to send over the firmware, and i= t=20 > > doesn't abort the procedure when it starts getting disconnection errors= =20 > > but instead persists until a timeout expires. Keeping the device locke= d=20 > > would certainly block lsusb. > >=20 > > In general, locking the device during a firmware upload seems like > > the right thing to do -- you don't want extraneous transfers from > > other processes messing up the firmware! So overall, it appears that > > the whole problem would be solved if the firmware transfer were > > aborted as soon as the -ENODEV errors start appearing. >=20 > the problem seems to be that we hitting HCI command timeout. So the > firmware download is done via HCI commands. These commands are send > to the transport driver btusb.c via hdev->send (as btusb_send_frame). > This triggers the usb_submit_urb or queues them via data->deferred > anchor. All this reports back the error properly except that nobody > does anything with it. >=20 > See hci_send_frame() last portion: >=20 > err =3D hdev->send(hdev, skb); = =20 > if (err < 0) { = =20 > bt_dev_err(hdev, "sending frame failed (%d)", err); = =20 > kfree_skb(skb); = =20 > } >=20 > And that is it. We are not checking for ENODEV or any error here. > That means the failure of the HCI command gets only caught via the > HCI command timeout. I don=E2=80=99t know how to do this yet, but you wou= ld > have to look there to fail HCI command right away instead of waiting > for the timeout. Hmm, true, I don't see a "sending frame failed" error message during the firmware download though. You are right that this codepath is loosing the error, but this does not seem to be the scenario we are running into while loading the firmware. This error only happens later on from the btintel_reset_to_bootloader function. What seems to happen in the posted log is that the URB is initially submitted just fine and the transfer errors out afterwards. Unfortunately, the btusb_tx_complete is only used for statistics (stat.err_tx is increased) and has no further error handling that could abort the firmware upload. Benjamin --=-/EP9GhlX6OidL7rLeMc8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEED2NO4vMS33W8E4AFq6ZWhpmFY3AFAmGDqR4ACgkQq6ZWhpmF Y3BychAAhhFMMj35ScIRH8jiPNBevER5QhbsjsRfBPZdYJHdr3TDfKjG//cI1kvT DMWMR5b1kqxumDzR1wPDYtBajYDUyfA46Lz1o/BvnGQK+wX2Qn4hzIcjUEfulhgt PgEVFhpZcqCFKaPfLDZGWkg2hXDZ6IjIRecsFk0mhb7X/1JbYWET72wCN7fepjwy aoMIPR61gzN3D7HOdADtwKTO9KlC68I5/HmUNqGCx/yC2lfaxi3Q/9brYgB14qlA UXh0tBWSINli6Ob+Nadbsf5/WiCOTqjaK2QSUkzUOAiNeyvMqzbXe1ld6/9nimNp wBiFJqp4shQiKP306GPONPyEgXJT2ncmx4N5db/MAMhm5shI9QMZpa4J6zOCEP/j /RNqj+JZBT7UZNhS6pd9jabaBu+EtBLHcsLJzex7Fr7dlRpF4vhwFj2OBtq218hx 931JK2V3TxT+0iP286yUiVjXLE8xrT1gD5yM8/TA596Dix+Xzdb1h4G65BmQOArE iWHKYgim519c0sB7Rw+GUysSs/F+9/Jmdu0XTpOdlAW90UnbFiw9ZzZSmvmRVwFB rtZKWHe0M9YMNt+St+lpVKjm68LA94MAXvyrxgRApGu1yfiPfYGkvI1L8K6YCSpC SAkbm8kv3tT90wQBWGidn4gI4Ogbzhs8LdFHLebOwwnoTZnebEc= =Tora -----END PGP SIGNATURE----- --=-/EP9GhlX6OidL7rLeMc8--