[#5451] CONFIG_DEBUG_PREEMPT cause double fault

Submitted By: Yi Li

Open Date

2009-08-19 23:10:05 Close Date

2009-08-24 18:38:32

Priority:

Medium Assignee:

Yi Li

Status:

Closed Fixed In Release:

N/A

Found In Release:

snaps Release:

Category:

N/A Board:

N/A

Processor:

ALL Silicon Revision:

Is this bug repeatable?:

Yes Resolution:

Fixed

Uboot version or rev.:

Toolchain version or rev.:

2009R1-rc10

App binary format:

N/A

Summary: CONFIG_DEBUG_PREEMPT cause double fault

Details:

Tested on SVN trunk. If using attached config (default config with CONFIG_DEBUG_PREEMPT turned on), there is double fault while kernel boot. If turn off the CONFIG_DEBUG_PREEMPT option, kernel boot ok.

The double fault:

Memory available: 42440k/65536k RAM, (12724k init code, 1113k kernel code, 491k data, 1024k dma, 7744k reserved)

Double Fault

While handling exception (EXCAUSE = 0x26) at <0x0004548e> { _alloc_slabmgmt + 0x1e }:

DCPLB_FAULT_ADDR: <0x037fe008> /* kernel dynamic memory */

ICPLB_FAULT_ADDR: <0x0004548e> { _alloc_slabmgmt + 0x1e }

The instruction at <0x0009d334> { _debug_smp_processor_id + 0x3c } caused a double exception

Kernel panic - not syncing: Double Fault - unrecoverable event

Hardware Trace:

0 Target : <0xffa003d0> { _ex_dcplb_miss + 0x0 }

Source : <0xffa003ca> { _ex_workaround_261 + 0x1a } IF CC JUMP

1 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }

Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)

2 Target : <0xffa00740> { _trap + 0x20 }

Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP

3 Target : <0xffa00720> { _trap + 0x0 }

Source : <0xffa004c4> { _bfin_return_from_exception + 0x20 } RTX

4 Target : <0xffa004a4> { _bfin_return_from_exception + 0x0 }

Source : <0xffa003c2> { _ex_workaround_261 + 0x12 } IF !CC JUMP

5 Target : <0xffa003b0> { _ex_workaround_261 + 0x0 }

Source : <0xffa00788> { _trap + 0x68 } JUMP (P4)

6 Target : <0xffa00740> { _trap + 0x20 }

Source : <0xffa0073c> { _trap + 0x1c } IF !CC JUMP

7 Target : <0xffa00720> { _trap + 0x0 }

Source : <0x0004548c> { _alloc_slabmgmt + 0x1c } 0x6000

8 Target : <0x00045470> { _alloc_slabmgmt + 0x0 }

Source : <0x00045126> { _cache_grow + 0x9a } CALL pcrel

9 Target : <0x0004510c> { _cache_grow + 0x80 }

Source : <0x000451aa> { _cache_grow + 0x11e } IF CC JUMP

10 Target : <0x000451a6> { _cache_grow + 0x11a }

Source : <0x00045032> { _kmem_getpages + 0xe2 } RTS

11 Target : <0x00044fe2> { _kmem_getpages + 0x92 }

Source : <0x0004507e> { _kmem_getpages + 0x12e } JUMP.S

12 Target : <0x00045034> { _kmem_getpages + 0xe4 }

Source : <0x00044f96> { _kmem_getpages + 0x46 } IF CC JUMP

13 Target : <0x00044f82> { _kmem_getpages + 0x32 }

Source : <0x0003ab32> { ___alloc_pages_internal + 0x1c2 } RTS

14 Target : <0x0003ab26> { ___alloc_pages_internal + 0x1b6 }

Source : <0x0003a9cc> { ___alloc_pages_internal + 0x5c } IF !CC JUMP

15 Target : <0x0003a9c8> { ___alloc_pages_internal + 0x58 }

Source : <0x0003a8cc> { _get_page_from_freelist + 0x3c } RTS

Stack info:

SP: [0x00191cb8] <0x00191cb8> /* kernel dynamic memory */

FP: (0x00191d44)

Memory from 0x00191cb0 to 00192000

00191cb0: 00191cb8 00191db4 [00145be0]<000118aa> 00172000 00145be0 001753b2 001753b2

00191cd0: 001753b2 00191cf4 00191cf4 <00004f66> 00172000 00191cfc 00191db4 0000003f

00191cf0: 00180c60 00190000 00000001 3078303c 64393030 3e343333 5f207b20 75626564

00191d10: 6d735f67 72705f70 7365636f 5f726f73 2b206469 33783020 007d2063 00000000

00191d30: 0014b0fc 00000000 00180c60 <0018e374> 0018e398 (00000000)<0018e374><0018e374>

00191d50: 00000000 00181954 0018539c 001798f4 <000397ce> 00000000 <0018e374><000397f8>

00191d70:<0018e374><0018e374><0018e374><0003a7c6> 00e70fc0 0018e398 0018e38c 0018ed98

00191d90: 00000000 <ffa0060c> 00000013 <0004512a> 00dff0c0 00099fea 0018e398 00000000

00191db0: 00000000 00012338 00008008 00000025 00000000 00191e90 0009d334 0009d334

00191dd0:<ffa00406> 00000000 00099fde 00099fea ffa016d4 00099fde ffa016d4 00000000

00191df0: 00000000 00000fac 00000000 000e550a 00000000 00000000 00000000 00000000

00191e10: 0000001b 00000000 00000000 00000000 00000000 00000000 00000000 00000000

00191e30: 00000001 0011e1d0 ffffffe0 0014b110 00000004 00192000 037fe000 00000013

00191e50:<0004512a> 00dff0c0 00175210 00000030 ffe00004 00099fea ffa016d4 0000100d

00191e70: 000000d0 0000000f 00000006 00000030 00000000 00000000 ffe00004 00000006

00191e90: 00000000 00000000 <00044f82><0004512a> 00000000 00000010 00000000 00000010

00191eb0: 00190000 000000d0 00000000 001ab3dc <000452fe> 00dff0c0 001ab3ec 00187888

00191ed0: 00000001 00dff0c0 000000d0 00190000 00000000 000000d0 00000000 00000000

00191ef0: 00150040 <0004546c> 00dff0c0 0017b5e4 00187700 00000020 000000d0 0000ffff

00191f10: 00000040 00000000 00150040 <00098608><00116886> 00000000 00000020 00000120

00191f30: 00dff120 00042000 00000001 <000462c2><00046320> 00dff120 00dff120 ffffffe0

00191f50: 00000020 00000120 00042000 00dff120 001ab444 00000020 00042000 00190000

00191f70: 6b17b5dc 00187834 <001a0e7a> 00000000 001ab2e8 00187700 00000000 00042000

00191f90: 0017b5dc 00191fb0 <0019d6d0> 001ab2b8 00000004 00042000 00000000 00187850

00191fb0: 00000040 00192000 <00192688> ffe02104 0017003c 00000000 ffffffc0 00000000

00191fd0: 00000000 00000000 00000064 001a8624 00000001 00000016 00192288 001aaff4

00191ff0:<0019d9c8> 00000000 00000000 ffb00000

Return addresses in stack:

address : <0x000118aa> { _panic + 0x52 }

address : <0x00004f66> { _double_fault_c + 0x72 }

address : <0x0018e374> /* kernel dynamic memory */

frame 1 : <0x0018e374> /* kernel dynamic memory */

address : <0x0018e374> /* kernel dynamic memory */

address : <0x000397ce> { _rmqueue_bulk + 0x32 }

address : <0x0018e374> /* kernel dynamic memory */

address : <0x000397f8> { _rmqueue_bulk + 0x5c }

address : <0x0018e374> /* kernel dynamic memory */

address : <0x0003a7c6> { _buffered_rmqueue + 0x14a }

address : <0xffa0060c> { _double_fault + 0xa0 }

address : <0x0004512a> { _cache_grow + 0x9e }

address : <0xffa00406> { _ex_dcplb_miss + 0x36 }

address : <0x0004512a> { _cache_grow + 0x9e }

address : <0x00044f82> { _kmem_getpages + 0x32 }

address : <0x0004512a> { _cache_grow + 0x9e }

address : <0x000452fe> { _cache_alloc_refill + 0x13e }

address : <0x0004546c> { _kmem_cache_alloc + 0x74 }

address : <0x00098608> { _reciprocal_value + 0x58 }

address : <0x00116886> { _setup_cpu_cache + 0x32 }

address : <0x000462c2> { _kmem_cache_create + 0x192 }

address : <0x00046320> { _kmem_cache_create + 0x1f0 }

address : <0x001a0e7a> { _kmem_cache_init + 0x156 }

address : <0x0019d6d0> { _mem_init + 0x110 }

address : <0x00192688> { _start_kernel + 0x130 }

address : <0x0019d9c8> { _real_start + 0x28 }

Follow-ups

--- Yi Li 2009-08-20 04:15:33

The cause:

cplb_nompu/cplbmgr.c:

MGR_ATTR int cplb_hdr(int seqstat, struct pt_regs *regs)

{

int cause = seqstat & 0x3f;

unsigned int cpu = smp_processor_id();

If turned on CONFIG_DEBUG_PREEMPT, cplb_hdr calls debug_smp_processor_id():

#ifdef CONFIG_DEBUG_PREEMPT

extern unsigned int debug_smp_processor_id(void);

# define smp_processor_id() debug_smp_processor_id()

#else

# define smp_processor_id() raw_smp_processor_id()

#endif

notrace unsigned int debug_smp_processor_id(void)

{

unsigned long preempt_count = preempt_count();

int this_cpu = raw_smp_processor_id();

if (likely(preempt_count))

goto out;

if (irqs_disabled())

goto out;

* Kernel threads bound to a single CPU can safely use

* smp_processor_id():

if (cpumask_equal(&current->cpus_allowed, cpumask_of(this_cpu)))

goto out;

We see, in exception handler (cplb_hdr()), "current" is used.

So "raw_smp_processor_id()" should be used in exception context.

--- Yi Li 2009-08-20 04:34:22

Above comment may be invalid:

raw_smp_processor_id() does not guarantee not referring to "current"

(in blackfin arch it does not refer to "current".)

"blackfin_core_id()" is better.

--- Yi Li 2009-08-20 04:54:40

Fixed. Use "raw_smp_prosessor_id()" anyway since in arch/blackfin, we

know what we are doing.

--- Yi Li 2009-08-24 23:39:17

Fixed and close.

Files

Changes

Commits

Dependencies

Duplicates

Associations