umodem troubles on armv7

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

umodem troubles on armv7

Otto Moerbeek
Hi,

I have a navigation device (Navilock NL-8002U USB 2.0 Multi GNSS
Receiver) that registers itself as a umodem. This device starts
spitting out data the moment you plug it in.

On amd64 it seems to behave, but on armv7 I see two (maybe related) problems.

The first problem:
$ doas cu -l cuaU0 gets me:
cu: tcsetattr: Operation not permitted
$

snippet of ktrace:
 98810 cu       CALL  fcntl(3,F_ISATTY)
 98810 cu       RET   fcntl 1
 98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
 98810 cu       RET   kbind 0
 98810 cu       CALL  ioctl(3,TIOCEXCL,0x2a5308b6)
 98810 cu       RET   ioctl 0
 98810 cu       CALL  ioctl(3,TIOCGETA,0xb47a014)
 98810 cu       RET   ioctl 0
 98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
 98810 cu       RET   kbind 0
 98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
 98810 cu       RET   kbind 0
 98810 cu       CALL  ioctl(3,TIOCSETAF,0xbfff0dd0)
 98810 cu       RET   ioctl -1 errno 1 Operation not permitted

This is tcsetattr doing TCSAFLUSH

A quick debufg statement showed fp->f_type == DTYPE_VNODE &&
(vp->v_flag & VISTTY) being true...

The second problem is:

Once in a while the above command ends in a panic:

panic: ehci_device_clear_toggle: queue active
Stopped at      db_enter:       ldrb    r15, [r15, r15, ror r15]!
    TID    PID    UID     PRFLAGS     PFLAGS  CPU  COMMAND
db_enter
        rlv=0xc03f4514 rfp=0xce678e38
ehci_device_intr_done
        rlv=0xc03d80ac rfp=0xce678e60
usbd_clear_endpoint_stall_async+0x3c
        rlv=0xc0421050 rfp=0xce678e90
ucomwritecb+0x138
        rlv=0xc03d7c98 rfp=0xce678eb0
usb_transfer_complete+0x248
        rlv=0xc03f2fd4 rfp=0xce678ed8
ehci_softintr+0x158
        rlv=0xc060f1fc rfp=0xce678ef8
softintr_dispatch+0x88
        rlv=0xc04c2860 rfp=0xce678f20
arm_do_pending_intr+0xd4
        rlv=0xc062de80 rfp=0xce678f48
ampintc_irq_handler+0x188
        rlv=0xc0369c40 rfp=0xce678fa8
irq_entry+0x78
        rlv=0xc03c9b0c rfp=0xc09caf60

ddb> ps
   PID     TID   PPID    UID  S       FLAGS  WAIT          COMMAND
 30760  269279  22256   1000  3    0x10008b  pause         ksh
 22256  359091  75313   1000  3        0x90  select        sshd
 75313  489871  52778      0  3        0x92  poll          sshd
 39590   17879      1      0  3    0x100083  ttyin         getty
 14580  375990      1      0  3    0x100098  poll          cron
 65661   93652      1    110  3    0x100090  poll          sndiod
 89428  380436      1     99  3    0x100090  poll          sndiod
 16531   17371  19532     95  3    0x100092  kqread        smtpd
 37829  206637  19532    103  3    0x100092  kqread        smtpd
 80588  177174  19532     95  3    0x100092  kqread        smtpd
 27750  516927  19532     95  3    0x100092  kqread        smtpd
  6333  265931  19532     95  3    0x100092  kqread        smtpd
 48693  212975  19532     95  3    0x100092  kqread        smtpd
 19532  199315      1      0  3    0x100080  kqread        smtpd
 52778    9679      1      0  3        0x80  select        sshd
 88404  115359      1      0  3    0x100080  poll          ntpd
 52625  216875  19866     83  3    0x100092  poll          ntpd
 19866  233431      1     83  3    0x100092  poll          ntpd
 52912  179612      1     53  3        0x90  kqread        unbound
  2276  302495  17233     74  3    0x100092  bpf           pflogd
 17233   24631      1      0  3        0x80  netio         pflogd
 71094  434772  58306     73  3    0x100090  kqread        syslogd
 58306  207959      1      0  3    0x100082  netio         syslogd
 68934  338374  31294    115  3    0x100092  kqread        slaacd
 95992   45997  31294    115  3    0x100092  kqread        slaacd
 31294  264847      1      0  3    0x100080  kqread        slaacd
 21738  176494      0      0  3     0x14200  pgzero        zerothread
  7467  113892      0      0  3     0x14200  aiodoned      aiodoned
 23411   10451      0      0  3     0x14200  syncer        update
  8355   97239      0      0  3     0x14200  cleaner       cleaner
 27887  221760      0      0  3     0x14200  reaper        reaper
 24598   94694      0      0  3     0x14200  pgdaemon      pagedaemon
 37970  308957      0      0  3     0x14200  bored         crynlk
 69197  163401      0      0  3     0x14200  bored         crypto
 87870   45626      0      0  3     0x14200  mmctsk        sdmmc2
 62965  463088      0      0  3     0x14200  mmctsk        sdmmc1
 43499   41837      0      0  3     0x14200  mmctsk        sdmmc0
 37042  265180      0      0  3     0x14200  usbtsk        usbtask
 38838  167254      0      0  3     0x14200  usbatsk       usbatsk
 27583  520971      0      0  3     0x14200  bored         softnet
 31265  164371      0      0  3     0x14200  bored         systqmp
 26614  225651      0      0  3     0x14200  bored         systq
 62494  175743      0      0  3  0x40014200  bored         softclock
* 9652  452730      0      0  7  0x40014200                idle0
 27308  426878      0      0  3     0x14200  bored         smr
 64999  465467      0      0  3     0x14200  kmalloc       kmthread
     1  435904      0      0  3        0x82  wait          init
     0       0     -1      0  3     0x10200  scheduler     swapper


Any clue on how to debug this?

OpenBSD 6.6-beta (GENERIC) #0: Wed Aug 14 12:02:58 CEST 2019
    [hidden email]:/usr/src/sys/arch/armv7/compile/GENERIC
real mem  = 2111688704 (2013MB)
avail mem = 2060709888 (1965MB)
mainbus0 at root: Wandboard i.MX6 Quad Board rev B1
cpu0 at mainbus0: ARM Cortex-A9 r2p10 (ARMv7)
cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
cpu0: 32KB(32b/l,4way) I-cache, 32KB(32b/l,4way) wr-back D-cache
cortex0 at mainbus0
amptimer0 at cortex0: tick rate 396000 KHz
armliicc0 at cortex0: rtl 7 waymask: 0x0000000f
imxtemp0 at mainbus0simplebus0 at mainbus0: "soc"
ampintc0 at simplebus0 nirq 160, ncpu 4: "interrupt-controller"
"dma-apbh" at simplebus0 not configured
"hdmi" at simplebus0 not configured
"gpu" at simplebus0 not configured
"gpu" at simplebus0 not configured
"timer" at simplebus0 not configured
"l2-cache" at simplebus0 not configured
simplebus1 at simplebus0: "aips-bus"
imxccm0 at simplebus1
imxanatop0 at simplebus1
syscon0 at simplebus1: "snvs"
imxrtc0 at syscon0
"snvs-lpgpr" at syscon0 not configured
syscon1 at simplebus1: "iomuxc-gpr"
"mux-controller" at syscon1 not configured
"ipu1_csi0_mux" at syscon1 not configured
"ipu2_csi1_mux" at syscon1 not configured
imxiomuxc0 at simplebus1
simplebus2 at simplebus1: "spba-bus"
"spdif" at simplebus2 not configured
imxuart0 at simplebus2: console
"ssi" at simplebus2 not configured
"asrc" at simplebus2 not configured
"vpu" at simplebus1 not configured
"gpt" at simplebus1 not configured
imxgpio0 at simplebus1
imxgpio1 at simplebus1
imxgpio2 at simplebus1
imxgpio3 at simplebus1
imxgpio4 at simplebus1
imxgpio5 at simplebus1
imxgpio6 at simplebus1
imxdog0 at simplebus1
"usbphy" at simplebus1 not configured
"usbphy" at simplebus1 not configured
"src" at simplebus1 not configured
imxgpc0 at simplebus1
"sdma" at simplebus1 not configured
simplebus3 at simplebus0: "aips-bus"
syscon2 at simplebus3: "ocotp"
"caam" at simplebus3 not configured
imxehci0 at simplebus3
usb0 at imxehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "i.MX EHCI root hub" rev 2.00/1.00 addr 1
imxehci1 at simplebus3
usb1 at imxehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "i.MX EHCI root hub" rev 2.00/1.00 addr 1
"usbmisc" at simplebus3 not configured
fec0 at simplebus3
fec0: address 00:1f:7b:b4:06:10
atphy0 at fec0 phy 1: AR8035 10/100/1000 PHY, rev. 4
imxesdhc0 at simplebus3
imxesdhc0: 198 MHz base clock
sdmmc0 at imxesdhc0: 4-bit, sd high-speed, mmc high-speed, dma
imxesdhc1 at simplebus3
imxesdhc1: 198 MHz base clock
sdmmc1 at imxesdhc1: 4-bit, sd high-speed, mmc high-speed, dma
imxesdhc2 at simplebus3
imxesdhc2: 198 MHz base clock
sdmmc2 at imxesdhc2: 4-bit, sd high-speed, mmc high-speed, dma
imxiic0 at simplebus3
iic0 at imxiic0
imxiic1 at simplebus3
iic1 at imxiic1
"fsl,sgtl5000" at iic1 addr 0xa not configured
"mmdc" at simplebus3 not configured
"audmux" at simplebus3 not configured
"vdoa" at simplebus3 not configured
imxuart1 at simplebus3
"ipu" at simplebus0 not configured
"sram" at simplebus0 not configured
imxahci0 at simplebus0: AHCI 1.3
imxahci0: port 0: 3.0Gb/s
scsibus0 at imxahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, KINGSTON SV300S3, 608A> SCSI3 0/direct fixed naa.50026b736503c6f1
sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
"gpu" at simplebus0 not configured
"ipu" at simplebus0 not configured
scsibus1 at sdmmc2: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: <SD/MMC, SU16G, 0080> SCSI2 0/direct removable
sd1: 15193MB, 512 bytes/sector, 31116288 sectors
bwfm0 at sdmmc1 function 1
bwfm0: SoC interconnect SB not implemented
bwfm0: cannot attach chip
manufacturer 0x02d0, product 0x4329 at sdmmc1 function 2 not configured
manufacturer 0x02d0, product 0x4329 at sdmmc1 function 3 not configured
umodem0 at uhub1 port 1 configuration 1 interface 0 "u-blox AG - www.u-blox.com u-blox GNSS receiver" rev 1.10/3.01 addr 2
umodem0: data interface 1, has CM over data, has no break
umodem0: status change notification available
ucom0 at umodem0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
bootfile: sd0a:/bsd
boot device: sd0
root on sd1a (d1e4f9a54e2211c2.a) swap on sd1b dump on sd1b

The lines below show the lhs and rhs of the if statement for the
pledge handling code:

cond: 1 8
cond: 1 8
cond: 1 8
cond: 1 8
cond: 1 8
cond: 1 8
cond: 1 8

Reply | Threaded
Open this post in threaded view
|

Re: umodem troubles on armv7

Theo de Raadt-2
Otto Moerbeek <[hidden email]> wrote:

> Hi,
>
> I have a navigation device (Navilock NL-8002U USB 2.0 Multi GNSS
> Receiver) that registers itself as a umodem. This device starts
> spitting out data the moment you plug it in.
>
> On amd64 it seems to behave, but on armv7 I see two (maybe related) problems.
>
> The first problem:
> $ doas cu -l cuaU0 gets me:
> cu: tcsetattr: Operation not permitted
> $
>
> snippet of ktrace:
>  98810 cu       CALL  fcntl(3,F_ISATTY)
>  98810 cu       RET   fcntl 1
>  98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
>  98810 cu       RET   kbind 0
>  98810 cu       CALL  ioctl(3,TIOCEXCL,0x2a5308b6)
>  98810 cu       RET   ioctl 0
>  98810 cu       CALL  ioctl(3,TIOCGETA,0xb47a014)
>  98810 cu       RET   ioctl 0
>  98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
>  98810 cu       RET   kbind 0
>  98810 cu       CALL  kbind(0xbfff0d64,12,0x597af14c5495c4bc)
>  98810 cu       RET   kbind 0
>  98810 cu       CALL  ioctl(3,TIOCSETAF,0xbfff0dd0)
>  98810 cu       RET   ioctl -1 errno 1 Operation not permitted
>
> This is tcsetattr doing TCSAFLUSH
>
> A quick debufg statement showed fp->f_type == DTYPE_VNODE &&
> (vp->v_flag & VISTTY) being true...

I think the open() against ucomopen() proceeded, but immediately
encountered some failure, probably ucom_do_open() failed at that
moment

As in, the usb stack is quite broken.

In two circumstances, I am using old USB2 hubs to make USB3 ports
reliable.  The situation is pretty dire.