On Mon, Aug 09, 2021 at 10:35:34AM +0800, Kai-Heng Feng wrote:
> On Sat, Aug 7, 2021 at 6:22 AM Guenter Roeck <linux@xxxxxxxxxxxx> wrote:
> >
> > [ Greg asked me to submit a report to regressions@, so here it is. ]
> >
> > The following error was observed on Chromebooks with MT8183 CPU
> > (ASUS Chromebook Detachable CM3, HP Chromebook 11a, and others):
> >
> > [ 224.735198] Bluetooth: qca_setup() hci0: setting up ROME/QCA6390
> > [ 225.205024] Bluetooth: qca_read_soc_version() hci0: QCA Product ID :0x00000008
> > [ 225.205040] Bluetooth: qca_read_soc_version() hci0: QCA SOC Version :0x00000044
> > [ 225.205045] Bluetooth: qca_read_soc_version() hci0: QCA ROM Version :0x00000302
> > [ 225.205049] Bluetooth: qca_read_soc_version() hci0: QCA Patch Version:0x000003e8
> > [ 225.205055] Bluetooth: qca_uart_setup() hci0: QCA controller version 0x00440302
> > [ 225.205061] Bluetooth: qca_download_firmware() hci0: QCA Downloading qca/rampatch_00440302.bin
> > [ 227.252653] Bluetooth: hci_cmd_timeout() hci0: command 0xfc00 tx timeout
> > ...
> > [ 223.604971] Bluetooth: qca_recv() hci0: Frame reassembly failed (-84)
> > [ 223.605027] Bluetooth: qca_recv() hci0: Frame reassembly failed (-84)
> > (repeated several times)
> > ...
> >
> > The Bluetooth interface on those Chromebooks can not be enabled.
> >
> > Bisect suggests that upstream commit 0ea9fd001a14 ("Bluetooth: Shutdown
> > controller after workqueues are flushed or cancelled") introduced the problem.
> > Reverting it fixes the problem.
> >
> > The problem was also reported at [1] on a Mediatek Pumpkin board.
> >
> > As of this writing, the problem is still present in the upstream kernel
> > as well as in all stable releases which include commit 0ea9fd001a14.
>
> Thanks. Can you please test the following patch:
>
I would love to, but I am unable to apply the patch. It failed to apply
to mainline, to linux-next, and to all stable releases I tried.
Guenter
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index 2560ed2f144d4..131e69a9a66a0 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -1757,6 +1757,14 @@ int hci_dev_do_close(struct hci_dev *hdev)
> cancel_delayed_work_sync(&adv_instance->rpa_expired_cb);
> }
>
> + if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
> + !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
> + test_bit(HCI_UP, &hdev->flags)) {
> + /* Execute vendor specific shutdown routine */
> + if (hdev->shutdown)
> + hdev->shutdown(hdev);
> + }
> +
> /* Avoid potential lockdep warnings from the *_flush() calls by
> * ensuring the workqueue is empty up front.
> */
> @@ -1798,14 +1806,6 @@ int hci_dev_do_close(struct hci_dev *hdev)
> clear_bit(HCI_INIT, &hdev->flags);
> }
>
> - if (!hci_dev_test_flag(hdev, HCI_UNREGISTER) &&
> - !hci_dev_test_flag(hdev, HCI_USER_CHANNEL) &&
> - test_bit(HCI_UP, &hdev->flags)) {
> - /* Execute vendor specific shutdown routine */
> - if (hdev->shutdown)
> - hdev->shutdown(hdev);
> - }
> -
> /* flush cmd work */
> flush_work(&hdev->cmd_work);
>
>
> >
> > Thanks,
> > Guenter
> >
> > ---
> > [1] https://lkml.org/lkml/2021/7/28/569
