From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tetsuyuki Kobayashi Date: Mon, 20 Aug 2012 06:32:31 +0000 Subject: Re: kzm9g boot fail (was Re: irqdomain breaks ap4 boot) Message-Id: <5031D9FF.8060801@kmckk.co.jp> List-Id: References: <502DDC97.5080501@kmckk.co.jp> In-Reply-To: <502DDC97.5080501@kmckk.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-sh@vger.kernel.org Hello, goda-san. (2012/08/20 13:45), Kuninori Morimoto wrote: > I'm not sure why, but this patch solved problem ? > > ------------------------------------------- > diff --git a/arch/arm/mach-shmobile/intc-sh73a0.c b/arch/arm/mach-shmobile/intc- > index ee44740..a6eae4f 100644 > --- a/arch/arm/mach-shmobile/intc-sh73a0.c > +++ b/arch/arm/mach-shmobile/intc-sh73a0.c > @@ -259,7 +259,7 @@ static int sh73a0_set_wake(struct irq_data *data, unsigned i > return 0; /* always allow wakeup */ > } > > -#define RELOC_BASE 0x1000 > +#define RELOC_BASE 0x1200 > > /* INTCA IRQ pins at INTCS + 0x1000 to make space for GIC+INTC handling */ > #define INTCS_VECT_RELOC(n, vect) INTCS_VECT((n), (vect) + RELOC_BASE) After applying this patch on kzm9g board, I got this error regarding eMMC. I think this is another problem. Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = c0004000 [00000008] *pgd000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM Modules linked in: CPU: 1 Not tainted (3.6.0-rc2+ #103) PC is at sh_mmcif_irqt+0x20/0xb30 LR is at irq_thread+0x94/0x16c pc : [] lr : [] psr: 60000113 sp : ce9f1f30 ip : ce9f1f80 fp : ce9f1f7c r10: 00000000 r9 : cea426f8 r8 : ce9f5f60 r7 : ce9f0000 r6 : ce9f0000 r5 : 00000000 r4 : cea426c0 r3 : c0264b5c r2 : 00000000 r1 : cea426c0 r0 : cea426f8 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 4fb7404a DAC: 00000015 Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0) Stack: (0xce9f1f30 to 0xce9f2000) 1f20: c03462d0 c0040bfc cea426c0 c0455380 1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000 1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68 1f80: ce9f5f40 ce9f1f84 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013 1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000 1fc0: ce9f5f40 00000000 00000000 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70 1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000 Backtrace: [] (sh_mmcif_irqt+0x0/0xb30) from [] (irq_thread+0x94/0x16c) [] (irq_thread+0x0/0x16c) from [] (kthread+0x94/0xa0) [] (kthread+0x0/0xa0) from [] (do_exit+0x0/0x700) r6:c0021910 r5:c003862c r4:ce84bd70 Code: e5915004 e2819038 e1a04001 e1a00009 (e595a008) ---[ end trace 2f02388ade397924 ]--- Unable to handle kernel paging request at virtual address fffffffc pgd = c0004000 [fffffffc] *pgdOffe821, *pte000000, *ppte000000 Internal error: Oops: 17 [#2] PREEMPT SMP ARM Modules linked in: init: plymouth main process (471) killed by SEGV signal init: plymouth-splash main process (3110) terminated with status 2 CPU: 1 Tainted: G D (3.6.0-rc2+ #103) PC is at kthread_data+0x10/0x18 LR is at irq_thread_dtor+0x58/0xcc init: Failed to create pty - disabling logging for job init: Temporary process spawn error: No such file or directory pc : [] lr : [] psr: 20000113 sp : ce9f1cf0 ip : ce9f1d00 fp : ce9f1cfc r10: c0264b7c r9 : 00000008 r8 : 00000000 r7 : ce9bac38 r6 : 00000000 r5 : ce9ba9c0 r4 : ce9ba9c0 r3 : 00000000 r2 : ce9f1d00 r1 : a0000113 r0 : ce9ba9c0 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5387d Table: 4fb7404a DAC: 00000015 Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0) Stack: (0xce9f1cf0 to 0xce9f2000) 1ce0: ce9f1d14 ce9f1d00 c0061500 c00388b0 1d00: ce9ba9c0 00000000 ce9f1d34 ce9f1d18 c0035a58 c00614b4 ce9ba9c0 0000000b 1d20: c0264b7e ce9f1db2 ce9f1d64 ce9f1d38 c0021b3c c0035a08 ce9f1ee8 00000001 1d40: c0264b7e 00670067 ce9f1d64 ce9f1d58 c001cd80 ce9f1db2 ce9f1de4 ce9f1d68 1d60: c0012484 c002191c ce9f02f0 0000000b c0004000 c03d8f35 60000113 00000000 1d80: 65a426f8 35313935 20343030 31383265 38333039 61316520 30303430 31652031 1da0: 30303061 28203930 35393565 38303061 c0002029 c0342444 c040ab1e 00000008 1dc0: 00000017 00000000 ce9f1ee8 00000017 cea426f8 00000028 ce9f1dfc ce9f1de8 1de0: c0342210 c00120f8 ce9f1ee8 00000000 ce9f1e3c ce9f1e00 c0015b00 c03421c0 1e00: c0046a2c c0046850 c06e2380 cea5bc80 00000005 00000017 c0461e68 00000008 1e20: ce9f1ee8 ce9f5f60 cea426f8 00000000 ce9f1ee4 ce9f1e40 c000918c c00158cc 1e40: cea5bc80 c06e2380 cea5bef8 c06e2380 ce9f1e74 ce9f1e60 c0041a48 c00417e8 1e60: cea5bc80 00000001 ce9f1ea4 ce9f1e78 c0044100 c0347008 00000000 cea45858 1e80: 00000001 cea4584c 00000001 00000003 00000000 00000000 ce9f1eb4 ce9f1ea8 1ea0: c0044128 c0043ea0 ce9f1ee4 ce9f1eb8 c004058c c0044120 00000000 cea45850 1ec0: a0000113 cea4584c c0264b7c 60000113 ffffffff ce9f1f1c ce9f1f7c ce9f1ee8 1ee0: c000e698 c000915c cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000 1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30 1f20: c0061608 c0264b7c 60000113 ffffffff c03462d0 c0040bfc cea426c0 c0455380 1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000 1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68 1f80: ce9f5f40 00000000 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013 1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000 1fc0: ce9f5f40 00000001 00010001 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70 1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000 Backtrace: [] (kthread_data+0x0/0x18) from [] (irq_thread_dtor+0x58/0xcc) [] (irq_thread_dtor+0x0/0xcc) from [] (task_work_run+0x5c/0x6c) r5:00000000 r4:ce9ba9c0 [] (task_work_run+0x0/0x6c) from [] (do_exit+0x22c/0x700) r7:ce9f1db2 r6:c0264b7e r5:0000000b r4:ce9ba9c0 [] (do_exit+0x0/0x700) from [] (die+0x398/0x3e4) r7:ce9f1db2 [] (die+0x0/0x3e4) from [] (__do_kernel_fault.part.9+0x5c/0x7c) [] (__do_kernel_fault.part.9+0x0/0x7c) from [] (do_page_fault+0x240/0x258) r7:00000000 r3:ce9f1ee8 [] (do_page_fault+0x0/0x258) from [] (do_DataAbort+0x3c/0xa0) [] (do_DataAbort+0x0/0xa0) from [] (__dabt_svc+0x38/0x60) Exception stack(0xce9f1ee8 to 0xce9f1f30) 1ee0: cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000 1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30 1f20: c0061608 c0264b7c 60000113 ffffffff r7:ce9f1f1c r6:ffffffff r5:60000113 r4:c0264b7c [] (sh_mmcif_irqt+0x0/0xb30) from [] (irq_thread+0x94/0x16c) [] (irq_thread+0x0/0x16c) from [] (kthread+0x94/0xa0) [] (kthread+0x0/0xa0) from [] (do_exit+0x0/0x700) r6:c0021910 r5:c003862c r4:ce84bd70 Code: e1a0c00d e92dd800 e24cb004 e590316c (e5130004) ---[ end trace 2f02388ade397925 ]--- Fixing recursive fault but reboot is needed! mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, aborting end_request: I/O error, dev mmcblk2, sector 320 Buffer I/O error on device mmcblk2, logical block 40 mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, aborting ... My quick fix is below. diff --git a/drivers/mmc/host/sh_mmcif.c b/drivers/mmc/host/sh_mmcif.c index 5d81427..e587fbc 100644 --- a/drivers/mmc/host/sh_mmcif.c +++ b/drivers/mmc/host/sh_mmcif.c @@ -1104,7 +1104,15 @@ static irqreturn_t sh_mmcif_irqt(int irq, void *dev_id) { struct sh_mmcif_host *host = dev_id; struct mmc_request *mrq = host->mrq; - struct mmc_data *data = mrq->data; + /*struct mmc_data *data = mrq->data; -- this cause null pointer access*/ + struct mmc_data *data; + + /* quick fix by koba */ + if (mrq = NULL) { + printk("sh_mmcif_irqt: mrq = NULL: host->wait_for=%d\n", host->wait_for); + } else { + data = mrq->data; + } cancel_delayed_work_sync(&host->timeout_work); With this patch, there is no null pointer accesses and got this log. sh_mmcif_irqt: mrq = NULL: host->wait_for=0 sh_mmcif_irqt: mrq = NULL: host->wait_for=0 ... host->wait_for is 0. it is MMCIF_WAIT_FOR_REQUEST. There is code such like: host->wait_for = MMCIF_WAIT_FOR_REQUEST; host->mrq = NULL; So, at the top of sh_mmcif_irqt, if host->wait_for = MMCIF_WAIT_FOR_REQUEST, host->mrq = NULL. It is too earlier to access mrq->data before checking host->mrq. it may cause null pointer access. Goda-san, could you check this and refine the code of sh_mmcif_irqt?