diff mbox

kzm9g boot fail (was Re: irqdomain breaks ap4 boot)

Message ID 5031D9FF.8060801@kmckk.co.jp (mailing list archive)
State Superseded
Headers show

Commit Message

Tetsuyuki Kobayashi Aug. 20, 2012, 6:32 a.m. UTC 
Hello, goda-san.

(2012/08/20 13:45), Kuninori Morimoto wrote:

> I'm not sure why, but this patch solved problem ?
> 
> -------------------------------------------
> diff --git a/arch/arm/mach-shmobile/intc-sh73a0.c b/arch/arm/mach-shmobile/intc-
> index ee44740..a6eae4f 100644
> --- a/arch/arm/mach-shmobile/intc-sh73a0.c
> +++ b/arch/arm/mach-shmobile/intc-sh73a0.c
> @@ -259,7 +259,7 @@ static int sh73a0_set_wake(struct irq_data *data, unsigned i
>          return 0; /* always allow wakeup */
>   }
>   
> -#define RELOC_BASE 0x1000
> +#define RELOC_BASE 0x1200
>   
>   /* INTCA IRQ pins at INTCS + 0x1000 to make space for GIC+INTC handling */
>   #define INTCS_VECT_RELOC(n, vect) INTCS_VECT((n), (vect) + RELOC_BASE)

After applying this patch on kzm9g board, I got this error regarding eMMC.
I think this is another problem.


Unable to handle kernel NULL pointer dereference at virtual address 00000008
pgd = c0004000
[00000008] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1    Not tainted  (3.6.0-rc2+ #103)
PC is at sh_mmcif_irqt+0x20/0xb30
LR is at irq_thread+0x94/0x16c
pc : [<c0264b7c>]    lr : [<c0061608>]    psr: 60000113
sp : ce9f1f30  ip : ce9f1f80  fp : ce9f1f7c
r10: 00000000  r9 : cea426f8  r8 : ce9f5f60
r7 : ce9f0000  r6 : ce9f0000  r5 : 00000000  r4 : cea426c0
r3 : c0264b5c  r2 : 00000000  r1 : cea426c0  r0 : cea426f8
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c5387d  Table: 4fb7404a  DAC: 00000015
Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0)
Stack: (0xce9f1f30 to 0xce9f2000)
1f20:                                     c03462d0 c0040bfc cea426c0 c0455380
1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000
1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68
1f80: ce9f5f40 ce9f1f84 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013
1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000
1fc0: ce9f5f40 00000000 00000000 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70
1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000
Backtrace:
[<c0264b5c>] (sh_mmcif_irqt+0x0/0xb30) from [<c0061608>] (irq_thread+0x94/0x16c)
[<c0061574>] (irq_thread+0x0/0x16c) from [<c00386c0>] (kthread+0x94/0xa0)
[<c003862c>] (kthread+0x0/0xa0) from [<c0021910>] (do_exit+0x0/0x700)
 r6:c0021910 r5:c003862c r4:ce84bd70
Code: e5915004 e2819038 e1a04001 e1a00009 (e595a008)
---[ end trace 2f02388ade397924 ]---
Unable to handle kernel paging request at virtual address fffffffc
pgd = c0004000
[fffffffc] *pgd=4fffe821, *pte=00000000, *ppte=00000000
Internal error: Oops: 17 [#2] PREEMPT SMP ARM
Modules linked in:
init: plymouth main process (471) killed by SEGV signal
init: plymouth-splash main process (3110) terminated with status 2
CPU: 1    Tainted: G      D       (3.6.0-rc2+ #103)
PC is at kthread_data+0x10/0x18
LR is at irq_thread_dtor+0x58/0xcc
init: Failed to create pty - disabling logging for job
init: Temporary process spawn error: No such file or directory
pc : [<c00388b4>]    lr : [<c0061500>]    psr: 20000113
sp : ce9f1cf0  ip : ce9f1d00  fp : ce9f1cfc
r10: c0264b7c  r9 : 00000008  r8 : 00000000
r7 : ce9bac38  r6 : 00000000  r5 : ce9ba9c0  r4 : ce9ba9c0
r3 : 00000000  r2 : ce9f1d00  r1 : a0000113  r0 : ce9ba9c0
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 4fb7404a  DAC: 00000015
Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0)
Stack: (0xce9f1cf0 to 0xce9f2000)
1ce0:                                     ce9f1d14 ce9f1d00 c0061500 c00388b0
1d00: ce9ba9c0 00000000 ce9f1d34 ce9f1d18 c0035a58 c00614b4 ce9ba9c0 0000000b
1d20: c0264b7e ce9f1db2 ce9f1d64 ce9f1d38 c0021b3c c0035a08 ce9f1ee8 00000001
1d40: c0264b7e 00670067 ce9f1d64 ce9f1d58 c001cd80 ce9f1db2 ce9f1de4 ce9f1d68
1d60: c0012484 c002191c ce9f02f0 0000000b c0004000 c03d8f35 60000113 00000000
1d80: 65a426f8 35313935 20343030 31383265 38333039 61316520 30303430 31652031
1da0: 30303061 28203930 35393565 38303061 c0002029 c0342444 c040ab1e 00000008
1dc0: 00000017 00000000 ce9f1ee8 00000017 cea426f8 00000028 ce9f1dfc ce9f1de8
1de0: c0342210 c00120f8 ce9f1ee8 00000000 ce9f1e3c ce9f1e00 c0015b00 c03421c0
1e00: c0046a2c c0046850 c06e2380 cea5bc80 00000005 00000017 c0461e68 00000008
1e20: ce9f1ee8 ce9f5f60 cea426f8 00000000 ce9f1ee4 ce9f1e40 c000918c c00158cc
1e40: cea5bc80 c06e2380 cea5bef8 c06e2380 ce9f1e74 ce9f1e60 c0041a48 c00417e8
1e60: cea5bc80 00000001 ce9f1ea4 ce9f1e78 c0044100 c0347008 00000000 cea45858
1e80: 00000001 cea4584c 00000001 00000003 00000000 00000000 ce9f1eb4 ce9f1ea8
1ea0: c0044128 c0043ea0 ce9f1ee4 ce9f1eb8 c004058c c0044120 00000000 cea45850
1ec0: a0000113 cea4584c c0264b7c 60000113 ffffffff ce9f1f1c ce9f1f7c ce9f1ee8
1ee0: c000e698 c000915c cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000
1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30
1f20: c0061608 c0264b7c 60000113 ffffffff c03462d0 c0040bfc cea426c0 c0455380
1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000
1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68
1f80: ce9f5f40 00000000 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013
1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000
1fc0: ce9f5f40 00000001 00010001 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70
1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000
Backtrace:
[<c00388a4>] (kthread_data+0x0/0x18) from [<c0061500>] (irq_thread_dtor+0x58/0xcc)
[<c00614a8>] (irq_thread_dtor+0x0/0xcc) from [<c0035a58>] (task_work_run+0x5c/0x6c)
 r5:00000000 r4:ce9ba9c0
[<c00359fc>] (task_work_run+0x0/0x6c) from [<c0021b3c>] (do_exit+0x22c/0x700)
 r7:ce9f1db2 r6:c0264b7e r5:0000000b r4:ce9ba9c0
[<c0021910>] (do_exit+0x0/0x700) from [<c0012484>] (die+0x398/0x3e4)
 r7:ce9f1db2
[<c00120ec>] (die+0x0/0x3e4) from [<c0342210>] (__do_kernel_fault.part.9+0x5c/0x7c)
[<c03421b4>] (__do_kernel_fault.part.9+0x0/0x7c) from [<c0015b00>] (do_page_fault+0x240/0x258)
 r7:00000000 r3:ce9f1ee8
[<c00158c0>] (do_page_fault+0x0/0x258) from [<c000918c>] (do_DataAbort+0x3c/0xa0)
[<c0009150>] (do_DataAbort+0x0/0xa0) from [<c000e698>] (__dabt_svc+0x38/0x60)
Exception stack(0xce9f1ee8 to 0xce9f1f30)
1ee0:                   cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000
1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30
1f20: c0061608 c0264b7c 60000113 ffffffff
 r7:ce9f1f1c r6:ffffffff r5:60000113 r4:c0264b7c
[<c0264b5c>] (sh_mmcif_irqt+0x0/0xb30) from [<c0061608>] (irq_thread+0x94/0x16c)
[<c0061574>] (irq_thread+0x0/0x16c) from [<c00386c0>] (kthread+0x94/0xa0)
[<c003862c>] (kthread+0x0/0xa0) from [<c0021910>] (do_exit+0x0/0x700)
 r6:c0021910 r5:c003862c r4:ce84bd70
Code: e1a0c00d e92dd800 e24cb004 e590316c (e5130004)
---[ end trace 2f02388ade397925 ]---
Fixing recursive fault but reboot is needed!
mmcblk2: error -5 sending status command, retrying
mmcblk2: error -5 sending status command, retrying
mmcblk2: error -5 sending status command, aborting
end_request: I/O error, dev mmcblk2, sector 320
Buffer I/O error on device mmcblk2, logical block 40
mmcblk2: error -5 sending status command, retrying
mmcblk2: error -5 sending status command, retrying
mmcblk2: error -5 sending status command, aborting
  ...


My quick fix is below.


With this patch, there is no null pointer accesses and got this log.

sh_mmcif_irqt: mrq == NULL: host->wait_for=0
sh_mmcif_irqt: mrq == NULL: host->wait_for=0
  ...

host->wait_for is 0. it is MMCIF_WAIT_FOR_REQUEST.
There is code such like:

       host->wait_for = MMCIF_WAIT_FOR_REQUEST;
       host->mrq = NULL;

So, at the top of sh_mmcif_irqt, if host->wait_for == MMCIF_WAIT_FOR_REQUEST,
host->mrq = NULL. 
It is too earlier to access mrq->data before checking host->mrq. it may
cause null pointer access.

Goda-san, could you check this and refine the code of sh_mmcif_irqt?





--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Kuninori Morimoto Aug. 21, 2012, 2:31 a.m. UTC | #1 
Hi Kobayashi-san

> After applying this patch on kzm9g board, I got this error regarding eMMC.
> I think this is another problem.

Hmm...
How can I reproduce it ?
It doesn't happen on my board.

I'm using
 linus/master + paul/sh-latest + sh73a0-irq-fixup-patch

# My kzm9g board is not mass-production board though


-------- log -------------------------------------------------
(snip)
rtc-rs5c372 0-0032: setting system clock to 2001-01-17 20:57:59 UTC (979765079) 
asoc-simple-card asoc-simple-card.0:  ak4642-hifi <-> fsia-dai mapping ok       
smsc911x smsc911x.0: eth0: SMSC911x/921x identified at 0xdf9e8000, IRQ: 419     
Sending DHCP requests .mmc0: SD Status: Invalid Allocation Unit size.           
mmc0: new SD card at address ee97                                               
mmcblk0: mmc0:ee97 S128B 122 MiB                                                
 mmcblk0: p1 p2                                                                 
mmc1: new high speed SDHC card at address b368                                  
mmcblk1: mmc1:b368 SD16G 14.4 GiB                                               
 mmcblk1: p1                                                                    
[sched_delayed] sched: RT throttling activated                                  
mmc2: new high speed MMC card at address 0001                                   
mmcblk2: mmc2:0001 M4G1EM 3.72 GiB                                              
 mmcblk2: unknown partition table                                               
., OK                                                                           
IP-Config: Got DHCP answer from 192.168.10.77, my address is 192.168.10.118     
IP-Config: Complete:                                                            
     device=eth0, addr=192.168.10.118, mask=255.255.255.0, gw=192.168.10.77     
     host=192.168.10.118, domain=example.org, nis-domain=(none)                 


Best regards
---
Kuninori Morimoto
--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Tetsuyuki Kobayashi Aug. 21, 2012, 4:22 a.m. UTC | #2 
Hi Moromoto-san

In my case this problem occurs once per 2 or 3 times, not every time.
I'm using v3.5rc2 + sh7a30-irq-fixup-patch.

I tried 2 kzm9g boards. One of them is almost same as yours.


(2012/08/21 11:31), Kuninori Morimoto wrote:
>
> Hi Kobayashi-san
>
>> After applying this patch on kzm9g board, I got this error regarding eMMC.
>> I think this is another problem.
>
> Hmm...
> How can I reproduce it ?
> It doesn't happen on my board.
>
> I'm using
>   linus/master + paul/sh-latest + sh73a0-irq-fixup-patch
>
> # My kzm9g board is not mass-production board though
>
>
> -------- log -------------------------------------------------
> (snip)
> rtc-rs5c372 0-0032: setting system clock to 2001-01-17 20:57:59 UTC (979765079)
> asoc-simple-card asoc-simple-card.0:  ak4642-hifi <-> fsia-dai mapping ok
> smsc911x smsc911x.0: eth0: SMSC911x/921x identified at 0xdf9e8000, IRQ: 419
> Sending DHCP requests .mmc0: SD Status: Invalid Allocation Unit size.
> mmc0: new SD card at address ee97
> mmcblk0: mmc0:ee97 S128B 122 MiB
>   mmcblk0: p1 p2
> mmc1: new high speed SDHC card at address b368
> mmcblk1: mmc1:b368 SD16G 14.4 GiB
>   mmcblk1: p1
> [sched_delayed] sched: RT throttling activated
> mmc2: new high speed MMC card at address 0001
> mmcblk2: mmc2:0001 M4G1EM 3.72 GiB
>   mmcblk2: unknown partition table
> ., OK
> IP-Config: Got DHCP answer from 192.168.10.77, my address is 192.168.10.118
> IP-Config: Complete:
>       device=eth0, addr=192.168.10.118, mask=255.255.255.0, gw=192.168.10.77
>       host=192.168.10.118, domain=example.org, nis-domain=(none)
>
>
> Best regards
> ---
> Kuninori Morimoto
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sh" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

--
To unsubscribe from this list: send the line "unsubscribe linux-sh" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/drivers/mmc/host/sh_mmcif.c b/drivers/mmc/host/sh_mmcif.c
index 5d81427..e587fbc 100644
--- a/drivers/mmc/host/sh_mmcif.c
+++ b/drivers/mmc/host/sh_mmcif.c
@@ -1104,7 +1104,15 @@  static irqreturn_t sh_mmcif_irqt(int irq, void *dev_id)
 {
        struct sh_mmcif_host *host = dev_id;
        struct mmc_request *mrq = host->mrq;
-       struct mmc_data *data = mrq->data;
+       /*struct mmc_data *data = mrq->data; -- this cause null pointer access*/
+       struct mmc_data *data;
+
+       /* quick fix by koba */
+       if (mrq == NULL) {
+               printk("sh_mmcif_irqt: mrq == NULL: host->wait_for=%d\n", host->wait_for);
+       } else {
+               data = mrq->data;
+       }

        cancel_delayed_work_sync(&host->timeout_work);