[#5451] CONFIG_DEBUG_PREEMPT cause double fault
Submitted By: Yi Li
Open Date
2009-08-19 23:10:05 Close Date
2009-08-24 18:38:32
Priority:
Medium Assignee:
Yi Li
Status:
Closed Fixed In Release:
N/A
Found In Release:
snaps Release:
Category:
N/A Board:
N/A
Processor:
ALL Silicon Revision:
Is this bug repeatable?:
Yes Resolution:
Fixed
Uboot version or rev.:
Toolchain version or rev.:
2009R1-rc10
App binary format:
N/A
Summary: CONFIG_DEBUG_PREEMPT cause double fault
Details:
Tested on SVN trunk. If using attached config (default config with CONFIG_DEBUG_PREEMPT turned on), there is double fault while kernel boot. If turn off the CONFIG_DEBUG_PREEMPT option, kernel boot ok.
The double fault:
Memory available: 42440k/65536k RAM, (12724k init code, 1113k kernel code, 491k data, 1024k dma, 7744k reserved)
Double Fault
While handling exception (EXCAUSE = 0x26) at <0x0004548e> { _alloc_slabmgmt + 0x1e }:
DCPLB_FAULT_ADDR: <0x037fe008> /* kernel dynamic memory */
ICPLB_FAULT_ADDR: <0x0004548e> { _alloc_slabmgmt + 0x1e }
The instruction at <0x0009d334> { _debug_smp_processor_id + 0x3c } caused a double exception
Kernel panic - not syncing: Double Fault - unrecoverable event
Hardware Trace:
0 Target : <0xffa003d0> { _ex_dcplb_miss + 0x0 }
Source : <0xffa003ca> { _ex_workaround_261 + 0x1a } IF CC JUMP
1 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }
Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)
2 Target : <0xffa00740> { _trap + 0x20 }
Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP
3 Target : <0xffa00720> { _trap + 0x0 }
Source : <0xffa004c4> { _bfin_return_from_exception + 0x20 } RTX
4 Target : <0xffa004a4> { _bfin_return_from_exception + 0x0 }
Source : <0xffa003c2> { _ex_workaround_261 + 0x12 } IF !CC JUMP
5 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }
Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)
6 Target : <0xffa00740> { _trap + 0x20 }
Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP
7 Target : <0xffa00720> { _trap + 0x0 }
Source : <0x0004548c> { _alloc_slabmgmt + 0x1c } 0x6000
8 Target : <0x00045470> { _alloc_slabmgmt + 0x0 }
Source : <0x00045126> { _cache_grow + 0x9a } CALL pcrel
9 Target : <0x0004510c> { _cache_grow + 0x80 }
Source : <0x000451aa> { _cache_grow + 0x11e } IF CC JUMP
10 Target : <0x000451a6> { _cache_grow + 0x11a }
Source : <0x00045032> { _kmem_getpages + 0xe2 } RTS
11 Target : <0x00044fe2> { _kmem_getpages + 0x92 }
Source : <0x0004507e> { _kmem_getpages + 0x12e } JUMP.S
12 Target : <0x00045034> { _kmem_getpages + 0xe4 }
Source : <0x00044f96> { _kmem_getpages + 0x46 } IF CC JUMP
13 Target : <0x00044f82> { _kmem_getpages + 0x32 }
Source : <0x0003ab32> { ___alloc_pages_internal + 0x1c2 } RTS
14 Target : <0x0003ab26> { ___alloc_pages_internal + 0x1b6 }
Source : <0x0003a9cc> { ___alloc_pages_internal + 0x5c } IF !CC JUMP
15 Target : <0x0003a9c8> { ___alloc_pages_internal + 0x58 }
Source : <0x0003a8cc> { _get_page_from_freelist + 0x3c } RTS
Stack info:
SP: [0x00191cb8] <0x00191cb8> /* kernel dynamic memory */
FP: (0x00191d44)
Memory from 0x00191cb0 to 00192000
00191cb0: 00191cb8 00191db4 [00145be0]<000118aa> 00172000 00145be0 001753b2 001753b2
00191cd0: 001753b2 00191cf4 00191cf4 <00004f66> 00172000 00191cfc 00191db4 0000003f
00191cf0: 00180c60 00190000 00000001 3078303c 64393030 3e343333 5f207b20 75626564
00191d10: 6d735f67 72705f70 7365636f 5f726f73 2b206469 33783020 007d2063 00000000
00191d30: 0014b0fc 00000000 00180c60 <0018e374> 0018e398 (00000000)<0018e374><0018e374>
00191d50: 00000000 00181954 0018539c 001798f4 <000397ce> 00000000 <0018e374><000397f8>
00191d70:<0018e374><0018e374><0018e374><0003a7c6> 00e70fc0 0018e398 0018e38c 0018ed98
00191d90: 00000000 <ffa0060c> 00000013 <0004512a> 00dff0c0 00099fea 0018e398 00000000
00191db0: 00000000 00012338 00008008 00000025 00000000 00191e90 0009d334 0009d334
00191dd0:<ffa00406> 00000000 00099fde 00099fea ffa016d4 00099fde ffa016d4 00000000
00191df0: 00000000 00000fac 00000000 000e550a 00000000 00000000 00000000 00000000
00191e10: 0000001b 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00191e30: 00000001 0011e1d0 ffffffe0 0014b110 00000004 00192000 037fe000 00000013
00191e50:<0004512a> 00dff0c0 00175210 00000030 ffe00004 00099fea ffa016d4 0000100d
00191e70: 000000d0 0000000f 00000006 00000030 00000000 00000000 ffe00004 00000006
00191e90: 00000000 00000000 <00044f82><0004512a> 00000000 00000010 00000000 00000010
00191eb0: 00190000 000000d0 00000000 001ab3dc <000452fe> 00dff0c0 001ab3ec 00187888
00191ed0: 00000001 00dff0c0 000000d0 00190000 00000000 000000d0 00000000 00000000
00191ef0: 00150040 <0004546c> 00dff0c0 0017b5e4 00187700 00000020 000000d0 0000ffff
00191f10: 00000040 00000000 00150040 <00098608><00116886> 00000000 00000020 00000120
00191f30: 00dff120 00042000 00000001 <000462c2><00046320> 00dff120 00dff120 ffffffe0
00191f50: 00000020 00000120 00042000 00dff120 001ab444 00000020 00042000 00190000
00191f70: 6b17b5dc 00187834 <001a0e7a> 00000000 001ab2e8 00187700 00000000 00042000
00191f90: 0017b5dc 00191fb0 <0019d6d0> 001ab2b8 00000004 00042000 00000000 00187850
00191fb0: 00000040 00192000 <00192688> ffe02104 0017003c 00000000 ffffffc0 00000000
00191fd0: 00000000 00000000 00000064 001a8624 00000001 00000016 00192288 001aaff4
00191ff0:<0019d9c8> 00000000 00000000 ffb00000
Return addresses in stack:
address : <0x000118aa> { _panic + 0x52 }
address : <0x00004f66> { _double_fault_c + 0x72 }
address : <0x0018e374> /* kernel dynamic memory */
frame 1 : <0x0018e374> /* kernel dynamic memory */
address : <0x0018e374> /* kernel dynamic memory */
address : <0x000397ce> { _rmqueue_bulk + 0x32 }
address : <0x0018e374> /* kernel dynamic memory */
address : <0x000397f8> { _rmqueue_bulk + 0x5c }
address : <0x0018e374> /* kernel dynamic memory */
address : <0x0018e374> /* kernel dynamic memory */
address : <0x0018e374> /* kernel dynamic memory */
address : <0x0003a7c6> { _buffered_rmqueue + 0x14a }
address : <0xffa0060c> { _double_fault + 0xa0 }
address : <0x0004512a> { _cache_grow + 0x9e }
address : <0xffa00406> { _ex_dcplb_miss + 0x36 }
address : <0x0004512a> { _cache_grow + 0x9e }
address : <0x00044f82> { _kmem_getpages + 0x32 }
address : <0x0004512a> { _cache_grow + 0x9e }
address : <0x000452fe> { _cache_alloc_refill + 0x13e }
address : <0x0004546c> { _kmem_cache_alloc + 0x74 }
address : <0x00098608> { _reciprocal_value + 0x58 }
address : <0x00116886> { _setup_cpu_cache + 0x32 }
address : <0x000462c2> { _kmem_cache_create + 0x192 }
address : <0x00046320> { _kmem_cache_create + 0x1f0 }
address : <0x001a0e7a> { _kmem_cache_init + 0x156 }
address : <0x0019d6d0> { _mem_init + 0x110 }
address : <0x00192688> { _start_kernel + 0x130 }
address : <0x0019d9c8> { _real_start + 0x28 }
Follow-ups
--- Yi Li 2009-08-20 04:15:33
The cause:
cplb_nompu/cplbmgr.c:
MGR_ATTR int cplb_hdr(int seqstat, struct pt_regs *regs)
{
int cause = seqstat & 0x3f;
unsigned int cpu = smp_processor_id();
If turned on CONFIG_DEBUG_PREEMPT, cplb_hdr calls debug_smp_processor_id():
#ifdef CONFIG_DEBUG_PREEMPT
extern unsigned int debug_smp_processor_id(void);
# define smp_processor_id() debug_smp_processor_id()
#else
# define smp_processor_id() raw_smp_processor_id()
#endif
notrace unsigned int debug_smp_processor_id(void)
{
unsigned long preempt_count = preempt_count();
int this_cpu = raw_smp_processor_id();
if (likely(preempt_count))
goto out;
if (irqs_disabled())
goto out;
/*
* Kernel threads bound to a single CPU can safely use
* smp_processor_id():
*/
if (cpumask_equal(¤t->cpus_allowed, cpumask_of(this_cpu)))
goto out;
We see, in exception handler (cplb_hdr()), "current" is used.
So "raw_smp_processor_id()" should be used in exception context.
--- Yi Li 2009-08-20 04:34:22
Above comment may be invalid:
raw_smp_processor_id() does not guarantee not referring to "current"
(in blackfin arch it does not refer to "current".)
"blackfin_core_id()" is better.
--- Yi Li 2009-08-20 04:54:40
Fixed. Use "raw_smp_prosessor_id()" anyway since in arch/blackfin, we
know what we are doing.
--- Yi Li 2009-08-24 23:39:17
Fixed and close.
Files
Changes
Commits
Dependencies
Duplicates
Associations
Tags
File Name File Type File Size Posted By
config application/octet-stream 35083 Yi Li