search

pietrushnic / rpi-dt-linux

This repository aims to handle all patches required for Raspberry Pi support in upstream Linux kernel.
Other
2 stars 0 forks source link

bcm2835-mmc - NULL pointer dereference when DMA enabled #4

Closed pietrushnic closed 9 years ago

pietrushnic commented 9 years ago

When I enable:

CONFIG_DMA_ENGINE=y
CONFIG_DMADEVICES=y
CONFIG_DMA_BCM2835=y
CONFIG_MMC_BCM2835=y
CONFIG_MMC_BCM2835_DMA=y

I get null pointer dereference from bcm2835_mmc_request:

WARN_ON(host->mrq != NULL);

Full log:

[    2.583952] Load BCM2835 MMC driver
[    2.588286] usbcore: registered new interface driver usbhid
[    2.593864] usbhid: USB HID core driver
[    2.597939] oprofile: using arm/armv6
[    2.607782] TCP: cubic registered
[    2.619371] NET: Registered protocol family 10
[    2.629334] sit: IPv6 over IPv4 tunneling driver
[    2.635169] NET: Registered protocol family 17
ý[    2.642424] Waiting for root device /dev/mmcblk0p2...
[    2.655556] mmc0: host does not support reading read-only switch. assuming write-enable.
[    2.666129] mmc0: new high speed SDHC card at address 0002
[    2.672229] mmcblk0: mmc0:0002 00000 7.32 GiB
[    2.677648] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[    2.685806] pgd = c0004000
[    2.688515] [00000000] *pgd=00000000
[    2.692108] Internal error: Oops: 80000005 [#1] ARM
[    2.696991] CPU: 0 PID: 38 Comm: mmcqd/0 Not tainted 3.16.6+ #40
[    2.702995] task: db66c440 ti: db674000 task.ti: db674000
[    2.708388] PC is at 0x0
[    2.710936] LR is at bcm2835_mmc_request+0x184/0x258
[    2.715901] pc : [<00000000>]    lr : [<c031813c>]    psr: 20000113
[    2.715901] sp : db675dc0  ip : 00000000  fp : db675dfc
[    2.727365] r10: db409d10  r9 : 00000002  r8 : db66a800
[    2.732584] r7 : db61b200  r6 : c0017e0c  r5 : db5abf10  r4 : db61b000
[    2.739104] r3 : 00000002  r2 : 00000001  r1 : db66a800  r0 : db5abf10
[    2.745622] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[    2.752922] Control: 00c5387d  Table: 00004008  DAC: 00000015
[    2.758660] Process mmcqd/0 (pid: 38, stack limit = 0xdb6741b8)
[    2.764572] Stack: (0xdb675dc0 to 0xdb676000)
[    2.768934] 5dc0: 00000003 00000000 00000001 00000000 db664c00 db66502c db61b000 db6650ec
[    2.777109] 5de0: c06f5460 00000000 00000001 00000001 db675e34 db675e00 c0300298 c0317fc4
[    2.785285] 5e00: db665028 db664c00 db675e34 db675e18 c0311a24 db61b000 00000000 db66512c
[    2.793463] 5e20: db675ebc 00000000 db675e7c db675e38 c03012e4 c030009c db485570 c003ec48
[    2.801640] 5e40: ffffffff 00000000 db675e7c db66502c c003ec48 db665028 db665004 db664c00
[    2.809816] 5e60: db64d340 db64d340 db61b000 db665000 db675eec db675e80 c030f6e4 c0301084
[    2.817992] 5e80: db675edc db675e90 c03009cc c004c4c0 c04934c8 c004393c 00000000 00000000
[    2.826166] 5ea0: db66502c 00000000 00000000 00200200 db665000 00000000 db664c00 db665004
[    2.834343] 5ec0: db665000 db64d340 db664c00 db665004 db665000 db672000 db61b000 db665000
[    2.842519] 5ee0: db675f34 db675ef0 c0310098 c030f328 00000000 db64d340 db675f1c db675f08
[    2.850696] 5f00: c0212f2c 120d0000 00000000 db665004 db66500c db674038 db674000 db672000
[    2.858873] 5f20: 00000001 120d0000 db675f64 db675f38 c0310fe0 c030fcec db66c440 db63e9a0
[    2.867049] 5f40: 00000000 db665004 c0310f38 00000000 00000000 00000000 db675fac db675f68
[    2.875223] 5f60: c003aca8 c0310f44 00000000 00000000 00000000 db665004 00000000 db675f7c
[    2.883400] 5f80: db675f7c 00000000 db675f88 db675f88 db63e9a0 c003abb8 00000000 00000000
[    2.891574] 5fa0: 00000000 db675fb0 c000e5f8 c003abc4 00000000 00000000 00000000 00000000
[    2.899747] 5fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[    2.907920] 5fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[    2.916141] [<c031813c>] (bcm2835_mmc_request) from [<c0300298>] (mmc_start_request+0x208/0x238)
[    2.924942] [<c0300298>] (mmc_start_request) from [<c03012e4>] (mmc_start_req+0x26c/0x2fc)
[    2.933217] [<c03012e4>] (mmc_start_req) from [<c030f6e4>] (mmc_blk_issue_rw_rq+0x3c8/0x9c4)
[    2.941660] [<c030f6e4>] (mmc_blk_issue_rw_rq) from [<c0310098>] (mmc_blk_issue_rq+0x3b8/0x44c)
[    2.950362] [<c0310098>] (mmc_blk_issue_rq) from [<c0310fe0>] (mmc_queue_thread+0xa8/0x130)
[    2.958722] [<c0310fe0>] (mmc_queue_thread) from [<c003aca8>] (kthread+0xf0/0x104)
[    2.966311] [<c003aca8>] (kthread) from [<c000e5f8>] (ret_from_fork+0x14/0x20)
[    2.973531] Code: bad PC value
[    2.976682] ---[ end trace e228139cd80b7cc3 ]---
[    3.164019] usb 1-1: new high-speed USB device number 2 using dwc2
[    3.375268] hub 1-1:1.0: USB hub found
[    3.379148] hub 1-1:1.0: 5 ports detected
[    3.664110] usb 1-1.1: new high-speed USB device number 3 using dwc2
[    3.787855] smsc95xx v1.0.4
[    3.860487] smsc95xx 1-1.1:1.0 eth0: register 'smsc95xx' at usb-20980000.usb-1.1, smsc95xx USB 2.0 Ethernet, ee:98:6a:61:e9:0e
[    4.568178] random: nonblocking pool is initialized
[   12.693913] mmc0: Timeout waiting for hardware interrupt.
XECDesign commented 9 years ago

Are you sure it's on WARN_ON(host->mrq != NULL)? As far as I can tell, the only way that would happen is if host == NULL, then you'd think you'd fail on host->mmc = mmc in bcm2835_mmc_probe. Maybe some printk's and a BUG_ON(!host) could help double check that.

pietrushnic commented 9 years ago

I narrowed down the issue to lack of device_prep_slave_sg method in bcm2835-dma driver. I will try to port slave_sg support from here

pietrushnic commented 9 years ago

Because of sdhci-bcm2835 driver improvements I close this sighting. DMA support will be provided soon with sdhci-bcm2835 driver update.