林渡
AI智能摘要
问题源于`qcom_scm_pas_auth_and_reset`函数返回异常,导致系统panic。日志分析发现tz处于忙碌状态,且`mfido`固件更新可能与问题相关。进一步分析显示,`mfido`在尝试读取公钥证书时失败,引发系统崩溃。
此摘要由AI分析文章内容生成,仅供参考。
一、问题背景
在工厂以及开发版本种,开始大批量高概率出现死机问题,经过分析都指向同一个原因tz
二、问题分析
[ 15.198352][ T1609] Kernel panic - not syncing: Panicking, auth and reset failed for remoteproc 6000000.remoteproc-mss ret=-16
[ 15.198362][ T1609] CPU: 2 PID: 1609 Comm: vndbinder:1545_ Tainted: G C OE 6.1.118-android14-11-maybe-dirty #1
[ 15.198368][ T1609] Hardware name: Qualcomm Technologies, Inc. Spring QRD (DT)
[ 15.198372][ T1609] Call trace:
[ 15.198376][ T1609] dump_backtrace+0xf4/0x11c
[ 15.198393][ T1609] show_stack+0x18/0x24
[ 15.198397][ T1609] dump_stack_lvl+0x60/0x90
[ 15.198407][ T1609] panic+0x160/0x3e8
[ 15.198412][ T1609] adsp_start+0x6e4/0x71c [qcom_q6v5_pas]
[ 15.198446][ T1609] rproc_start+0x174/0x2e0
[ 15.198454][ T1609] rproc_boot+0x49c/0x5ec
[ 15.198459][ T1609] rproc_cdev_write+0x194/0x278
[ 15.198464][ T1609] vfs_write+0x108/0x2e0
[ 15.198471][ T1609] ksys_write+0x78/0xe8
[ 15.198475][ T1609] __arm64_sys_write+0x1c/0x2c
[ 15.198479][ T1609] invoke_syscall+0x58/0x114
[ 15.198484][ T1609] el0_svc_common+0xb4/0xfc
[ 15.198489][ T1609] do_el0_svc+0x24/0x84
[ 15.198492][ T1609] el0_svc+0x2c/0x90
[ 15.198499][ T1609] el0t_64_sync_handler+0x68/0xb4
[ 15.198503][ T1609] el0t_64_sync+0x1a4/0x1a8
查看源码:
static int adsp_start(struct rproc *rproc)
{
/////.....................
ret = qcom_scm_pas_auth_and_reset(adsp->pas_id);
if (ret)
panic("Panicking, auth and reset failed for remoteproc %s ret=%d\n",
////....................
}
可以看到是这块主动panic的,原因是因为qcom_scm_pas_auth_and_reset函数返回值异常,分析这个函数可以或者该函数的功能为发送scm指令给tz
同时查看日志
[ 14.315144][ T1413] QSEECOM: __qseecom_scm_call2_locked: re-sending syscall with TZ busy
tz当前处于busy状态
--> 查看qseelog
[014dad861]<8>mfido: "FIDOTA Version : 2.a0.10"
[014daddb8]<8>mfido: "Read Pubkey Certificate"
[014daec7a]<8>mfido: "rpmb init fail 0xffffffeb"
[014daee37]<8>mfido: "rpmb init fail"
[014daeef9]<8>mfido: "read pubkey cert fail, failover"
[014db1e46]<8>mfido: "USE_SFS:0"
[014db2bcf]<8>mfido: "read 560 bytes from /mnt/vendor/persist/data/mfido/66706b63"
[014dbd7f4]<8>widevine: DRM Library unloaded
[014de0472]<8>widevine: Error at function init_hw_support_for_video_offload_sessions line 1047
[014de082c]<8>widevine: Error at function init_hw_support_for_audio_offload_sessions line 1069
[014dffec1]<8>mfido: "open record fail - read, eno: 2"
[014e001b3]<8>mfido: "read pubkey cert fail"
[014e002ae]<8>mfido: "fido_ta Init: Read Pubkey Certificate Failed."
解析tzdiaglog得到
29460x00000000000758FE | 14.695269: QSEECOM: __qseecom_unload_app: scm_call to unload app (id = 11) failed ret: -16
29730x000000000007783D | 14.939378: Kernel panic - not syncing: Panicking, auth and reset failed for remoteproc 6000000.remoteproc-mss ret=-16
0x0000000014D889B2 | 18.215383: QSee Diag <2>qwes: tz_app_init[95]: QWES TA Start 1.0
0x000000001512F7C0 | 18.414823: QSee Diag <16>miriskm: =================================
0x000000001512FAC6 | 18.414864: QSee Diag <16>miriskm: tz_app_init success, version:1
0x00000000152976F7 | 18.491613: QSee Diag <8>widevine: DRM Library unloaded
0x00000000154563BB | 18.586930: QSee Diag <8>mfido: "FIDOTA Version : 2.a0.10"
0x00000000154568FA | 18.587000: QSee Diag <8>mfido: "Read Pubkey Certificate"
0x00000000154575B8 | 18.587170: QSee Diag <8>mfido: "rpmb init fail 0xffffffeb"
0x0000000015457685 | 18.587180: QSee Diag <8>mfido: "rpmb init fail"
0x000000001545771A | 18.587188: QSee Diag <8>mfido: "read pubkey cert fail, failover"
0x0000000015457816 | 18.587201: QSee Diag <8>mfido: "USE_SFS:0"
0x0000000015458156 | 18.587324: QSee Diag <8>mfido: "read 560 bytes from /mnt/vendor/persist/data/mfido/66706b63"
0x00000000154921FD | 18.599707: QSee Diag <8>widevine: Error at function init_hw_support_for_video_offload_sessions line 1047
0x000000001549257E | 18.599753: QSee Diag <8>widevine: Error at function init_hw_support_for_audio_offload_sessions line 1069
0x00000000154EC064 | 18.618885: QSee Diag <8>mfido: "open record fail - read, eno: 2"
0x00000000154EC325 | 18.618922: QSee Diag <8>mfido: "read pubkey cert fail"
0x00000000154EC48D | 18.618941: QSee Diag <8>mfido: "fido_ta Init: Read Pubkey Certificate Failed."
0x00000000163074FA | 19.389293: Diag TZBSP_EC_SYSCALL_DENIED_DPC_BLOCKED
0x00000000163076E6 | 19.389319: Diag TZBSP_SYSCALL_SMC_ERR_ID : tzbsp_syscall, smc_id->72000102
0x000000001630786F | 19.389339: Diag TZBSP_SYSCALL_SMC_RET_VAL : tzbsp_syscall, return value->fffffff4 //tz busying
0x0000000016307FA1 | 19.389435: Diag TZBSP_EC_SYSCALL_DENIED_DPC_BLOCKED
0x000000001630814D | 19.389457: Diag TZBSP_SYSCALL_SMC_ERR_ID : tzbsp_syscall, smc_id->72000602
0x00000000163082D7 | 19.389478: Diag TZBSP_SYSCALL_SMC_RET_VAL : tzbsp_syscall, return value->fffffff4
0x0000000016352E8A | 19.405421: Diag TZBSP_EC_SYSCALL_DENIED_DPC_BLOCKED
0x000000001635321C | 19.405468: Diag TZBSP_SYSCALL_SMC_ERR_ID : tzbsp_syscall, smc_id->c2000603
0x00000000163533A6 | 19.405489: Diag TZBSP_SYSCALL_SMC_RET_VAL : tzbsp_syscall, return value->fffffff4
0x000000001638B4E7 | 19.417452: Diag TZBSP_EC_SYSCALL_DENIED_DPC_BLOCKED
|-----------------------------------------------------------------------|
| TATASK[0] |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| Tasked: TRUE |
| Refs: 1 |
| View TLS Using: v.v (TATaskTLS*)0x59DC8DB60 |
| TLS: |
| threadBlocked: 0x000000059DCAA5B0 mfido |
| result: 0
-000|SMCInvoke_inboundIpc(inline)
-000|smc_invoke(inBuf_ptr = 0x9EC14000, inBuf_len = 0x1000, outBuf_ptr = ?, outBuf_len = ?, is_cache_coherent = ?, smc_rsp = 0x000000059DB6DAC0)
-001|qsee_smc_invoke_cc(inBuf_ptr = ?, inBuf_len = ?, outBuf_ptr = ?, outBuf_len = ?, smc_rsp = ?)
-002|route_to_svc_impl(pArgs = 0x000000059DC814B0)
-003|callWithOutLock(tls = 0x000000059DC81490)
-004|ServiceThread_accept(cxt = 0x000000059DC81140)
-005|initial_thread_func()
-006|initial_thread_func()
---|end of frame
可以确定问题为mfido导致
三、根本原因
安全同事提交了一笔mfido固件的更新提交导致