Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool

From: Eugene Shatokhin
Date: Fri Dec 13 2013 - 03:18:50 EST

Next message: Ulf Hansson: "Re: [RFC/PATCH 3/3] usb/xhci-plat: remove unnecessary #ifdef checksfor CONFIG_PM_SLEEP"
Previous message: Vlastimil Babka: "Re: [PATCH] mm: documentation: remove hopelessly out-of-date lockingdoc"
In reply to: Alan Stern: "Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/11/2013 08:41 PM, Alan Stern wrote:

On Wed, 11 Dec 2013, Eugene Shatokhin wrote:

Hi,

On ROSA Linux with kernel 3.10.21 with DMA debug options enabled, the
kernel sometimes issues a warning about DMA pool corruption (see the log
below).

That happens sometimes, when the system boots or resumes from
hibernation with Samson C01U USB microphone attached.

The affected DMA pool is 'uhci->td_pool', uhci_alloc_td() from
drivers/usb/host/uhci-hcd.c makes the relevant dma_pool_alloc() calls.

Any ideas about how to find what causes this and how to fix it?

This is not an easy sort of thing to track down...

Here is the relevant part of the system log:
----------------------------
[ 22.264332] usb 2-1: new full-speed USB device number 2 using uhci_hcd
[ 22.450609] usb 2-1: New USB device found, idVendor=17a0, idProduct=0001
[ 22.450626] usb 2-1: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[ 22.450639] usb 2-1: Product: Samson C01U
[ 22.450649] usb 2-1: Manufacturer: Samson Technologies
<...>
[ 280.703483] retire_capture_urb: 4494 callbacks suppressed
[ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b060
(corruped)
[ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] retire_capture_urb: 4343 callbacks suppressed
[ 284.961087] uhci_hcd 0000:00:1d.1: dma_pool_alloc uhci_td, efb7b5d0
(corruped)
[ 284.961087] 00000000: 00 06 00 00 af 00 00 03 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] 00000010: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] 00000020: a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7 a7
................
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
[ 284.961087] cannot submit urb (err = -27)
----------------------------

0xa7 is POOL_POISON_FREED. The memory pages to be allocated from the
pool should be filled with such bytes.

Each time I observed this problem, the first 8 bytes of the listed
memory area were overwritten, with different data each time.

It kind of looks like a hardware bug. Still, it's hard to say.

Can you test the current 3.13-rc kernel? There have been a few recent
changes in this area that might have an effect.

I tested 3.13-rc3 - the problem has not shown up so far.

Regards,
Eugene

--
Eugene Shatokhin, ROSA Laboratory.
www.rosalab.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ulf Hansson: "Re: [RFC/PATCH 3/3] usb/xhci-plat: remove unnecessary #ifdef checksfor CONFIG_PM_SLEEP"
Previous message: Vlastimil Babka: "Re: [PATCH] mm: documentation: remove hopelessly out-of-date lockingdoc"
In reply to: Alan Stern: "Re: uhci_hcd: Possible corruption of DMA pool uhci->td_pool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]