[#5451] CONFIG_DEBUG_PREEMPT cause double fault

Document created by Aaronwu Employee on Sep 4, 2013
Version 1Show Document
  • View in full screen mode

[#5451] CONFIG_DEBUG_PREEMPT cause double fault

Submitted By: Yi Li

Open Date

2009-08-19 23:10:05     Close Date

2009-08-24 18:38:32

Priority:

Medium     Assignee:

Yi Li

Status:

Closed     Fixed In Release:

N/A

Found In Release:

snaps     Release:

Category:

N/A     Board:

N/A

Processor:

ALL     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Fixed

Uboot version or rev.:

    Toolchain version or rev.:

2009R1-rc10

App binary format:

N/A     

Summary: CONFIG_DEBUG_PREEMPT cause double fault

Details:

 

Tested on SVN trunk. If using attached config (default config with CONFIG_DEBUG_PREEMPT turned on), there is double fault while kernel boot. If turn off the CONFIG_DEBUG_PREEMPT option, kernel boot ok.

 

The double fault:

 

Memory available: 42440k/65536k RAM, (12724k init code, 1113k kernel code, 491k data, 1024k dma, 7744k reserved)

 

Double Fault

While handling exception (EXCAUSE = 0x26) at <0x0004548e> { _alloc_slabmgmt + 0x1e }:

   DCPLB_FAULT_ADDR: <0x037fe008> /* kernel dynamic memory */

   ICPLB_FAULT_ADDR: <0x0004548e> { _alloc_slabmgmt + 0x1e }

The instruction at <0x0009d334> { _debug_smp_processor_id + 0x3c } caused a double exception

Kernel panic - not syncing: Double Fault - unrecoverable event

Hardware Trace:

   0 Target : <0xffa003d0> { _ex_dcplb_miss + 0x0 }

     Source : <0xffa003ca> { _ex_workaround_261 + 0x1a } IF CC JUMP

   1 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)

   2 Target : <0xffa00740> { _trap + 0x20 }

     Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP

   3 Target : <0xffa00720> { _trap + 0x0 }

     Source : <0xffa004c4> { _bfin_return_from_exception + 0x20 } RTX

   4 Target : <0xffa004a4> { _bfin_return_from_exception + 0x0 }

     Source : <0xffa003c2> { _ex_workaround_261 + 0x12 } IF !CC JUMP

   5 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }

     Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)

   6 Target : <0xffa00740> { _trap + 0x20 }

     Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP

   7 Target : <0xffa00720> { _trap + 0x0 }

     Source : <0x0004548c> { _alloc_slabmgmt + 0x1c } 0x6000

   8 Target : <0x00045470> { _alloc_slabmgmt + 0x0 }

     Source : <0x00045126> { _cache_grow + 0x9a } CALL pcrel

   9 Target : <0x0004510c> { _cache_grow + 0x80 }

     Source : <0x000451aa> { _cache_grow + 0x11e } IF CC JUMP

  10 Target : <0x000451a6> { _cache_grow + 0x11a }

     Source : <0x00045032> { _kmem_getpages + 0xe2 } RTS

  11 Target : <0x00044fe2> { _kmem_getpages + 0x92 }

     Source : <0x0004507e> { _kmem_getpages + 0x12e } JUMP.S

  12 Target : <0x00045034> { _kmem_getpages + 0xe4 }

     Source : <0x00044f96> { _kmem_getpages + 0x46 } IF CC JUMP

  13 Target : <0x00044f82> { _kmem_getpages + 0x32 }

     Source : <0x0003ab32> { ___alloc_pages_internal + 0x1c2 } RTS

  14 Target : <0x0003ab26> { ___alloc_pages_internal + 0x1b6 }

     Source : <0x0003a9cc> { ___alloc_pages_internal + 0x5c } IF !CC JUMP

  15 Target : <0x0003a9c8> { ___alloc_pages_internal + 0x58 }

     Source : <0x0003a8cc> { _get_page_from_freelist + 0x3c } RTS

Stack info:

SP: [0x00191cb8] <0x00191cb8> /* kernel dynamic memory */

FP: (0x00191d44)

Memory from 0x00191cb0 to 00192000

00191cb0: 00191cb8  00191db4 [00145be0]<000118aa> 00172000  00145be0  001753b2  001753b2

00191cd0: 001753b2  00191cf4  00191cf4 <00004f66> 00172000  00191cfc  00191db4  0000003f

00191cf0: 00180c60  00190000  00000001  3078303c  64393030  3e343333  5f207b20  75626564

00191d10: 6d735f67  72705f70  7365636f  5f726f73  2b206469  33783020  007d2063  00000000

00191d30: 0014b0fc  00000000  00180c60 <0018e374> 0018e398 (00000000)<0018e374><0018e374>

00191d50: 00000000  00181954  0018539c  001798f4 <000397ce> 00000000 <0018e374><000397f8>

00191d70:<0018e374><0018e374><0018e374><0003a7c6> 00e70fc0  0018e398  0018e38c  0018ed98

00191d90: 00000000 <ffa0060c> 00000013 <0004512a> 00dff0c0  00099fea  0018e398  00000000

00191db0: 00000000  00012338  00008008  00000025  00000000  00191e90  0009d334  0009d334

00191dd0:<ffa00406> 00000000  00099fde  00099fea  ffa016d4  00099fde  ffa016d4  00000000

00191df0: 00000000  00000fac  00000000  000e550a  00000000  00000000  00000000  00000000

00191e10: 0000001b  00000000  00000000  00000000  00000000  00000000  00000000  00000000

00191e30: 00000001  0011e1d0  ffffffe0  0014b110  00000004  00192000  037fe000  00000013

00191e50:<0004512a> 00dff0c0  00175210  00000030  ffe00004  00099fea  ffa016d4  0000100d

00191e70: 000000d0  0000000f  00000006  00000030  00000000  00000000  ffe00004  00000006

00191e90: 00000000  00000000 <00044f82><0004512a> 00000000  00000010  00000000  00000010

00191eb0: 00190000  000000d0  00000000  001ab3dc <000452fe> 00dff0c0  001ab3ec  00187888

00191ed0: 00000001  00dff0c0  000000d0  00190000  00000000  000000d0  00000000  00000000

00191ef0: 00150040 <0004546c> 00dff0c0  0017b5e4  00187700  00000020  000000d0  0000ffff

00191f10: 00000040  00000000  00150040 <00098608><00116886> 00000000  00000020  00000120

00191f30: 00dff120  00042000  00000001 <000462c2><00046320> 00dff120  00dff120  ffffffe0

00191f50: 00000020  00000120  00042000  00dff120  001ab444  00000020  00042000  00190000

00191f70: 6b17b5dc  00187834 <001a0e7a> 00000000  001ab2e8  00187700  00000000  00042000

00191f90: 0017b5dc  00191fb0 <0019d6d0> 001ab2b8  00000004  00042000  00000000  00187850

00191fb0: 00000040  00192000 <00192688> ffe02104  0017003c  00000000  ffffffc0  00000000

00191fd0: 00000000  00000000  00000064  001a8624  00000001  00000016  00192288  001aaff4

00191ff0:<0019d9c8> 00000000  00000000  ffb00000

Return addresses in stack:

    address : <0x000118aa> { _panic + 0x52 }

    address : <0x00004f66> { _double_fault_c + 0x72 }

    address : <0x0018e374> /* kernel dynamic memory */

   frame  1 : <0x0018e374> /* kernel dynamic memory */

    address : <0x0018e374> /* kernel dynamic memory */

    address : <0x000397ce> { _rmqueue_bulk + 0x32 }

    address : <0x0018e374> /* kernel dynamic memory */

    address : <0x000397f8> { _rmqueue_bulk + 0x5c }

    address : <0x0018e374> /* kernel dynamic memory */

    address : <0x0018e374> /* kernel dynamic memory */

    address : <0x0018e374> /* kernel dynamic memory */

    address : <0x0003a7c6> { _buffered_rmqueue + 0x14a }

    address : <0xffa0060c> { _double_fault + 0xa0 }

    address : <0x0004512a> { _cache_grow + 0x9e }

    address : <0xffa00406> { _ex_dcplb_miss + 0x36 }

    address : <0x0004512a> { _cache_grow + 0x9e }

    address : <0x00044f82> { _kmem_getpages + 0x32 }

    address : <0x0004512a> { _cache_grow + 0x9e }

    address : <0x000452fe> { _cache_alloc_refill + 0x13e }

    address : <0x0004546c> { _kmem_cache_alloc + 0x74 }

    address : <0x00098608> { _reciprocal_value + 0x58 }

    address : <0x00116886> { _setup_cpu_cache + 0x32 }

    address : <0x000462c2> { _kmem_cache_create + 0x192 }

    address : <0x00046320> { _kmem_cache_create + 0x1f0 }

    address : <0x001a0e7a> { _kmem_cache_init + 0x156 }

    address : <0x0019d6d0> { _mem_init + 0x110 }

    address : <0x00192688> { _start_kernel + 0x130 }

    address : <0x0019d9c8> { _real_start + 0x28 }

 

Follow-ups

 

--- Yi Li                                                    2009-08-20 04:15:33

The cause:

 

cplb_nompu/cplbmgr.c:

 

MGR_ATTR int cplb_hdr(int seqstat, struct pt_regs *regs)

{

    int cause = seqstat & 0x3f;

    unsigned int cpu = smp_processor_id();

 

If turned on CONFIG_DEBUG_PREEMPT, cplb_hdr calls debug_smp_processor_id():

 

#ifdef CONFIG_DEBUG_PREEMPT

  extern unsigned int debug_smp_processor_id(void);

# define smp_processor_id() debug_smp_processor_id()

#else

# define smp_processor_id() raw_smp_processor_id()

#endif

 

notrace unsigned int debug_smp_processor_id(void)

{

    unsigned long preempt_count = preempt_count();

    int this_cpu = raw_smp_processor_id();

 

    if (likely(preempt_count))

        goto out;

 

    if (irqs_disabled())

        goto out;

 

    /*

     * Kernel threads bound to a single CPU can safely use

     * smp_processor_id():

     */

    if (cpumask_equal(&current->cpus_allowed, cpumask_of(this_cpu)))

        goto out;

 

We see, in exception handler (cplb_hdr()), "current" is used.

 

So "raw_smp_processor_id()" should be used in exception context.

 

--- Yi Li                                                    2009-08-20 04:34:22

Above comment may be invalid:

 

raw_smp_processor_id() does not guarantee not referring to "current"

(in blackfin arch it does not refer to "current".)

"blackfin_core_id()" is better.

 

 

 

 

--- Yi Li                                                    2009-08-20 04:54:40

Fixed. Use "raw_smp_prosessor_id()" anyway since in arch/blackfin, we

know what we are doing.

 

--- Yi Li                                                    2009-08-24 23:39:17

Fixed and close.

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

config    application/octet-stream    35083    Yi Li

Attachments

Outcomes