QMI CID leaks
Teijo Kinnunen
teijo.kinnunen at uros.com
Thu Apr 9 11:20:10 UTC 2020
Hi,
I'm working on a patch to detect M2M eUICC profile switches on Quectel
modems. Upon testing with Quectel EG25, which uses QMI, I noticed that
when MM reinitializes a modem (either due to hot-swap or MM restarting),
some of the QMI CIDs don't appear to be released. After ~10 times, the
modem detection fails due to QMI protocol error "ClientIdsExhausted".
The modem needs to be reset to recover from this.
In filtered logs it looks like this (when MM is started two times in
succession, no modem reset between):
---
root at teijo-laptop:/home/teijo/ModemManager/src# ./ModemManager --debug
--test-plugin-dir=/home/teijo/ModemManager/plugins/.libs 2>&1 | grep
"client with ID"
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'wda' (version 1.16)
client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'wda' client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'dms' (version 1.0)
client with ID '2'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'nas' (version 1.25)
client with ID '4'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'wms' (version 1.10)
client with ID '2'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'uim' (version 1.46)
client with ID '3'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'loc' (version 2.0)
client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Registered 'pdc' (version 1.0)
client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'pdc' client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'loc' client with ID '1'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'uim' client with ID '3'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'wms' client with ID '2'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'nas' client with ID '4'
ModemManager[25925]: [/dev/cdc-wdm1] Unregistered 'dms' client with ID '2'
root at teijo-laptop:/home/teijo/ModemManager/src# ./ModemManager --debug
--test-plugin-dir=/home/teijo/ModemManager/plugins/.libs 2>&1 | grep
"client with ID"
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'wda' (version 1.16)
client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'wda' client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'dms' (version 1.0)
client with ID '3'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'nas' (version 1.25)
client with ID '5'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'wms' (version 1.10)
client with ID '3'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'uim' (version 1.46)
client with ID '4'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'loc' (version 2.0)
client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Registered 'pdc' (version 1.0)
client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'pdc' client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'loc' client with ID '1'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'uim' client with ID '4'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'wms' client with ID '3'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'nas' client with ID '5'
ModemManager[25985]: [/dev/cdc-wdm1] Unregistered 'dms' client with ID '3'
---
My hypothesis here is that it's a race condition when closing down MM.
It can be seen that it's the last four of the unregistered services that
leak. Furthermore, looks like the "Release CID" commands are just sent
without waiting for response, then the device is closed (at least the
Release CID responses are not shown in the logs except for 'wda' which
is release much earlier) - possibly the release commands are lost?
Or would this rather be a libqmi issue?
BR,
- Teijo
More information about the ModemManager-devel
mailing list