From patchwork Mon Aug 20 06:32:31 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuyuki Kobayashi X-Patchwork-Id: 1346741 Return-Path: X-Original-To: patchwork-linux-sh@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id 62D74DFF0F for ; Mon, 20 Aug 2012 06:32:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754510Ab2HTGcj (ORCPT ); Mon, 20 Aug 2012 02:32:39 -0400 Received: from vrgw5.firstserver.ne.jp ([164.46.1.48]:47335 "EHLO vrgw5.firstserver.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754004Ab2HTGci (ORCPT ); Mon, 20 Aug 2012 02:32:38 -0400 Received: from fvrsp25.firstserver.ne.jp (fvrsp25.firstserver.ne.jp [203.183.16.3]) by vrgw5.firstserver.ne.jp (8.13.8/8.13.8/FirstServer) with ESMTP id q7K6WVje020111; Mon, 20 Aug 2012 15:32:31 +0900 (envelope-from koba@kmckk.co.jp) Received: from 203.137.25.97 (203.137.25.97) by fvrsp25.firstserver.ne.jp (F-Secure/virusgw_smtp/407/fvrsp25.firstserver.ne.jp); Mon, 20 Aug 2012 15:32:31 +0900 (JST) X-Virus-Status: clean(F-Secure/virusgw_smtp/407/fvrsp25.firstserver.ne.jp) Received: from [192.168.1.27] (58-188-103-12f2.kns1.eonet.ne.jp [58.188.103.12]) (authenticated (0 bits)) by mail.kmckk.co.jp (8.14.3/8.11.3) with ESMTP id q7K6WV2t028510; Mon, 20 Aug 2012 15:32:31 +0900 Message-ID: <5031D9FF.8060801@kmckk.co.jp> Date: Mon, 20 Aug 2012 15:32:31 +0900 From: Tetsuyuki Kobayashi User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: yusuke.goda.sx@renesas.com CC: Kuninori Morimoto , Paul Mundt , Magnus , linux-sh@vger.kernel.org, Kuninori Morimoto , koba@kmckk.co.jp Subject: Re: kzm9g boot fail (was Re: irqdomain breaks ap4 boot) References: <878vdxd3mq.wl%kuninori.morimoto.gx@renesas.com> <20120803050039.GA1614@linux-sh.org> <20120809042844.GF1614@linux-sh.org> <87hasc3bv5.wl%kuninori.morimoto.gx@renesas.com> <874nobqntv.wl%kuninori.morimoto.gx@renesas.com> <20120810123804.GK1614@linux-sh.org> <502DDC97.5080501@kmckk.co.jp> <87wr0us6tg.wl%kuninori.morimoto.gx@renesas.com> <20120820031352.GC25767@linux-sh.org> <87obm6ry98.wl%kuninori.morimoto.gx@renesas.com> <20120820043853.GD25767@linux-sh.org> <87mx1qrx1x.wl%kuninori.morimoto.gx@renesas.com> In-Reply-To: <87mx1qrx1x.wl%kuninori.morimoto.gx@renesas.com> Sender: linux-sh-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-sh@vger.kernel.org Hello, goda-san. (2012/08/20 13:45), Kuninori Morimoto wrote: > I'm not sure why, but this patch solved problem ? > > ------------------------------------------- > diff --git a/arch/arm/mach-shmobile/intc-sh73a0.c b/arch/arm/mach-shmobile/intc- > index ee44740..a6eae4f 100644 > --- a/arch/arm/mach-shmobile/intc-sh73a0.c > +++ b/arch/arm/mach-shmobile/intc-sh73a0.c > @@ -259,7 +259,7 @@ static int sh73a0_set_wake(struct irq_data *data, unsigned i > return 0; /* always allow wakeup */ > } > > -#define RELOC_BASE 0x1000 > +#define RELOC_BASE 0x1200 > > /* INTCA IRQ pins at INTCS + 0x1000 to make space for GIC+INTC handling */ > #define INTCS_VECT_RELOC(n, vect) INTCS_VECT((n), (vect) + RELOC_BASE) After applying this patch on kzm9g board, I got this error regarding eMMC. I think this is another problem. Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = c0004000 [00000008] *pgd=00000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM Modules linked in: CPU: 1 Not tainted (3.6.0-rc2+ #103) PC is at sh_mmcif_irqt+0x20/0xb30 LR is at irq_thread+0x94/0x16c pc : [] lr : [] psr: 60000113 sp : ce9f1f30 ip : ce9f1f80 fp : ce9f1f7c r10: 00000000 r9 : cea426f8 r8 : ce9f5f60 r7 : ce9f0000 r6 : ce9f0000 r5 : 00000000 r4 : cea426c0 r3 : c0264b5c r2 : 00000000 r1 : cea426c0 r0 : cea426f8 Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel Control: 10c5387d Table: 4fb7404a DAC: 00000015 Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0) Stack: (0xce9f1f30 to 0xce9f2000) 1f20: c03462d0 c0040bfc cea426c0 c0455380 1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000 1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68 1f80: ce9f5f40 ce9f1f84 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013 1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000 1fc0: ce9f5f40 00000000 00000000 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70 1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000 Backtrace: [] (sh_mmcif_irqt+0x0/0xb30) from [] (irq_thread+0x94/0x16c) [] (irq_thread+0x0/0x16c) from [] (kthread+0x94/0xa0) [] (kthread+0x0/0xa0) from [] (do_exit+0x0/0x700) r6:c0021910 r5:c003862c r4:ce84bd70 Code: e5915004 e2819038 e1a04001 e1a00009 (e595a008) ---[ end trace 2f02388ade397924 ]--- Unable to handle kernel paging request at virtual address fffffffc pgd = c0004000 [fffffffc] *pgd=4fffe821, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#2] PREEMPT SMP ARM Modules linked in: init: plymouth main process (471) killed by SEGV signal init: plymouth-splash main process (3110) terminated with status 2 CPU: 1 Tainted: G D (3.6.0-rc2+ #103) PC is at kthread_data+0x10/0x18 LR is at irq_thread_dtor+0x58/0xcc init: Failed to create pty - disabling logging for job init: Temporary process spawn error: No such file or directory pc : [] lr : [] psr: 20000113 sp : ce9f1cf0 ip : ce9f1d00 fp : ce9f1cfc r10: c0264b7c r9 : 00000008 r8 : 00000000 r7 : ce9bac38 r6 : 00000000 r5 : ce9ba9c0 r4 : ce9ba9c0 r3 : 00000000 r2 : ce9f1d00 r1 : a0000113 r0 : ce9ba9c0 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5387d Table: 4fb7404a DAC: 00000015 Process irq/173-sh_mmc: (pid: 397, stack limit = 0xce9f02f0) Stack: (0xce9f1cf0 to 0xce9f2000) 1ce0: ce9f1d14 ce9f1d00 c0061500 c00388b0 1d00: ce9ba9c0 00000000 ce9f1d34 ce9f1d18 c0035a58 c00614b4 ce9ba9c0 0000000b 1d20: c0264b7e ce9f1db2 ce9f1d64 ce9f1d38 c0021b3c c0035a08 ce9f1ee8 00000001 1d40: c0264b7e 00670067 ce9f1d64 ce9f1d58 c001cd80 ce9f1db2 ce9f1de4 ce9f1d68 1d60: c0012484 c002191c ce9f02f0 0000000b c0004000 c03d8f35 60000113 00000000 1d80: 65a426f8 35313935 20343030 31383265 38333039 61316520 30303430 31652031 1da0: 30303061 28203930 35393565 38303061 c0002029 c0342444 c040ab1e 00000008 1dc0: 00000017 00000000 ce9f1ee8 00000017 cea426f8 00000028 ce9f1dfc ce9f1de8 1de0: c0342210 c00120f8 ce9f1ee8 00000000 ce9f1e3c ce9f1e00 c0015b00 c03421c0 1e00: c0046a2c c0046850 c06e2380 cea5bc80 00000005 00000017 c0461e68 00000008 1e20: ce9f1ee8 ce9f5f60 cea426f8 00000000 ce9f1ee4 ce9f1e40 c000918c c00158cc 1e40: cea5bc80 c06e2380 cea5bef8 c06e2380 ce9f1e74 ce9f1e60 c0041a48 c00417e8 1e60: cea5bc80 00000001 ce9f1ea4 ce9f1e78 c0044100 c0347008 00000000 cea45858 1e80: 00000001 cea4584c 00000001 00000003 00000000 00000000 ce9f1eb4 ce9f1ea8 1ea0: c0044128 c0043ea0 ce9f1ee4 ce9f1eb8 c004058c c0044120 00000000 cea45850 1ec0: a0000113 cea4584c c0264b7c 60000113 ffffffff ce9f1f1c ce9f1f7c ce9f1ee8 1ee0: c000e698 c000915c cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000 1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30 1f20: c0061608 c0264b7c 60000113 ffffffff c03462d0 c0040bfc cea426c0 c0455380 1f40: c0461db8 ce9f5f40 ce80ea40 ce9f0000 ce9f0000 ce9f5f40 ce80ea40 ce9f0000 1f60: ce9f0000 ce9f5f60 00000000 00000000 ce9f1fb4 ce9f1f80 c0061608 c0264b68 1f80: ce9f5f40 00000000 c00614a8 00000000 ce84bd70 ce9f5f40 c0061574 00000013 1fa0: 00000000 00000000 ce9f1ff4 ce9f1fb8 c00386c0 c0061580 00000000 00000000 1fc0: ce9f5f40 00000001 00010001 00000000 ce9f1fd0 ce9f1fd0 00000000 ce84bd70 1fe0: c003862c c0021910 00000000 ce9f1ff8 c0021910 c0038638 00000000 00000000 Backtrace: [] (kthread_data+0x0/0x18) from [] (irq_thread_dtor+0x58/0xcc) [] (irq_thread_dtor+0x0/0xcc) from [] (task_work_run+0x5c/0x6c) r5:00000000 r4:ce9ba9c0 [] (task_work_run+0x0/0x6c) from [] (do_exit+0x22c/0x700) r7:ce9f1db2 r6:c0264b7e r5:0000000b r4:ce9ba9c0 [] (do_exit+0x0/0x700) from [] (die+0x398/0x3e4) r7:ce9f1db2 [] (die+0x0/0x3e4) from [] (__do_kernel_fault.part.9+0x5c/0x7c) [] (__do_kernel_fault.part.9+0x0/0x7c) from [] (do_page_fault+0x240/0x258) r7:00000000 r3:ce9f1ee8 [] (do_page_fault+0x0/0x258) from [] (do_DataAbort+0x3c/0xa0) [] (do_DataAbort+0x0/0xa0) from [] (__dabt_svc+0x38/0x60) Exception stack(0xce9f1ee8 to 0xce9f1f30) 1ee0: cea426f8 cea426c0 00000000 c0264b5c cea426c0 00000000 1f00: ce9f0000 ce9f0000 ce9f5f60 cea426f8 00000000 ce9f1f7c ce9f1f80 ce9f1f30 1f20: c0061608 c0264b7c 60000113 ffffffff r7:ce9f1f1c r6:ffffffff r5:60000113 r4:c0264b7c [] (sh_mmcif_irqt+0x0/0xb30) from [] (irq_thread+0x94/0x16c) [] (irq_thread+0x0/0x16c) from [] (kthread+0x94/0xa0) [] (kthread+0x0/0xa0) from [] (do_exit+0x0/0x700) r6:c0021910 r5:c003862c r4:ce84bd70 Code: e1a0c00d e92dd800 e24cb004 e590316c (e5130004) ---[ end trace 2f02388ade397925 ]--- Fixing recursive fault but reboot is needed! mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, aborting end_request: I/O error, dev mmcblk2, sector 320 Buffer I/O error on device mmcblk2, logical block 40 mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, retrying mmcblk2: error -5 sending status command, aborting ... My quick fix is below. With this patch, there is no null pointer accesses and got this log. sh_mmcif_irqt: mrq == NULL: host->wait_for=0 sh_mmcif_irqt: mrq == NULL: host->wait_for=0 ... host->wait_for is 0. it is MMCIF_WAIT_FOR_REQUEST. There is code such like: host->wait_for = MMCIF_WAIT_FOR_REQUEST; host->mrq = NULL; So, at the top of sh_mmcif_irqt, if host->wait_for == MMCIF_WAIT_FOR_REQUEST, host->mrq = NULL. It is too earlier to access mrq->data before checking host->mrq. it may cause null pointer access. Goda-san, could you check this and refine the code of sh_mmcif_irqt? --- To unsubscribe from this list: send the line "unsubscribe linux-sh" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/mmc/host/sh_mmcif.c b/drivers/mmc/host/sh_mmcif.c index 5d81427..e587fbc 100644 --- a/drivers/mmc/host/sh_mmcif.c +++ b/drivers/mmc/host/sh_mmcif.c @@ -1104,7 +1104,15 @@ static irqreturn_t sh_mmcif_irqt(int irq, void *dev_id) { struct sh_mmcif_host *host = dev_id; struct mmc_request *mrq = host->mrq; - struct mmc_data *data = mrq->data; + /*struct mmc_data *data = mrq->data; -- this cause null pointer access*/ + struct mmc_data *data; + + /* quick fix by koba */ + if (mrq == NULL) { + printk("sh_mmcif_irqt: mrq == NULL: host->wait_for=%d\n", host->wait_for); + } else { + data = mrq->data; + } cancel_delayed_work_sync(&host->timeout_work);