On Wed, Apr 19, 2023 at 04:21:50PM -0700, Nam Nguyen wrote:
> >Synopsis: xbox 360 controller crash
> >Category: kernel amd64
> >Environment:
> System : OpenBSD 7.3
> Details : OpenBSD 7.3-current (GENERIC.MP) #1149: Mon Apr 17
> 12:04:55 MDT 2023
>
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> >Description:
> Plugging in xbox 360 controller has a chance of causing a system
> freeze and sending it to ddb. it prints, "panic: b_to_q: tty has
> no clist."
>
> picture of trace: https://namtsui.com/public/ujoy1.jpg
>
> This issue seems related to that reported by thfr@ here:
> https://marc.info/?l=openbsd-bugs&m=165136879315845&w=2
>
> The crash seems to occur frequently on my radeon 6850 desktop
> but does not seem to happen on my intel x230i laptop.
>
> If I plug in my xbox 360 controller to xhci on top of my
> computer case and have a dac connected to the ehci nearby, it
> can cause it more easily without requiring plugging and
> unplugging. Plugging xbox 360 into the back of the case into
> ehci seems to require plugging and unplugging the
> controller. The crash can occur upon unplugging and plugging in
> the controller, during setting up controls in the sameboy port,
> or upon launching flycast emulator.
>
> >How-To-Repeat:
> It is a bit hard to reproduce, but running sdl-jstest repeatedly
> in conjunction with unplugging and plugging in controllers can
> cause it to crash within a minute or two.
>
> `while true; do sdl-jstest --list; vmstat;
> sysctl kern.malloc.kmemstat.DRM; sleep 2; done'
>
> >Fix:
> There is a patch that I tested by brynet@ that seems to have
> resolved the issue.
I think we need to allocate the ring buffer to before calling
uhidev_open. That way it's not NULL in uhid_intr as seen in Nam's
backtrace.
Alternatively, uhid_intr could return early, e.g:
if (!sc->sc_q)
return;
ok on the diff below, or thoughts?
Index: dev/usb/uhid.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/uhid.c,v
retrieving revision 1.89
diff -u -p -u -r1.89 uhid.c
--- dev/usb/uhid.c 2 Jul 2022 08:50:42 -0000 1.89
+++ dev/usb/uhid.c 19 Apr 2023 06:18:40 -0000
@@ -225,11 +225,16 @@ uhid_do_open(dev_t dev, int flag, int mo
if (usbd_is_dying(sc->sc_hdev.sc_udev))
return (ENXIO);
- error = uhidev_open(&sc->sc_hdev);
- if (error)
- return (error);
+ if (sc->sc_hdev.sc_state & UHIDEV_OPEN)
+ return (EBUSY);
clalloc(&sc->sc_q, UHID_BSIZE, 0);
+
+ error = uhidev_open(&sc->sc_hdev);
+ if (error) {
+ clfree(&sc->sc_q);
+ return (error);
+ }
sc->sc_obuf = malloc(sc->sc_hdev.sc_osize, M_USBDEV, M_WAITOK);
