search

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
https://docs.zephyrproject.org
Apache License 2.0
10.61k stars 6.5k forks source link

arm64: Crash when mapping read-only area #64758

Closed gramsay0 closed 11 months ago

gramsay0 commented 11 months ago

The following example crashes on the phycore_am62x_a53 board, although it seems to work on qemu_cortex_a53 board...

Example:

// Map RW section is ok
static uint8_t rw_section[CONFIG_MMU_PAGE_SIZE] __aligned(CONFIG_MMU_PAGE_SIZE);
uintptr_t rw_virt = 0;
printk("Mapping RW section %p %zu\n", rw_section, sizeof(rw_section));
z_phys_map((uint8_t **)&rw_virt,
           (uintptr_t)rw_section, sizeof(rw_section),
           K_MEM_CACHE_WB | K_MEM_PERM_RW);
printk("Mapped RW section to %p\n", (void *)rw_virt);

// Map RO section crashes
static uint8_t ro_section[CONFIG_MMU_PAGE_SIZE] __aligned(CONFIG_MMU_PAGE_SIZE);
uintptr_t ro_virt = 0;
printk("Mapping RO section %p %zu\n", ro_section, sizeof(ro_section));
z_phys_map((uint8_t **)&ro_virt,
           (uintptr_t)ro_section, sizeof(ro_section),
           K_MEM_CACHE_WB);
printk("Mapped RO section to %p\n", (void *)ro_virt);

Output:

Mapping RW section 0x8201b000 4096
Mapped RW section to 0x827fd000
Mapping RO section 0x8201a000 4096
[00:00:00.014,000] <err> os: ELR_ELn: 0x000000008200b7d4
[00:00:00.020,000] <err> os: ESR_ELn: 0x000000009600014f
[00:00:00.026,000] <err> os:   EC:  0x25 (Data Abort taken without a change in Exception level)
[00:00:00.036,000] <err> os:   IL:  0x1
[00:00:00.040,000] <err> os:   ISS: 0x14f
[00:00:00.045,000] <err> os: FAR_ELn: 0x00000000827fc000
[00:00:00.051,000] <err> os: TPIDRRO: 0x0100000082025398
[00:00:00.057,000] <err> os: x0:  0x00000000827fc000  x1:  0x00000000827fd000
[00:00:00.065,000] <err> os: x2:  0x0000000000000040  x3:  0x000000000000003f
[00:00:00.072,000] <err> os: x4:  0x00000000827fc000  x5:  0x0000000000000174
[00:00:00.080,000] <err> os: x6:  0x0000000000000004  x7:  0x0000000000000000
[00:00:00.088,000] <err> os: x8:  0xaaaaaaaaaaaaaaaa  x9:  0xaaaaaaaaaaaaaaaa
[00:00:00.096,000] <err> os: x10: 0xaaaaaaaaaaaaaaaa  x11: 0x0000000000000000
[00:00:00.104,000] <err> os: x12: 0xaaaaaaaaaaaaaaaa  x13: 0xaaaaaaaaaaaaaaaa
[00:00:00.111,000] <err> os: x14: 0xaaaaaaaaaaaaaaaa  x15: 0xaaaaaaaaaaaaaaaa
[00:00:00.119,000] <err> os: x16: 0xaaaaaaaaaaaaaaaa  x17: 0xaaaaaaaaaaaaaaaa
[00:00:00.127,000] <err> os: x18: 0xaaaaaaaaaaaaaaaa  lr:  0x000000008200c018
[00:00:00.135,000] <err> os: >>> ZEPHYR FATAL ERROR 0: CPU exception on CPU 0
[00:00:00.143,000] <err> os: Current thread: 0x82024700 (main)
[00:00:00.149,000] <err> os: Halting system

This appears to have started happening after this commit https://github.com/zephyrproject-rtos/zephyr/commit/c9b534c4ebca8c3d02bc7d783c79771f1409d096.

Crashes here: z_phys_map -> arch_mem_map -> inv_dcache_after_map_helper -> arm64_dcache_range -> dc_ops("ivac", start_addr);.

Maybe caused by this:

DC IVAC, requires write permission or else a permission fault is generated

https://developer.arm.com/documentation/den0024/a/Caches/Cache-maintenance

Tested on current v3.5-branch 94ab004c847d62248f8a5eaff07d9167197b7cb4

carlocaione commented 11 months ago

@xakep-amatop can you take care of this?

xakep-amatop commented 11 months ago

@xakep-amatop can you take care of this?

yep, I'll fix it