ARM Linux 内核 panic 之cache 一致性 ——cci-400 cache一致互联
ARM Linux 内核 panic 之cache 一致性 ——cci-400 cache一致互联
CCI-400 集合了互联和一致性功能,有 2 个 ACE slave 接口和 3 个 ACE-Lite slave 接口,有 3 个 AXI master 接口。2 个 ACE slave 接口可以相互 snoop 对方,ACE-Lite slave 接口可以 snoop 这 2 个 ACE slave 接口。本文首先介绍cci-400相关结构,然后以内核的panic为引子,最后给出导致内核panic的真正原因。
1 cci-400
cci-400参考手册中的例子系统入下图所示。
ACE slave 接口的3和4接cortex-a7或者a-15处理器;
ACE-Lite slave 接口的2接GPU(Mali-T604),1接一致性的I/O设备,0接DMA或者LCD;
AXI master接口的1和1接内存控制器,0接其它的设备。
而本文中的平台,cci结构图如下所示。
挂接了4核的Cortex-A7、Mali T628的GPU、单核的Cortex-A7。
2 内核panic
承接上一篇博文,http://www.cnblogs.com/fozu/p/4552938.html
ARM Linux 大小核切换——cortex-A7 big.LITTLE 大小切换代码分析。
此处的大核就是4核中的CPU0,而小核就是那个单独的CPU。实际使用中,为了省电等,需要在这两个CPU之间来回切换。
目前的使用环境是这样的,5个Cortex-A7 CPU都处于ARM TrustZone的None-Secure模式(非安全的模式),这样让大核和小核互相切换。经过测试发现,小核一旦执行下电操作,就会导致内核的panic,且每次的panic位置都不一样,我截取了几处,下面详细分析。
2.1 sched_info_arrive
2.1.1 原始日志
[ 186.935821]{4} IRQ41 no longer affine to CPU4
[ 186.936523]{0} CPU4: shutdown
[ 186.956817]{0} BUG: recent printk recursion!
[ 186.956817]{0} Unable to handle kernel paging request at virtual address 600101a7
[ 186.969970]{0} pgd = d31d8000
[ 186.973297]{0} [600101a7] *pgd=00000000
[ 186.977600]{0} Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 186.983886]{0} Modules linked in:
[ 186.987609]{0} in dump_stack_print_info, line:2909 mpidr:0x80000100
[ 186.994659]{0} CPU: 0 PID: 2034 Comm: sh Not tainted 3.10.0 #88
[ 187.001312]{0} task: d5912880 ti: d3baa000 task.ti: d3baa000
[ 187.007690]{0} PC is at sched_info_arrive+0x14/0xc8
[ 187.013183]{0} LR is at __schedule+0x380/0x504
[ 187.018188]{0} pc : [<c0103b78>] lr : [<c05a6058>] psr: 200f0193
[ 187.018188]{0} sp : d3babdf8 ip : 00000590 fp : d3babe0c
[ 187.031677]{0} r10: d6c51b00 r9 : 0000002b r8 : 877ea4da
[ 187.037841]{0} r7 : d5912b58 r6 : d3baa000 r5 : c0d36a80 r4 : d5912880
[ 187.045501]{0} r3 : c0838a80 r2 : c08588d8 r1 : 60010193 r0 : d6c51b00
[ 187.053131]{0} Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 187.061553]{0} Control: 10c5387d Table: 195d806a DAC: 00000015
[ 187.068298]{0}
[ 187.068298]{0} PC: 0xc0103af8:
[ 187.073699]{0} 3af8 e59f505c e59f605c e1a00005 eb12862a e595401c e2855018 e2444004 ea00000a
[ 187.083190]{0} 3b18 e7962107 e5943000 e7930002 e3500000 0a000003 e5d4302c e3530000 1a000000
[ 187.092681]{0} 3b38 ebffe422 e5944008 e2444004 e2843004 e1530005 1afffff1 e59f0004 e8bd40f8
[ 187.102203]{0} 3b58 ea12857e c088044c c08588d8 e92d48f0 e28db014 e5901004 e59f20ac e59f30ac
[ 187.111694]{0} 3b78 e591c014 e792210c e3a0ce1f e0833002 e2833e49 e1c360d0 e18020dc e1924003
[ 187.121185]{0} 3b98 01a04002 01a05003 0a000003 e1a04006 e1a05007 e0544002 e0c55003 e3a02000
[ 187.130676]{0} 3bb8 e3a03000 e18020fc e3a0ce1e e18020dc e0922004 e0a33005 e18020fc e3a03f7a
[ 187.140167]{0} 3bd8 e59f2044 e18060f3 e59031d8 e2833001 e58031d8 e5911014 e59f3030 e7921101
[ 187.149688]{0}
[ 187.149688]{0} LR: 0xc05a5fd8:
[ 187.155059]{0} 5fd8 e1c380d0 e3a03f7a e18400d3 0a000006 e3a0ce59 e18e20dc e0922008 e0a33009
[ 187.164550]{0} 5ff8 e0522000 e0c33001 e18e20fc e5943000 e3530000 1a00000c e3a01e1f e18420d1
[ 187.174072]{0} 6018 e1920003 1a000008 e5942004 e59f3194 e5920014 e59f2190 e7922100 e0833002
[ 187.183563]{0} 6038 e2833e49 e1c320d0 e18420f1 e59e347c e15a0003 0a000001 e1a0000a ebed76c2
[ 187.193054]{0} 6058 e59a8214 e3a03001 e58a3018 e3580000 e5947218 1a000007 e58a7218 e2873030
[ 187.202575]{0} 6078 e1932f9f e2822001 e1831f92 e3310000 1afffffa ea000019 e5983158 e5969014
[ 187.212066]{0} 6098 e313001f 0a00000b e3590000 e289301f a1a03009 e1a032c3 e0883103 e5932158
[ 187.221557]{0} 60b8 e209301f e1a03332 e3130001 1a000001 ebe9c24d f57ff04f e1a00009 e2881f56
[ 187.231048]{0}
[ 187.231048]{0} SP: 0xd3babd78:
[ 187.236419]{0} bd78 c0d36ac8 877ea4da d59128b8 c010ce60 c0d36ac8 d59128b8 84652f3a 0000000c
[ 187.245941]{0} bd98 d59128b8 c0103b78 200f0193 ffffffff d3babde4 c000d4d8 d6c51b00 60010193
[ 187.255432]{0} bdb8 c08588d8 c0838a80 d5912880 c0d36a80 d3baa000 d5912b58 877ea4da 0000002b
[ 187.264923]{0} bdd8 d6c51b00 d3babe0c 00000590 d3babdf8 c05a6058 c0103b78 200f0193 ffffffff
[ 187.274414]{0} bdf8 d5912880 c0d36a80 d3baa000 d5912b58 d3babe3c c05a6058 c083fad0 c0838a80
[ 187.283905]{0} be18 0000004c d3baa000 200f0013 ffffffff d3babe84 c000d560 d3baa000 00000000
[ 187.293365]{0} be38 d3babe4c c05a6614 000003ff c02ba184 00000000 c000d578 0000b9ca ffffffff
[ 187.302825]{0} be58 0000475c c02ba158 00000001 00000014 f8899000 c088e470 0000001c 00000000
[ 187.312286]{0}
[ 187.312286]{0} FP: 0xd3babd8c:
[ 187.317657]{0} bd8c d59128b8 84652f3a 0000000c d59128b8 c0103b78 200f0193 ffffffff d3babde4
[ 187.327117]{0} bdac c000d4d8 d6c51b00 60010193 c08588d8 c0838a80 d5912880 c0d36a80 d3baa000
[ 187.336608]{0} bdcc d5912b58 877ea4da 0000002b d6c51b00 d3babe0c 00000590 d3babdf8 c05a6058
[ 187.346130]{0} bdec c0103b78 200f0193 ffffffff d5912880 c0d36a80 d3baa000 d5912b58 d3babe3c
[ 187.355621]{0} be0c c05a6058 c083fad0 c0838a80 0000004c d3baa000 200f0013 ffffffff d3babe84
[ 187.365112]{0} be2c c000d560 d3baa000 00000000 d3babe4c c05a6614 000003ff c02ba184 00000000
[ 187.374633]{0} be4c c000d578 0000b9ca ffffffff 0000475c c02ba158 00000001 00000014 f8899000
[ 187.384124]{0} be6c c088e470 0000001c 00000000 00000000 00000000 c0d34344 d3babe98 c001ab70
[ 187.393646]{0}
[ 187.393646]{0} R0: 0xd6c51a80:
[ 187.399047]{0} 1a80 d6c3e004 d6c50000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000
[ 187.408538]{0} 1aa0 60010193 00000000 00000000 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff
[ 187.418029]{0} 1ac0 00000000 00000000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd
[ 187.427551]{0} 1ae0 fb773bd7 00000000 ffbffffd 00001008 c0862a38 c08ca248 d6c51bd8 00000000
[ 187.437072]{0} 1b00 00000000 60010193 00000000 c05980f0 c06fb857 d6c51b2c 00001008 d6c51b2c
[ 187.446563]{0} 1b20 00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000400 00400000
[ 187.456054]{0} 1b40 d6c50dc1 00000000 00000000 d6c51b4c d6c51b4c 00000000 877ea4da 0000002b
[ 187.465576]{0} 1b60 000ba43c 00000000 ffea937b ffffffff 00007736 00000000 00000000 00000000
[ 187.475067]{0}
[ 187.475067]{0} R2: 0xc0858858:
[ 187.480468]{0} 8858 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.489959]{0} 8878 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.499450]{0} 8898 00000064 c0d610c0 00009000 0000000f c0d61100 00000005 00000009 c0d61080
[ 187.508941]{0} 88b8 0000002c c0d34000 c0d61000 c0d61040 00000001 00001000 00000000 00000004
[ 187.518463]{0} 88d8 004fe000 00507000 00510000 00519000 00522000 00000000 00000002 0001dffb
[ 187.527954]{0} 88f8 0001dfff 00002c0c 00002000 00000001 00000032 0000fffa 00000001 00000000
[ 187.537445]{0} 8918 00000001 d6c08800 d6d400c0 c0592010 c018b5ec c018a65c c0187d74 00000000
[ 187.546966]{0} 8938 c018b4e8 c0188298 c018824c 00000000 00000000 c0187650 00000003 00000000
[ 187.556457]{0}
[ 187.556457]{0} R3: 0xc0838a00:
[ 187.561859]{0} 8a00 6d75536b 7972616d 3178303d 556d202c 41726573 76697463 53797469 616d6d75
[ 187.571350]{0} 8a20 303d7972 202c3078 6f6f426d 6d6f4374 74656c70 743d6465 0a657572 302d3130
[ 187.580841]{0} 8a40 32312031 3a32353a 352e3632 20203039 33373720 38202020 44203332 776f5020
[ 187.590362]{0} 8a60 614d7265 6567616e 72655372 65636976 6168203a 656c646e 646e6153 3a6e616d
[ 187.599853]{0} 8a80 6e616320 61657244 61663d6d 2c65736c 61576d20 7566656b 73656e6c 73413d73
[ 187.609374]{0} 8aa0 7065656c 2d31300a 31203130 32353a32 2e36323a 20303935 37372020 20202033
[ 187.618865]{0} 8ac0 20353837 63412056 69766974 614d7974 6567616e 73203a72 74726174 76726553
[ 187.628356]{0} 8ae0 3a656369 746e4920 20746e65 6361207b 6f633d74 6e612e6d 696f7264 6d6d2e64
[ 187.637847]{0}
[ 187.637847]{0} R4: 0xd5912800:
[ 187.643249]{0} 2800 00001008 c08ca248 00000000 00000000 00000000 00000000 00000000 00000020
[ 187.652740]{0} 2820 00000000 0000c350 0000c350 00000000 00000000 00000000 00000000 00000000
[ 187.662261]{0} 2840 00000000 00000000 e5900000 e3031670 e7d00001 e3500000 1a00001a e51f0da8
[ 187.671752]{0} 2860 e5900000 e3041230 e0800001 e5d00001 e3500002 1a000001 e3a00000 eb00f0e1
[ 187.681274]{0} 2880 00000000 d3baa000 00000002 00404100 00000000 c05a6dd8 a0010193 ffffffff
[ 187.690765]{0} 28a0 d59128dc c000d4d8 c08ca248 ffffffff 00000011 d5912000 00000000 c08ca248
[ 187.700286]{0} 28c0 c08ca248 ffffffff 00000000 00000000 60010193 00000000 00000000 d59128f0
[ 187.709777]{0} 28e0 c00e02e8 c05a6dd8 a0010193 ffffffff 04306afd 00000000 00000008 00000000
[ 187.719268]{0}
[ 187.719268]{0} R5: 0xc0d36a00:
[ 187.724670]{0} 6a00 00000000 d6c4d460 d6c4d460 00000000 00000001 00000000 00000000 00000000
[ 187.734161]{0} 6a20 d6c216c0 00000000 00000000 00000001 00000000 00000000 00000000 00000000
[ 187.743682]{0} 6a40 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.753173]{0} 6a60 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.762664]{0} 6a80 39133912 00000002 00000400 00000500 00000340 000001d0 000000f4 ffffd3cb
[ 187.772186]{0} 6aa0 00000000 00000000 00000000 00000000 00000400 00000000 00002f5b 00000000
[ 187.781677]{0} 6ac0 0003ec12 00000000 00000400 00000000 00000001 00000001 3c41cf92 0000000f
[ 187.791198]{0} 6ae0 84652f3a 0000000c 84652f3a 0000000c d59128c0 d59128c0 00000000 00000000
[ 187.800689]{0}
[ 187.800689]{0} R6: 0xd3ba9f80:
[ 187.806060]{0} 9f80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.815582]{0} 9fa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.825073]{0} 9fc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.834564]{0} 9fe0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.844055]{0} a000 00000000 40000003 00000000 d5912880 c087e268 00000000 00000015 d5912880
[ 187.853576]{0} a020 c0d36a80 d3baa000 d54b4e00 d54b4a80 00000000 d542c380 d3babe04 d3babdd8
[ 187.863067]{0} a040 c05a6118 00000000 00000000 00000000 00000000 00000000 01010000 00000000
[ 187.872589]{0} a060 b6f3ff24 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.882080]{0}
[ 187.882080]{0} R7: 0xd5912ad8:
[ 187.887481]{0} 2ad8 d5910d80 d5912adc d5912adc d5910fdc d5910fdc d5912880 d5912af0 d5912af0
[ 187.896972]{0} 2af8 d5912af8 d5912af8 00000000 d0997848 d0997840 00000000 d099784c d0997840
[ 187.906463]{0} 2b18 d5911018 d185dc10 d185dc00 d5912b24 d5912b24 00000000 00000000 00000000
[ 187.915985]{0} 2b38 00000000 00000006 00000000 00000006 00000000 00000000 00000000 c05a6dd8
[ 187.925476]{0} 2b58 a0010193 ffffffff d5912b9c c000d4d8 c08ca248 ffffffff 0000000f d5912000
[ 187.934967]{0} 2b78 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000 60010193 00000000
[ 187.944488]{0} 2b98 00000000 d5912bb0 c00e02e8 c05a6dd8 a0010193 ffffffff 00000030 00000000
[ 187.953979]{0} 2bb8 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 187.963470]{0}
[ 187.963470]{0} R10: 0xd6c51a80:
[ 187.968963]{0} 1a80 d6c3e004 d6c50000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000
[ 187.978485]{0} 1aa0 60010193 00000000 00000000 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff
[ 187.987976]{0} 1ac0 00000000 00000000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd
[ 187.997497]{0} 1ae0 fb773bd7 00000000 ffbffffd 00001008 c0862a38 c08ca248 d6c51bd8 00000000
[ 188.006988]{0} 1b00 00000000 60010193 00000000 c05980f0 c06fb857 d6c51b2c 00001008 d6c51b2c
[ 188.016479]{0} 1b20 00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000400 00400000
[ 188.025970]{0} 1b40 d6c50dc1 00000000 00000000 d6c51b4c d6c51b4c 00000000 877ea4da 0000002b
[ 188.035461]{0} 1b60 000ba43c 00000000 ffea937b ffffffff 00007736 00000000 00000000 00000000
[ 188.044982]{0} Process ??? (pid: 2034, stack limit = 0xd3baa238)
[ 188.052337]{0} Stack: (0xd3babdf8 to 0xd3bac000)
[ 188.057525]{0} bde0: d5912880 c0d36a80
[ 188.067016]{0} be00: d3baa000 d5912b58 d3babe3c c05a6058 c083fad0 c0838a80 0000004c d3baa000
[ 188.076538]{0} be20: 200f0013 ffffffff d3babe84 c000d560 d3baa000 00000000 d3babe4c c05a6614
[ 188.086029]{0} be40: 000003ff c02ba184 00000000 c000d578 0000b9ca ffffffff 0000475c c02ba158
[ 188.095520]{0} be60: 00000001 00000014 f8899000 c088e470 0000001c 00000000 00000000 00000000
[ 188.105041]{0} be80: c0d34344 d3babe98 c001ab70 c02ba184 200f0013 ffffffff 0000001e 00000000
[ 188.114532]{0} bea0: 00000000 c08616f8 00000000 c001ac00 00000000 00000000 00000064 c001775c
[ 188.124053]{0} bec0: 00000000 c00179a0 00000004 00000000 00000000 c0593da8 00000004 c0591ac8
[ 188.133544]{0} bee0: b8f1ec44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002
[ 188.143035]{0} bf00: d6ce01c0 d09f3180 d09f3198 c05fe518 c0d58050 c0591bec c0d58048 c05921c8
[ 188.152557]{0} bf20: 00000002 d3babf80 00000002 c02f9ee0 00000002 c01dca14 c5034480 00000002
[ 188.162048]{0} bf40: b8f23e54 d3babf80 00000000 00000000 00000000 c018ed10 c5034480 b8f23e54
[ 188.171569]{0} bf60: 00000002 c5034480 00000000 b8f23e54 00000002 00000000 00000000 c018f050
[ 188.181060]{0} bf80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4
[ 188.190582]{0} bfa0: d3baa000 c000d940 00000003 00000002 00000001 b8f23e54 00000002 ffffffff
[ 188.200073]{0} bfc0: 00000003 00000002 00000001 00000004 b8f23e54 00000000 00000000 00000000
[ 188.209594]{0} bfe0: 00000000 bede57b8 b6f50c5d b6eef338 20010010 00000001 e3c0600f e320f000
[ 188.219085]{0} [<c0103b78>] (sched_info_arrive+0x14/0xc8) from [<c05a6058>] (__schedule+0x380/0x504)
[ 188.229370]{0} [<c05a6058>] (__schedule+0x380/0x504) from [<c05a6614>] (preempt_schedule_irq+0x44/0x64)
[ 188.239959]{0} [<c05a6614>] (preempt_schedule_irq+0x44/0x64) from [<c000d578>] (svc_preempt+0x8/0x18)
[ 188.250366]{0} [<c000d578>] (svc_preempt+0x8/0x18) from [<c02ba184>] (__loop_delay+0x0/0xc)
[ 188.259765]{0} Code: e28db014 e5901004 e59f20ac e59f30ac (e591c014)
[ 188.266906]{0} ---[ end
2.1.2 分析原因
sched_info_arrive函数的代码如下:
static void sched_info_arrive(struct task_struct *t)
{
unsigned long long now = task_rq(t)->clock, delta = 0;
if (t->sched_info.last_queued)
delta = now - t->sched_info.last_queued;
sched_info_reset_dequeued(t);
t->sched_info.run_delay += delta;
t->sched_info.last_arrival = now;
t->sched_info.pcount++;
rq_sched_info_arrive(task_rq(t), delta);
}
内核panic后PC指针的位置在sched_info_arrive+0x14/0xc8,将这个函数反汇编后如下:
00000000 <sched_info_arrive>:
0: e92d48f0 push {r4, r5, r6, r7, fp, lr}
4: e28db014 add fp, sp, #20
8: e5901004 ldr r1, [r0, #4]
c: e59f20ac ldr r2, [pc, #172] ; c0 <sched_info_arrive+0xc0>
10: e59f30ac ldr r3, [pc, #172] ; c4 <sched_info_arrive+0xc4>
14: e591c014 ldr ip, [r1, #20]
18: e792210c ldr r2, [r2, ip, lsl #2]
task_rq(t) -> cpu_rq(task_cpu(p))
task_cpu(p) -> task_thread_info(p)->cpu;
#define task_thread_info(task) ((struct thread_info *)(task)->stack)
(task)->stack) 就是传入的参数指针p的第二个变量,是个指针,然后将其转化为struct thread_info型的指针。对应的汇编就是上面的标号8处,此时的r0是0x d6c5 1b00,则R1变为[0x d6c5 1b00 + 4]取内容,则R1变为0x 6001 0193。
出问题的地方是标号14处,意思是将R1地址加上20,然后在这个地址上取内容,赋值给ip,[0x6001 0193 + 20(0x14) ]就是[0x6001 01a7],而这个地址是错误的虚拟地址,找不到对应的物理地址,故内核panic了。
2.2 do_set_cpus_allowed
2.2.1原始日志
[ 156.644378]{4} IRQ41 no longer affine to CPU4
[ 156.645019]{0} CPU4: shutdown
[ 156.655181]{0} BUG: recent printk recursion!
[ 156.655181]{0} Unable to handle kernel paging request at virtual address 00030000
[ 156.668334]{0} pgd = d1260000
[ 156.671661]{0} [00030000] *pgd=00000000
[ 156.675964]{0} Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM
[ 156.682891]{0} Modules linked in:
[ 156.686584]{0} in dump_stack_print_info, line:2909 mpidr:0x80000100
[ 156.693603]{0} CPU: 0 PID: 1989 Comm: sh Not tainted 3.10.0 #88
[ 156.700256]{0} task: cfeb3180 ti: d12c2000 task.ti: d12c2000
[ 156.706604]{0} PC is at 0x30000
[ 156.710113]{0} LR is at do_set_cpus_allowed+0x2c/0x48
[ 156.715759]{0} pc : [<00030000>] lr : [<c0109c0c>] psr: 20010193
[ 156.715759]{0} sp : d12c3bf0 ip : 00000004 fp : d12c3bfc
[ 156.729248]{0} r10: c05d216c r9 : 00000000 r8 : c05d2164
[ 156.735382]{0} r7 : c0858410 r6 : 00000002 r5 : c0857b98 r4 : d6c52880
[ 156.743011]{0} r3 : 00030002 r2 : 00000004 r1 : c0857b98 r0 : d6c52880
[ 156.750610]{0} Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 156.759002]{0} Control: 10c5387d Table: 1766006a DAC: 00000015
[ 156.765747]{0}
[ 156.765747]{0} LR: 0xc0109b8c:
[ 156.771118]{0} 9b8c 0a000001 e1a00004 ebffffb7 e59432a4 e50b3018 e51b4018 e2444fa9 e1540005
[ 156.780578]{0} 9bac 1afffff2 e59431f8 e50b3018 e51b5018 e2455f7e e1550007 1affffeb eb00378b
[ 156.790039]{0} 9bcc e24bd014 e8bd48f0 eaffc070 c08616f8 c071b5fc e92d4830 e1a04000 e5903030
[ 156.799530]{0} 9bec e28db00c e1a05001 e3530000 0a000003 e5933038 e3530000 0a000000 e12fff33
[ 156.808990]{0} 9c0c e5953000 e58431bc e5950000 e200001f eb07021e e58401b8 e8bd8830 e92d4ff8
[ 156.818450]{0} 9c2c e1a04000 e28db024 e1a06001 e1a05002 f57ff05f e2807fee e1a00007 eb127470
[ 156.827941]{0} 9c4c e5943000 e0166003 01a04006 e1a0a000 0a000067 e5943004 e5938014 e594301c
[ 156.837402]{0} 9c6c e3530000 0a00001f e59f9198 e5943004 e59f2194 e5933014 e7926103 e0896006
[ 156.846893]{0}
[ 156.846893]{0} SP: 0xd12c3b70:
[ 156.852264]{0} 3b70 c08588d8 004fe000 00000000 20010193 d12c3bf4 c010fda8 cfeb31b8 c010ce60
[ 156.861724]{0} 3b90 00000000 00030000 20010193 ffffffff d12c3bdc c000d638 d6c52880 c0857b98
[ 156.871185]{0} 3bb0 00000004 00030002 d6c52880 c0857b98 00000002 c0858410 c05d2164 00000000
[ 156.880676]{0} 3bd0 c05d216c d12c3bfc 00000004 d12c3bf0 c0109c0c 00030000 20010193 ffffffff
[ 156.890136]{0} 3bf0 00000005 d6c52880 d12c3c24 c0598bf8 d6c78000 d6c52880 00000000 00000001
[ 156.899627]{0} 3c10 d6c52c38 00000001 00000000 20010193 d12c3c4c c0109dbc 00000000 d6c79f2c
[ 156.909088]{0} 3c30 00000000 c0882b08 00000001 00000003 00000000 00000000 d12c3c7c c00fd088
[ 156.918579]{0} 3c50 c0882b14 c0103de4 00000000 c0882b10 60010193 00000001 00000003 00000000
[ 156.928039]{0}
[ 156.928039]{0} FP: 0xd12c3b7c:
[ 156.933410]{0} 3b7c 20010193 d12c3bf4 c010fda8 cfeb31b8 c010ce60 00000000 00030000 20010193
[ 156.942901]{0} 3b9c ffffffff d12c3bdc c000d638 d6c52880 c0857b98 00000004 00030002 d6c52880
[ 156.952362]{0} 3bbc c0857b98 00000002 c0858410 c05d2164 00000000 c05d216c d12c3bfc 00000004
[ 156.961853]{0} 3bdc d12c3bf0 c0109c0c 00030000 20010193 ffffffff 00000005 d6c52880 d12c3c24
[ 156.971313]{0} 3bfc c0598bf8 d6c78000 d6c52880 00000000 00000001 d6c52c38 00000001 00000000
[ 156.980804]{0} 3c1c 20010193 d12c3c4c c0109dbc 00000000 d6c79f2c 00000000 c0882b08 00000001
[ 156.990295]{0} 3c3c 00000003 00000000 00000000 d12c3c7c c00fd088 c0882b14 c0103de4 00000000
[ 156.999786]{0} 3c5c c0882b10 60010193 00000001 00000003 00000000 c0123a58 c0d34658 d12c3ca4
[ 157.009277]{0}
[ 157.009277]{0} R0: 0xd6c52800:
[ 157.014648]{0} 2800 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000020
[ 157.024169]{0} 2820 00000000 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff
[ 157.033660]{0} 2840 00000012 d6c52000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000
[ 157.043121]{0} 2860 60010193 00000000 00000000 d6c52880 c00e02e8 c05a6dd8 a0010193 ffffffff
[ 157.052612]{0} 2880 00000100 d6c78000 00000002 00208040 00000000 00000000 00000000 00000000
[ 157.062103]{0} 28a0 00000078 00000000 00000078 00001008 c0862a38 c08ca248 d6c52998 00000000
[ 157.071594]{0} 28c0 00000000 60010193 00000000 c05980f0 c06fb857 d6c528ec 00001008 d6c528ec
[ 157.081085]{0} 28e0 00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000000 00000000
[ 157.090576]{0}
[ 157.090576]{0} R1: 0xc0857b18:
[ 157.095947]{0} 7b18 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba 31608756 fbbc260d 3ab7828b f06b23d0
[ 157.105438]{0} 7b38 ae0ec13c 64d26067 00000000 00000001 c0019090 ffffffff c000f9b8 00000009
[ 157.114929]{0} 7b58 000fb0d7 00000012 c0017174 c00171ac 90f00000 c0016cc0 c0016c84 00000690
[ 157.124420]{0} 7b78 00000000 0000ea60 00001388 00000000 00000000 00000000 00000001 0000001f
[ 157.133911]{0} 7b98 0000001f 00000001 00000000 d6c20a80 d6c20b40 d6c20c00 d6c22100 d6c20cc0
[ 157.143402]{0} 7bb8 00000000 0000003c 00000001 00000000 00002e7b 000003e8 00000001 00000001
[ 157.152893]{0} 7bd8 00000020 00000001 00000000 0007a120 0000000a 00989680 00004e20 00000000
[ 157.162384]{0} 7bf8 00000000 00000000 00000000 00000001 00000000 00000000 00000000 00000000
[ 157.171874]{0}
[ 157.171874]{0} R4: 0xd6c52800:
[ 157.177246]{0} 2800 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000020
[ 157.186737]{0} 2820 00000000 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff
[ 157.196197]{0} 2840 00000012 d6c52000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000
[ 157.205688]{0} 2860 60010193 00000000 00000000 d6c52880 c00e02e8 c05a6dd8 a0010193 ffffffff
[ 157.215148]{0} 2880 00000100 d6c78000 00000002 00208040 00000000 00000000 00000000 00000000
[ 157.224639]{0} 28a0 00000078 00000000 00000078 00001008 c0862a38 c08ca248 d6c52998 00000000
[ 157.234100]{0} 28c0 00000000 60010193 00000000 c05980f0 c06fb857 d6c528ec 00001008 d6c528ec
[ 157.243591]{0} 28e0 00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000000 00000000
[ 157.253051]{0}
[ 157.253051]{0} R5: 0xc0857b18:
[ 157.258422]{0} 7b18 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba 31608756 fbbc260d 3ab7828b f06b23d0
[ 157.267883]{0} 7b38 ae0ec13c 64d26067 00000000 00000001 c0019090 ffffffff c000f9b8 00000009
[ 157.277374]{0} 7b58 000fb0d7 00000012 c0017174 c00171ac 90f00000 c0016cc0 c0016c84 00000690
[ 157.286834]{0} 7b78 00000000 0000ea60 00001388 00000000 00000000 00000000 00000001 0000001f
[ 157.296295]{0} 7b98 0000001f 00000001 00000000 d6c20a80 d6c20b40 d6c20c00 d6c22100 d6c20cc0
[ 157.305755]{0} 7bb8 00000000 0000003c 00000001 00000000 00002e7b 000003e8 00000001 00000001
[ 157.315216]{0} 7bd8 00000020 00000001 00000000 0007a120 0000000a 00989680 00004e20 00000000
[ 157.324676]{0} 7bf8 00000000 00000000 00000000 00000001 00000000 00000000 00000000 00000000
[ 157.334106]{0}
[ 157.334106]{0} R7: 0xc0858390:
[ 157.339477]{0} 8390 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 157.348937]{0} 83b0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 157.358398]{0} 83d0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 157.367858]{0} 83f0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001
[ 157.377288]{0} 8410 00000005 00000001 00000001 00000000 0000000a 00000000 00008000 00000000
[ 157.386749]{0} 8430 00000000 00000000 00000001 00000001 00000001 00000001 00000001 c0858664
[ 157.396209]{0} 8450 0000001f 00000000 00000000 00000000 c08ac370 c08ac3b0 c08ac3f0 c08ac430
[ 157.405670]{0} 8470 c08ac470 c08ac4b0 c08ac4f0 c08ac530 c08ac570 c08ac5b0 c08ac5f0 c08ac630
[ 157.415130]{0}
[ 157.415130]{0} R8: 0xc05d20e4:
[ 157.420501]{0} 20e4 00000001 00000002 00000004 00000008 00000010 00000020 00000040 00000080
[ 157.429931]{0} 2104 00000100 00000200 00000400 00000800 00001000 00002000 00004000 00008000
[ 157.439392]{0} 2124 00010000 00020000 00040000 00080000 00100000 00200000 00400000 00800000
[ 157.448852]{0} 2144 01000000 02000000 04000000 08000000 10000000 20000000 40000000 80000000
[ 157.458312]{0} 2164 c0857b9c c0857b94 c0857b90 c0857b98 0000001f 00000000 c073b489 00000001
[ 157.467773]{0} 2184 c0719aec 00000002 c0719ac1 00000003 c0719ac8 00000004 c0739ec2 00000005
[ 157.477233]{0} 21a4 c0719acf 00000006 c0719adc 00000007 c0719ae4 00000008 c0719aea 00000009
[ 157.486694]{0} 21c4 c0719af2 ffffffff 00000000 63657622 2075253d 7463615b 3d6e6f69 225d7325
[ 157.496154]{0}
[ 157.496154]{0} R10: 0xc05d20ec:
[ 157.501586]{0} 20ec 00000004 00000008 00000010 00000020 00000040 00000080 00000100 00000200
[ 157.511047]{0} 210c 00000400 00000800 00001000 00002000 00004000 00008000 00010000 00020000
[ 157.520507]{0} 212c 00040000 00080000 00100000 00200000 00400000 00800000 01000000 02000000
[ 157.529968]{0} 214c 04000000 08000000 10000000 20000000 40000000 80000000 c0857b9c c0857b94
[ 157.539428]{0} 216c c0857b90 c0857b98 0000001f 00000000 c073b489 00000001 c0719aec 00000002
[ 157.548889]{0} 218c c0719ac1 00000003 c0719ac8 00000004 c0739ec2 00000005 c0719acf 00000006
[ 157.558349]{0} 21ac c0719adc 00000007 c0719ae4 00000008 c0719aea 00000009 c0719af2 ffffffff
[ 157.567810]{0} 21cc 00000000 63657622 2075253d 7463615b 3d6e6f69 225d7325 4552202c 763e2d43
[ 157.577239]{0} Process sh (pid: 1989, stack limit = 0xd12c2238)
[ 157.583892]{0} Stack: (0xd12c3bf0 to 0xd12c4000)
[ 157.589050]{0} 3be0: 00000005 d6c52880 d12c3c24 c0598bf8
[ 157.598510]{0} 3c00: d6c78000 d6c52880 00000000 00000001 d6c52c38 00000001 00000000 20010193
[ 157.607940]{0} 3c20: d12c3c4c c0109dbc 00000000 d6c79f2c 00000000 c0882b08 00000001 00000003
[ 157.617401]{0} 3c40: 00000000 00000000 d12c3c7c c00fd088 c0882b14 c0103de4 00000000 c0882b10
[ 157.626861]{0} 3c60: 60010193 00000001 00000003 00000000 c0123a58 c0d34658 d12c3ca4 c0104b2c
[ 157.636291]{0} 3c80: 00000000 00773594 00000001 c0882bfc 00000002 00000003 c0883080 724f1086
[ 157.645751]{0} 3ca0: d12c3d58 c0152660 00010000 d12c2000 cfeb3180 00000000 00000000 c00ec0f0
[ 157.655181]{0} 3cc0: 60010013 d12c3e18 c0d345f0 00000024 c0d34778 c0123b00 c0d34778 c0d345fc
[ 157.664642]{0} 3ce0: 724f1086 00000024 c0d34778 c0d345f0 c0d345b8 00000000 c0d345f0 c00ff940
[ 157.674102]{0} 3d00: c0d34778 d12c3d58 724f099d 71ea4080 00000024 c0d345b8 00000000 c0d345f0
[ 157.683563]{0} 3d20: c0d34690 c0d34658 c0d346c8 c010052c 724f099d 00000024 ffffffff 7fffffff
[ 157.692993]{0} 3d40: 724f099d 00000024 c0d35ec4 00000003 724f099d 00000024 724f099d 00000024
[ 157.702453]{0} 3d60: ffffc7f4 c08675c0 0000004c 00000001 0000004c 00000000 00000000 60010013
[ 157.711883]{0} 3d80: 00000000 c00192a0 c0867740 d12c2000 c083fa80 c01366d0 c08ca72c d12c3da8
[ 157.721343]{0} 3da0: 00000000 c07194f4 0000009c c083fa80 c083fad0 c0867740 d12c3e4c 00000000
[ 157.730804]{0} 3dc0: 00000000 60010013 00000000 c01368e8 c083fa80 c083fad0 c0858ab0 c0139298
[ 157.740234]{0} 3de0: c01391dc 0000004c 00000000 c0135f60 000001ca c000e2e0 0000004c f811a000
[ 157.749694]{0} 3e00: d12c3e18 c0008478 c00e05d4 60010013 ffffffff c000d540 c0d34340 c0d35a90
[ 157.759155]{0} 3e20: 00000000 00000000 0000000e 00000006 c08cab52 00000005 00000000 00000000
[ 157.768585]{0} 3e40: 60010013 00000000 c0d34344 d12c3e60 c00dfdc0 c00e05d4 60010013 ffffffff
[ 157.778045]{0} 3e60: 00000000 00000000 00000000 00000000 c08cab52 0000000e d12c3e78 000001f4
[ 157.787506]{0} 3e80: 00000000 00000000 00000002 00000004 00000000 00000000 c08616f8 00000000
[ 157.796936]{0} 3ea0: 00000000 00000000 00000000 c05980f0 c06fb089 d12c3ecc 00000000 d12c3ecc
[ 157.806396]{0} 3ec0: 00000004 c0593d90 c06fb089 00000004 00000000 00000000 00000004 c0591ac8
[ 157.815856]{0} 3ee0: b83eec44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002
[ 157.825286]{0} 3f00: d6ce01c0 c6eb8980 c6eb8998 c05fe518 c0d58050 c0591bec c0d58048 c05921c8
[ 157.834747]{0} 3f20: 00000002 d12c3f80 00000002 c02f9ee0 00000002 c01dca14 d22a1900 00000002
[ 157.844207]{0} 3f40: b83f3f54 d12c3f80 00000000 00000000 00000000 c018ed10 d22a1900 b83f3f54
[ 157.853637]{0} 3f60: 00000002 d22a1900 00000000 b83f3f54 00000002 00000000 00000000 c018f050
[ 157.863098]{0} 3f80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4
[ 157.872528]{0} 3fa0: d12c2000 c000d940 00000003 00000002 00000001 b83f3f54 00000002 ffffffff
[ 157.881988]{0} 3fc0: 00000003 00000002 00000001 00000004 b83f3f54 00000000 00000000 00000000
[ 157.891448]{0} 3fe0: 00000000 bee777b8 b6f6ac5d b6f09338 20010010 00000001 00000000 00000000
[ 157.900909]{0} [<c0109c0c>] (do_set_cpus_allowed+0x2c/0x48) from [<c0598bf8>] (select_fallback_rq+0x13c/0x19c)
[ 157.912109]{0} [<c0598bf8>] (select_fallback_rq+0x13c/0x19c) from [<c0109dbc>] (try_to_wake_up+0x194/0x1f8)
[ 157.923004]{0} [<c0109dbc>] (try_to_wake_up+0x194/0x1f8) from [<c00fd088>] (autoremove_wake_function+0xc/0x34)
[ 157.934204]{0} [<c00fd088>] (autoremove_wake_function+0xc/0x34) from [<c0103de4>] (__wake_up_common+0x48/0x7c)
[ 157.945404]{0} [<c0103de4>] (__wake_up_common+0x48/0x7c) from [<c0104b2c>] (__wake_up+0x3c/0x50)
[ 157.955261]{0} [<c0104b2c>] (__wake_up+0x3c/0x50) from [<c0152660>] (__irq_work_run+0x90/0xc8)
[ 157.964904]{0} [<c0152660>] (__irq_work_run+0x90/0xc8) from [<c00ec0f0>] (update_process_times+0x50/0x64)
[ 157.975616]{0} [<c00ec0f0>] (update_process_times+0x50/0x64) from [<c0123b00>] (tick_sched_timer+0xa8/0xdc)
[ 157.986541]{0} [<c0123b00>] (tick_sched_timer+0xa8/0xdc) from [<c00ff940>] (__run_hrtimer+0x1a4/0x2b8)
[ 157.996948]{0} [<c00ff940>] (__run_hrtimer+0x1a4/0x2b8) from [<c010052c>] (hrtimer_interrupt+0x11c/0x278)
[ 158.007659]{0} [<c010052c>] (hrtimer_interrupt+0x11c/0x278) from [<c00192a0>] (clockevent_interrupt_cb+0x120/0x144)
[ 158.019348]{0} [<c00192a0>] (clockevent_interrupt_cb+0x120/0x144) from [<c01366d0>] (handle_irq_event_percpu+0xb0/0x28c)
[ 158.031524]{0} [<c01366d0>] (handle_irq_event_percpu+0xb0/0x28c) from [<c01368e8>] (handle_irq_event+0x3c/0x5c)
[ 158.042846]{0} [<c01368e8>] (handle_irq_event+0x3c/0x5c) from [<c0139298>] (handle_fasteoi_irq+0xbc/0x124)
[ 158.053649]{0} [<c0139298>] (handle_fasteoi_irq+0xbc/0x124) from [<c0135f60>] (generic_handle_irq+0x30/0x44)
[ 158.064666]{0} [<c0135f60>] (generic_handle_irq+0x30/0x44) from [<c000e2e0>] (handle_IRQ+0x64/0x8c)
[ 158.074798]{0} [<c000e2e0>] (handle_IRQ+0x64/0x8c) from [<c0008478>] (gic_handle_irq+0x34/0x58)
[ 158.084533]{0} [<c0008478>] (gic_handle_irq+0x34/0x58) from [<c000d540>] (__irq_svc+0x40/0x70)
[ 158.094177]{0} Exception stack(0xd12c3e18 to 0xd12c3e60)
[ 158.100128]{0} 3e00: c0d34340 c0d35a90
[ 158.109558]{0} 3e20: 00000000 00000000 0000000e 00000006 c08cab52 00000005 00000000 00000000
[ 158.119018]{0} 3e40: 60010013 00000000 c0d34344 d12c3e60 c00dfdc0 c00e05d4 60010013 ffffffff
[ 158.128479]{0} [<c000d540>] (__irq_svc+0x40/0x70) from [<c00e05d4>] (vprintk_emit+0x3e4/0x434)
[ 158.138122]{0} [<c00e05d4>] (vprintk_emit+0x3e4/0x434) from [<c05980f0>] (printk+0x2c/0x3c)
[ 158.147460]{0} [<c05980f0>] (printk+0x2c/0x3c) from [<c0593d90>] (__cpu_die+0x34/0x78)
[ 158.156341]{0} [<c0593d90>] (__cpu_die+0x34/0x78) from [<c0591ac8>] (_cpu_down+0x130/0x22c)
[ 158.165679]{0} [<c0591ac8>] (_cpu_down+0x130/0x22c) from [<c0591bec>] (cpu_down+0x28/0x3c)
[ 158.174926]{0} [<c0591bec>] (cpu_down+0x28/0x3c) from [<c05921c8>] (store_online+0x2c/0x74)
[ 158.184295]{0} [<c05921c8>] (store_online+0x2c/0x74) from [<c02f9ee0>] (dev_attr_store+0x18/0x24)
[ 158.194244]{0} [<c02f9ee0>] (dev_attr_store+0x18/0x24) from [<c01dca14>] (sysfs_write_file+0x7c/0xb0)
[ 158.204559]{0} [<c01dca14>] (sysfs_write_file+0x7c/0xb0) from [<c018ed10>] (vfs_write+0xd4/0x16c)
[ 158.214477]{0} [<c018ed10>] (vfs_write+0xd4/0x16c) from [<c018f050>] (SyS_write+0x3c/0x60)
[ 158.223754]{0} [<c018f050>] (SyS_write+0x3c/0x60) from [<c000d940>] (ret_fast_syscall+0x0/0x30)
[ 158.233489]{0} Code: bad PC value
[ 158.237182]{0} ---[ end trace 1e855ca44fc46f0a ]---
2.2.2 分析原因
do_set_cpus_allowed函数的代码如下。
void do_set_cpus_allowed(struct task_struct *p, const struct cpumask *new_mask)
{
if (p->sched_class && p->sched_class->set_cpus_allowed)
p->sched_class->set_cpus_allowed(p, new_mask);
cpumask_copy(&p->cpus_allowed, new_mask);
p->nr_cpus_allowed = cpumask_weight(new_mask);
}
内核panic后PC指针的位置在PC is at 0x30000,而LR在do_set_cpus_allowed+0x2c/0x48,PC是个错误的值,则只能根据LR反推了,将这个函数反汇编后如下:
0000607c <do_set_cpus_allowed>:
607c: e92d4830 push {r4, r5, fp, lr}
6080: e1a04000 mov r4, r0
6084: e5903030 ldr r3, [r0, #48] ; 0x30
6088: e28db00c add fp, sp, #12
608c: e1a05001 mov r5, r1
6090: e3530000 cmp r3, #0
6094: 0a000003 beq 60a8 <do_set_cpus_allowed+0x2c>
6098: e5933038 ldr r3, [r3, #56] ; 0x38
609c: e3530000 cmp r3, #0
60a0: 0a000000 beq 60a8 <do_set_cpus_allowed+0x2c>
60a4: e12fff33 blx r3
60a8: e5953000 ldr r3, [r5]
p->sched_class 就是指针p偏移48个字节,当时的R0是(后来的R4的值)0x d6c5 2880,则[0xd6c5 2880 + 48]=[0xd6c5 28b0]的内容是c0862a38,赋值给R3。
R3和0比较,不为0,则p->sched_class->set_cpus_allowed就是在R3的基础上偏移56个字节,[0xc086 2a38+56]=[0xc086 2a70],取出的内容赋值给R3
内核编译的system.map文件中,部分内容如下,则0xc086 2a70在fsr_info中的一个地方。
c08629b8 d fsr_info
c0862bb8 d ifsr_info
struct fsr_info {
int (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
int sig;
int code;
const char *name;
}; //占据16个字节
static struct fsr_info fsr_info[] = {
/*
* The following are the standard ARMv3 and ARMv4 aborts. ARMv5
* defines these to be "precise" aborts.
*/
{ do_bad, SIGSEGV, 0, "vector exception" }, // 29b8
{ do_bad, SIGBUS, BUS_ADRALN, "alignment exception" },
{ do_bad, SIGKILL, 0, "terminal exception" },
{ do_bad, SIGBUS, BUS_ADRALN, "alignment exception" },
{ do_bad, SIGBUS, 0, "external abort on linefetch" },
{ do_translation_fault, SIGSEGV, SEGV_MAPERR, "section translation fault" }, //2a08
{ do_bad, SIGBUS, 0, "external abort on linefetch" },
{ do_page_fault, SIGSEGV, SEGV_MAPERR, "page translation fault" },
{ do_bad, SIGBUS, 0, "external abort on non-linefetch" },
{ do_bad, SIGSEGV, SEGV_ACCERR, "section domain fault" },
{ do_bad, SIGBUS, 0, "external abort on non-linefetch" },
{ do_bad, SIGSEGV, SEGV_ACCERR, "page domain fault" }, //2a68
{ do_bad, SIGBUS, 0, "external abort on translation" },
{ do_sect_fault, SIGSEGV, SEGV_ACCERR, "section permission fault" },
{ do_bad, SIGBUS, 0, "external abort on translation" },
{ do_page_fault, SIGSEGV, SEGV_ACCERR, "page permission fault" },
/*
* The following are "imprecise" aborts, which are signalled by bit
* 10 of the FSR, and may not be recoverable. These are only
* supported if the CPU abort handler supports bit 10.
*/
{ do_bad, SIGBUS, 0, "unknown 16" },
{ do_bad, SIGBUS, 0, "unknown 17" },
{ do_bad, SIGBUS, 0, "unknown 18" },
{ do_bad, SIGBUS, 0, "unknown 19" },
{ do_bad, SIGBUS, 0, "lock abort" }, /* xscale */
{ do_bad, SIGBUS, 0, "unknown 21" },
{ do_bad, SIGBUS, BUS_OBJERR, "imprecise external abort" }, /* xscale */
{ do_bad, SIGBUS, 0, "unknown 23" },
{ do_bad, SIGBUS, 0, "dcache parity error" }, /* xscale */
{ do_bad, SIGBUS, 0, "unknown 25" },
{ do_bad, SIGBUS, 0, "unknown 26" },
{ do_bad, SIGBUS, 0, "unknown 27" },
{ do_bad, SIGBUS, 0, "unknown 28" },
{ do_bad, SIGBUS, 0, "unknown 29" },
{ do_bad, SIGBUS, 0, "unknown 30" },
{ do_bad, SIGBUS, 0, "unknown 31" },
};
则共32*16=512个字节,就是从c08629b8到c0862bb8。
故0xc086 2a70对应的内容是SEGV_ACCERR的值。
#define SEGV_ACCERR (__SI_FAULT|2) = 3<<16 | 2 = 0x0003 0002
则R3的值变为0x 0003 0002。
blx r3,PC跳转到这样的地址,当然是要出错的。
2.3 _raw_spin_lock
2.3.1 原始日志
[ 126.963012]{4} IRQ41 no longer affine to CPU4
[ 126.968200]{0} Alignment trap: not handling instruction e1903f9f at [<c05a6da8>]
[ 126.981109]{0} BUG: recent printk recursion!
[ 126.981109]{0} Unhandled fault: alignment exception (0x001) at 0xffffffff
[ 126.993316]{0} Internal error: : 1 [#1] PREEMPT SMP ARM
[ 126.999084]{0} Modules linked in:
[ 127.002746]{0} in dump_stack_print_info, line:2909 mpidr:0x80000100
[ 127.009674]{0} CPU: 0 PID: 1906 Comm: sh Not tainted 3.10.0 #99
[ 127.016204]{0} task: c62b5a00 ti: c8e52000 task.ti: c8e52000
[ 127.022460]{0} PC is at _raw_spin_lock+0x1c/0x50
[ 127.027557]{0} LR is at __queue_work+0x118/0x364
[ 127.032653]{0} pc : [<c05a6dac>] lr : [<c00f5f78>] psr: 200f0193
[ 127.032653]{0} sp : c8e53d50 ip : 371ad678 fp : c08588d8
[ 127.045928]{0} r10: 00000000 r9 : ffffffff r8 : 00000005
[ 127.051971]{0} r7 : d6c20a80 r6 : c8e52000 r5 : c08a77fc r4 : c0d39d00
[ 127.059478]{0} r3 : c8e52000 r2 : 00000101 r1 : 00000008 r0 : ffffffff
[ 127.066986]{0} Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 127.075256]{0} Control: 10c5387d Table: 0800006a DAC: 00000015
[ 127.081878]{0}
[ 127.081878]{0} PC: 0xc05a6d2c:
[ 127.087158]{0} 6d2c f57ff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eb000026 e1a01000 eafffff3
[ 127.096496]{0} 6d4c e3e03000 e5843000 e89d000c e1a00005 e5823004 e5832000 e59f2010 e59f3010
[ 127.105834]{0} 6d6c e88d000c eb0000e9 e28dd014 e8bd80f0 00100100 00200200 e3a01000 eaffffcd
[ 127.115173]{0} 6d8c 00000000 e1a0200d e3c23d7f e3c3303f e5932004 e2822001 e5832004 e1903f9f
[ 127.124511]{0} 6dac e2832801 e1801f92 e3310000 1afffffa e6ff2073 e7ef3853 ea000001 e320f002
[ 127.133850]{0} 6dcc e1d020b0 e1530002 1afffffb f57ff05f e12fff1e e1a03000 e10f0000 f10c0080
[ 127.143157]{0} 6dec e1a0100d e3c12d7f e3c2203f e5921004 e2811001 e5821004 e1932f9f e2821801
[ 127.152496]{0} 6e0c e183cf91 e33c0000 1afffffa e6ff1072 e7ef2852 ea000001 e320f002 e1d310b0
[ 127.161834]{0}
[ 127.161834]{0} LR: 0xc00f5ef8:
[ 127.167114]{0} 5ef8 0a000009 e59f42ac e5d43010 e3530001 0a0000a6 e59f02a0 e300151b ebffa0c5
[ 127.176452]{0} 5f18 e3a03001 e5c43010 ea0000a0 e1a0200d e59fb288 e3c26d7f e3c6603f e3580005
[ 127.185760]{0} 5f38 e5973080 0596a014 e3130002 15974088 1a000002 e79b410a e5973084 e0834004
[ 127.195098]{0} 5f58 e1a00005 ebffff57 e2509000 0a00000f e5943000 e1590003 0a00000c eb12c385
[ 127.204437]{0} 5f78 e1a00009 e1a01005 ebfff9cf e3500000 0a000004 e5903010 e5932004 e1520007
[ 127.213745]{0} 5f98 01a04003 0a000003 e1a00009 eb12c44c e5940000 eb12c377 e5943010 e3530000
[ 127.223083]{0} 5fb8 1a000011 e5973080 e3130002 0a000002 e5940000 eb12c442 eaffffd7 e59f61d4
[ 127.232421]{0} 5fd8 e5d63011 e3530001 0a000007 e2873068 e59f01c4 e300154f e59f21c4 e58da000
[ 127.241760]{0}
[ 127.241760]{0} SP: 0xc8e53cd0:
[ 127.247039]{0} 3cd0 00989680 00000000 88d98293 0000001d 8971fb00 0000001d 00000000 00989680
[ 127.256378]{0} 3cf0 00000000 c05a6da8 200f0193 ffffffff c8e53d3c c000d4d8 ffffffff 00000008
[ 127.265686]{0} 3d10 00000101 c8e52000 c0d39d00 c08a77fc c8e52000 d6c20a80 00000005 ffffffff
[ 127.275024]{0} 3d30 00000000 c08588d8 371ad678 c8e53d50 c00f5f78 c05a6dac 200f0193 ffffffff
[ 127.284362]{0} 3d50 00000005 d6c20a80 c08a77fc 00000100 c08a780c c00f61c4 c00f61c4 c08a77fc
[ 127.293701]{0} 3d70 00000000 c08a77fc 0000000a c00eb1b0 c08a780c c00f61c4 c09cb280 c08a780c
[ 127.303039]{0} 3d90 c8e52000 c00f61c4 c08a77fc 00000000 00000000 c00eb760 0000004c 00000000
[ 127.312377]{0} 3db0 c8e53db8 00000002 c8e53db8 c8e53db8 00000000 c8e52000 c083c084 00000101
[ 127.321685]{0}
[ 127.321685]{0} FP: 0xc0858858:
[ 127.326995]{0} 8858 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.336334]{0} 8878 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.345642]{0} 8898 00000064 c0d610c0 00009000 0000000f c0d61100 00000005 00000009 c0d61080
[ 127.354980]{0} 88b8 0000002c c0d34000 c0d61000 c0d61040 00000001 00001000 00000000 00000004
[ 127.364318]{0} 88d8 004fe000 00507000 00510000 00519000 00522000 00000000 00000002 0001dffb
[ 127.373657]{0} 88f8 0001dfff 00002c0c 00002000 00000001 00000032 0000fffa 00000001 00000000
[ 127.382995]{0} 8918 00000001 d6c08800 d6d400c0 c0591ff0 c018b5d8 c018a648 c0187d60 00000000
[ 127.392333]{0} 8938 c018b4d4 c0188284 c0188238 00000000 00000000 c018763c 00000003 00000000
[ 127.401672]{0}
[ 127.401672]{0} R3: 0xc8e51f80:
[ 127.406951]{0} 1f80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.416290]{0} 1fa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.425628]{0} 1fc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.434967]{0} 1fe0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.444305]{0} 2000 00000000 00000102 00000000 c62b5a00 c087e268 00000000 00000015 c62b5a00
[ 127.453613]{0} 2020 c0d36a80 c8e52000 d1f6b880 00000000 0000001d c62b5580 c8e53e3c c8e53e10
[ 127.462951]{0} 2040 c05a60e8 00000000 00000000 00000000 00000000 00000000 01010000 00000000
[ 127.472290]{0} 2060 b6efdf24 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.481628]{0}
[ 127.481628]{0} R4: 0xc0d39c80:
[ 127.486907]{0} 9c80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.496246]{0} 9ca0 00000000 00000000 d3219080 00003080 c0c9c300 c0c54940 00000076 00000075
[ 127.505584]{0} 9cc0 c0d39cc0 c0d39cc0 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.514923]{0} 9ce0 00000000 00000000 00000000 00000000 00000036 00014a32 000000a0 00000000
[ 127.524261]{0} 9d00 c0d36600 d6c20a80 00000000 ffffffff 00000001 00000000 00000000 00000000
[ 127.533569]{0} 9d20 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.542907]{0} 9d40 00000000 00000000 00000000 00000000 00000000 00000100 c0d39d58 c0d39d58
[ 127.552246]{0} 9d60 d6c20a80 c0d42d60 c0d39d68 c0d39d68 ffffffe0 c0d39d74 c0d39d74 c00f7f34
[ 127.561584]{0}
[ 127.561584]{0} R5: 0xc08a777c:
[ 127.566864]{0} 777c c04e74d8 c04e748c c04e84cc c076c7ad 00000000 d624e180 00000000 00000000
[ 127.576202]{0} 779c c08a7764 d619ec00 00000000 00000001 00000000 00000000 00000bb8 00000064
[ 127.585540]{0} 77bc 00001770 0000069e 000001f4 00010000 00000003 00000000 00000003 00000064
[ 127.594879]{0} 77dc 00000050 00000040 00000000 00000bb8 00000080 00000200 00000400 ffff8c7e
[ 127.604217]{0} 77fc 00000001 c08a7800 c08a7800 c042dd6c 00000000 00200200 ffffbc5c c09cb283
[ 127.613555]{0} 781c c00f61c4 c08a77fc ffffffff ffffffff 00000000 00000000 00000000 00000000
[ 127.622894]{0} 783c 00000000 d6c20a80 00000005 00000000 00000000 00000000 c09cb280 c042b5a4
[ 127.632232]{0} 785c c08a7764 ffffffff ffffffff 00000000 00000000 00000000 00000000 00000000
[ 127.641540]{0}
[ 127.641540]{0} R6: 0xc8e51f80:
[ 127.646850]{0} 1f80 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.656188]{0} 1fa0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.665527]{0} 1fc0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.674835]{0} 1fe0 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.684173]{0} 2000 00000000 00000102 00000000 c62b5a00 c087e268 00000000 00000015 c62b5a00
[ 127.693511]{0} 2020 c0d36a80 c8e52000 d1f6b880 00000000 0000001d c62b5580 c8e53e3c c8e53e10
[ 127.702850]{0} 2040 c05a60e8 00000000 00000000 00000000 00000000 00000000 01010000 00000000
[ 127.712188]{0} 2060 b6efdf24 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.721496]{0}
[ 127.721496]{0} R7: 0xd6c20a00:
[ 127.726806]{0} 0a00 d6c209fc d6c20a04 d6c20a04 d6c20a0c d6c20a0c d6c20a14 d6c20a14 d6c20a1c
[ 127.736145]{0} 0a20 d6c20a1c 00000000 ffffffea 00000000 00000000 00000000 00000003 00000000
[ 127.745452]{0} 0a40 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.754791]{0} 0a60 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 127.764129]{0} 0a80 c0d5dd60 c0d39d60 c087ff2c d6c20b48 00000001 00000000 d6c20a98 d6c20a98
[ 127.773468]{0} 0aa0 00000000 00000000 00000000 00000000 00000000 00000000 d6c20ab8 d6c20ab8
[ 127.782806]{0} 0ac0 d6c20ac0 d6c20ac0 d6c20ac8 d6c20ac8 00000000 00000000 00000100 00000000
[ 127.792144]{0} 0ae0 00000000 00000000 6e657665 00007374 00000000 00000000 00000000 00000000
[ 127.801483]{0} Process sh (pid: 1906, stack limit = 0xc8e52238)
[ 127.808013]{0} Stack: (0xc8e53d50 to 0xc8e54000)
[ 127.813110]{0} 3d40: 00000005 d6c20a80 c08a77fc 00000100
[ 127.822448]{0} 3d60: c08a780c c00f61c4 c00f61c4 c08a77fc 00000000 c08a77fc 0000000a c00eb1b0
[ 127.831787]{0} 3d80: c08a780c c00f61c4 c09cb280 c08a780c c8e52000 c00f61c4 c08a77fc 00000000
[ 127.841125]{0} 3da0: 00000000 c00eb760 0000004c 00000000 c8e53db8 00000002 c8e53db8 c8e53db8
[ 127.850463]{0} 3dc0: 00000000 c8e52000 c083c084 00000101 00000100 00000001 00000000 00000000
[ 127.859771]{0} 3de0: 0000000a c00e540c c083fad0 c0867740 c8e53e84 00404100 ffffbc5e 00000000
[ 127.869110]{0} 3e00: 00000000 c8e52000 00000000 c0858ab0 c8e53e84 0000001c 00000000 00000000
[ 127.878448]{0} 3e20: 00000000 c00e587c 0000004c c000e2e4 0000004c f811a000 c8e53e50 c0008478
[ 127.887786]{0} 3e40: c02ba164 200f0013 ffffffff c000d540 00003136 ffffffff 00001514 c02ba138
[ 127.897125]{0} 3e60: 00000001 0000001e f8899000 c088e470 0000001c 00000000 00000000 00000000
[ 127.906433]{0} 3e80: 00000000 c8e53e98 c001ab30 c02ba164 200f0013 ffffffff 0000001d 00000000
[ 127.915771]{0} 3ea0: 00000000 c08616f8 00000000 c001abc0 00000000 00000000 00000064 c0017724
[ 127.925109]{0} 3ec0: 00000000 c0017968 00000004 00000000 00000000 c0593d7c 00000004 c0591aa8
[ 127.934448]{0} 3ee0: b8780c44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002
[ 127.943786]{0} 3f00: d6ce01c0 c1ccc4c0 c1ccc4d8 c05fe518 c0d58050 c0591bcc c0d58048 c05921a8
[ 127.953124]{0} 3f20: 00000002 c8e53f80 00000002 c02f9ec0 00000002 c01dca00 d288f6c0 00000002
[ 127.962432]{0} 3f40: b8785f54 c8e53f80 00000000 00000000 00000000 c018ecfc d288f6c0 b8785f54
[ 127.971771]{0} 3f60: 00000002 d288f6c0 00000000 b8785f54 00000002 00000000 00000000 c018f03c
[ 127.981109]{0} 3f80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4
[ 127.990447]{0} 3fa0: c8e52000 c000d940 00000003 00000002 00000001 b8785f54 00000002 ffffffff
[ 127.999786]{0} 3fc0: 00000003 00000002 00000001 00000004 b8785f54 00000000 00000000 00000000
[ 128.009124]{0} 3fe0: 00000000 bed9b7b8 b6f0ec5d b6ead338 20010010 00000001 eaffffe2 005869e8
[ 128.018463]{0} [<c05a6dac>] (_raw_spin_lock+0x1c/0x50) from [<c00f5f78>] (__queue_work+0x118/0x364)
[ 128.028472]{0} [<c00f5f78>] (__queue_work+0x118/0x364) from [<c00eb1b0>] (call_timer_fn+0xa4/0x1a4)
[ 128.038452]{0} [<c00eb1b0>] (call_timer_fn+0xa4/0x1a4) from [<c00eb760>] (run_timer_softirq+0x20c/0x284)
[ 128.048950]{0} [<c00eb760>] (run_timer_softirq+0x20c/0x284) from [<c00e540c>] (__do_softirq+0x144/0x2b4)
[ 128.059448]{0} [<c00e540c>] (__do_softirq+0x144/0x2b4) from [<c00e587c>] (irq_exit+0x74/0xbc)
[ 128.068878]{0} [<c00e587c>] (irq_exit+0x74/0xbc) from [<c000e2e4>] (handle_IRQ+0x68/0x8c)
[ 128.077941]{0} [<c000e2e4>] (handle_IRQ+0x68/0x8c) from [<c0008478>] (gic_handle_irq+0x34/0x58)
[ 128.087554]{0} [<c0008478>] (gic_handle_irq+0x34/0x58) from [<c000d540>] (__irq_svc+0x40/0x70)
[ 128.097106]{0} Exception stack(0xc8e53e50 to 0xc8e53e98)
[ 128.102966]{0} 3e40: 00003136 ffffffff 00001514 c02ba138
[ 128.112335]{0} 3e60: 00000001 0000001e f8899000 c088e470 0000001c 00000000 00000000 00000000
[ 128.121673]{0} 3e80: 00000000 c8e53e98 c001ab30 c02ba164 200f0013 ffffffff
[ 128.129272]{0} [<c000d540>] (__irq_svc+0x40/0x70) from [<c02ba164>] (__loop_delay+0x0/0xc)
[ 128.138427]{0} Code: e5932004 e2822001 e5832004 e1903f9f (
2.3.2 分析原因
_raw_spin_lock函数代码如下:
void __lockfunc _raw_spin_lock(raw_spinlock_t *lock)
{
__raw_spin_lock(lock);
}
__raw_spin_lock代码如下:
static inline void __raw_spin_lock(raw_spinlock_t *lock)
{
preempt_disable();
spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);
LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
}
将_raw_spin_lock反汇编后如下:
Disassembly of section .spinlock.text:
00000000 <_raw_spin_lock>:
0: e1a0200d mov r2, sp
4: e3c23d7f bic r3, r2, #8128 ; 0x1fc0
8: e3c3303f bic r3, r3, #63 ; 0x3f
c: e5932004 ldr r2, [r3, #4]
10: e2822001 add r2, r2, #1
14: e5832004 str r2, [r3, #4]
18: e1903f9f ldrex r3, [r0]
1c: e2832801 add r2, r3, #65536 ; 0x10000
20: e1801f92 strex r1, r2, [r0]
24: e3310000 teq r1, #0
28: 1afffffa bne 18 <_raw_spin_lock+0x18>
2c: e6ff2073 uxth r2, r3
30: e7ef3853 ubfx r3, r3, #16, #16
34: ea000001 b 40 <_raw_spin_lock+0x40>
38: e320f002 wfe
3c: e1d020b0 ldrh r2, [r0]
40: e1530002 cmp r3, r2
44: 1afffffb bne 38 <_raw_spin_lock+0x38>
48: f57ff05f dmb sy
4c: e12fff1e bx lr
出问题是PC的位置在_raw_spin_lock+0x1c/0x50,就是上面的1C前后的位置。
ldrex r3, [r0] 此处的指令二进制代码是e190 3f9f,表示从r0排它性取内容到r3,
而R0的值是0xffff ffff,从这个虚拟地址上取内容,故会发生对齐异常,内核panic。
2.4 __wake_up_common
2.4.1 原始日志
[ 139.595489]{4} IRQ41 no longer affine to CPU4
[ 139.607574]{0} Unable to handle kernel paging request at virtual address a0030193
[ 139.620727]{0} pgd = d0730000
[ 139.624023]{0} [a0030193] *pgd=00000000
[ 139.628295]{0} Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 139.634490]{0} Modules linked in:
[ 139.638183]{0} in dump_stack_print_info, line:2909 mpidr:0x80000100
[ 139.645202]{0} CPU: 0 PID: 1781 Comm: sh Not tainted 3.10.0 #99
[ 139.651794]{0} task: d215e780 ti: d1c9c000 task.ti: d1c9c000
[ 139.658142]{0} PC is at __wake_up_common+0x60/0x7c
[ 139.663482]{0} LR is at __wake_up_common+0x48/0x7c
[ 139.668823]{0} pc : [<c0103de8>] lr : [<c0103dd0>] psr: 600f0193
[ 139.668823]{0} sp : d1c9dc90 ip : c05a6da8 fp : d1c9dcb4
[ 139.682220]{0} r10: 00000000 r9 : 00000000 r8 : 00000003
[ 139.688354]{0} r7 : 00000001 r6 : a0030187 r5 : 00000000 r4 : c0882b14
[ 139.695953]{0} r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : d6c79f2c
[ 139.703521]{0} Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
[ 139.711883]{0} Control: 10c5387d Table: 16b3006a DAC: 00000015
[ 139.718597]{0}
[ 139.718597]{0} PC: 0xc0103d68:
[ 139.723937]{0} 3d68 f57ff05f e59f300c e5932014 e2822001 e5832014 e8bd88f0 c09cd180 c083c0c0
[ 139.733367]{0} 3d88 e92d4ff8 e1a04000 e1a0a003 e5b43004 e28db024 e1a08001 e1a07002 e243000c
[ 139.742797]{0} 3da8 e5936000 e59b9004 e246600c ea00000e e590c008 e1a01008 e1a0200a e1a03009
[ 139.752227]{0} 3dc8 e5905000 e12fff3c e3500000 0a000003 e3150001 0a000001 e2577001 08bd8ff8
[ 139.761657]{0} 3de8 e596300c e1a00006 e243600c e280300c e1530004 1affffed e8bd8ff8 e92d4800
[ 139.771087]{0} 3e08 e28db004 e24dd008 e3a03000 e58d3000 ebffffda e24bd004 e8bd8800 e92d4800
[ 139.780517]{0} 3e28 e28db004 e24dd008 e3a03000 e58d2000 e3a02001 ebffffd1 e24bd004 e8bd8800
[ 139.789947]{0} 3e48 e92d4800 e28db004 e5900024 e2400078 e8bd8800 e59f300c e92d4800 e28db004
[ 139.799377]{0}
[ 139.799377]{0} LR: 0xc0103d50:
[ 139.804718]{0} 3d50 e5940010 ebffffc5 e30031f5 e0257593 e5845000 e5840010 f57ff05f e59f300c
[ 139.814147]{0} 3d70 e5932014 e2822001 e5832014 e8bd88f0 c09cd180 c083c0c0 e92d4ff8 e1a04000
[ 139.823577]{0} 3d90 e1a0a003 e5b43004 e28db024 e1a08001 e1a07002 e243000c e5936000 e59b9004
[ 139.833007]{0} 3db0 e246600c ea00000e e590c008 e1a01008 e1a0200a e1a03009 e5905000 e12fff3c
[ 139.842437]{0} 3dd0 e3500000 0a000003 e3150001 0a000001 e2577001 08bd8ff8 e596300c e1a00006
[ 139.851898]{0} 3df0 e243600c e280300c e1530004 1affffed e8bd8ff8 e92d4800 e28db004 e24dd008
[ 139.861297]{0} 3e10 e3a03000 e58d3000 ebffffda e24bd004 e8bd8800 e92d4800 e28db004 e24dd008
[ 139.870758]{0} 3e30 e3a03000 e58d2000 e3a02001 ebffffd1 e24bd004 e8bd8800 e92d4800 e28db004
[ 139.880187]{0}
[ 139.880187]{0} SP: 0xd1c9dc10:
[ 139.885528]{0} dc10 00000000 d215e7b8 c0d36ac8 80a9cb18 d215e7b8 c010ce4c 0002080a 00000000
[ 139.894958]{0} dc30 00000034 c0103de8 600f0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c 00000000
[ 139.904388]{0} dc50 00000000 00000000 c0882b14 00000000 a0030187 00000001 00000003 00000000
[ 139.913818]{0} dc70 00000000 d1c9dcb4 c05a6da8 d1c9dc90 c0103dd0 c0103de8 600f0193 ffffffff
[ 139.923248]{0} dc90 00000000 c0882b10 600f0193 00000001 00000003 00000000 c0123a44 c0d34658
[ 139.932647]{0} dcb0 d1c9dcdc c0104b18 00000000 00773594 00000001 c0882bfc 00000002 00000003
[ 139.942077]{0} dcd0 c0883080 7a40965e d1c9dd90 c015264c 00010000 d1c9c000 d215e780 00000000
[ 139.951477]{0} dcf0 00000000 c00ec0dc 200f0013 d1c9de50 c0d345f0 00000020 c0d34778 c0123aec
[ 139.960876]{0}
[ 139.960876]{0} IP: 0xc05a6d28:
[ 139.966217]{0} 6d28 e5867000 f57ff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eb000026 e1a01000
[ 139.975616]{0} 6d48 eafffff3 e3e03000 e5843000 e89d000c e1a00005 e5823004 e5832000 e59f2010
[ 139.985046]{0} 6d68 e59f3010 e88d000c eb0000e9 e28dd014 e8bd80f0 00100100 00200200 e3a01000
[ 139.994476]{0} 6d88 eaffffcd 00000000 e1a0200d e3c23d7f e3c3303f e5932004 e2822001 e5832004
[ 140.003875]{0} 6da8 e1903f9f e2832801 e1801f92 e3310000 1afffffa e6ff2073 e7ef3853 ea000001
[ 140.013305]{0} 6dc8 e320f002 e1d020b0 e1530002 1afffffb f57ff05f e12fff1e e1a03000 e10f0000
[ 140.022705]{0} 6de8 f10c0080 e1a0100d e3c12d7f e3c2203f e5921004 e2811001 e5821004 e1932f9f
[ 140.032104]{0} 6e08 e2821801 e183cf91 e33c0000 1afffffa e6ff1072 e7ef2852 ea000001 e320f002
[ 140.041503]{0}
[ 140.041503]{0} FP: 0xd1c9dc34:
[ 140.046813]{0} dc34 c0103de8 600f0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c 00000000 00000000
[ 140.056243]{0} dc54 00000000 c0882b14 00000000 a0030187 00000001 00000003 00000000 00000000
[ 140.065643]{0} dc74 d1c9dcb4 c05a6da8 d1c9dc90 c0103dd0 c0103de8 600f0193 ffffffff 00000000
[ 140.075042]{0} dc94 c0882b10 600f0193 00000001 00000003 00000000 c0123a44 c0d34658 d1c9dcdc
[ 140.084442]{0} dcb4 c0104b18 00000000 00773594 00000001 c0882bfc 00000002 00000003 c0883080
[ 140.093841]{0} dcd4 7a40965e d1c9dd90 c015264c 00010000 d1c9c000 d215e780 00000000 00000000
[ 140.103240]{0} dcf4 c00ec0dc 200f0013 d1c9de50 c0d345f0 00000020 c0d34778 c0123aec c0d34778
[ 140.112640]{0} dd14 c0d345fc 7a40965e 00000020 c0d34778 c0d345f0 c0d345b8 00000000 c0d345f0
[ 140.122039]{0}
[ 140.122039]{0} R0: 0xd6c79eac:
[ 140.127380]{0} 9eac c0101724 ffffffff d6c80000 00000002 c08b3c90 00000000 c01018f0 00000000
[ 140.136779]{0} 9ecc 00000002 d6c80000 d6c8001c d6c52880 d6c78000 d63d6a80 c010190c 00000000
[ 140.146179]{0} 9eec 00000002 d6c80000 c000d910 000000c0 c0838a80 c0d58918 c0882a00 d6c78000
[ 140.155578]{0} 9f0c c0882b10 d6c79f38 00000002 c00fd068 c0882b10 c083c0c0 c013e2fc d6c52880
[ 140.164978]{0} 9f2c 00010000 d6c52880 c05a6da8 a0030193 ffffffff d6c79f7c c000d4d8 c08ca248
[ 140.174377]{0} 9f4c ffffffff 00000003 d6c78000 00000000 c08ca248 c08ca248 ffffffff 00000000
[ 140.183776]{0} 9f6c 00000000 60030193 00000004 00000000 d6c79f90 c00e02d4 c05a6da8 a0030193
[ 140.193206]{0} 9f8c ffffffff d6c79f90 d6c79f90 d6c79fac d6c3ff30 c00fc6f8 00000000 00000000
[ 140.202606]{0}
[ 140.202606]{0} R4: 0xc0882a94:
[ 140.207946]{0} 2a94 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 140.217376]{0} 2ab4 00000000 00000000 00000000 c0882a00 00000001 00000000 00000000 00000000
[ 140.226806]{0} 2ad4 00000000 00000005 c0836918 c013dda8 00000000 00000000 00000000 00000000
[ 140.236236]{0} 2af4 00000000 00000000 00000000 00000000 fffffed7 fffffed7 d6c52880 001e001d
[ 140.245666]{0} 2b14 d6c79f38 d6c79f38 00000001 00000000 00000000 00000000 00000000 00000000
[ 140.255096]{0} 2b34 00000000 00000000 00000000 00000000 00000000 c0882b44 00000000 c0882b4c
[ 140.264526]{0} 2b54 00000000 00000000 00000001 00000000 c0882b64 c0882b64 00000000 00000000
[ 140.273956]{0} 2b74 00000001 00000000 c0882b7c c0882b7c 00000000 00000000 00000000 00000000
[ 140.283416]{0} Process H? (pid: 0, stack limit = 0xd1c9c238)
[ 140.290405]{0} Stack: (0xd1c9dc90 to 0xd1c9e000)
[ 140.295562]{0} dc80:
2.4.2 分析原因
__wake_up_common 函数的代码如下:
static void __wake_up_common(wait_queue_head_t *q, unsigned int mode,
int nr_exclusive, int wake_flags, void *key)
{
wait_queue_t *curr, *next;
list_for_each_entry_safe(curr, next, &q->task_list, task_list) {
unsigned flags = curr->flags;
if (curr->func(curr, mode, wake_flags, key) &&
(flags & WQ_FLAG_EXCLUSIVE) && !--nr_exclusive)
break;
}
}
出问题时,PC在__wake_up_common+0x60/0x7c,则对__wake_up_common反汇编,代码如下:
00000238 <__wake_up_common>:
238: e92d4ff8 push {r3, r4, r5, r6, r7, r8, r9, sl, fp, lr}
23c: e1a04000 mov r4, r0
240: e1a0a003 mov sl, r3
244: e5b43004 ldr r3, [r4, #4]!
248: e28db024 add fp, sp, #36 ; 0x24
24c: e1a08001 mov r8, r1
250: e1a07002 mov r7, r2
254: e243000c sub r0, r3, #12
258: e5936000 ldr r6, [r3]
25c: e59b9004 ldr r9, [fp, #4]
260: e246600c sub r6, r6, #12
264: ea00000e b 2a4 <__wake_up_common+0x6c>
268: e590c008 ldr ip, [r0, #8]
26c: e1a01008 mov r1, r8
270: e1a0200a mov r2, sl
274: e1a03009 mov r3, r9
278: e5905000 ldr r5, [r0]
27c: e12fff3c blx ip
280: e3500000 cmp r0, #0
284: 0a000003 beq 298 <__wake_up_common+0x60>
288: e3150001 tst r5, #1
28c: 0a000001 beq 298 <__wake_up_common+0x60>
290: e2577001 subs r7, r7, #1
294: 08bd8ff8 popeq {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}
298: e596300c ldr r3, [r6, #12]
29c: e1a00006 mov r0, r6
2a0: e243600c sub r6, r3, #12
2a4: e280300c add r3, r0, #12
2a8: e1530004 cmp r3, r4
2ac: 1affffed bne 268 <__wake_up_common+0x30>
2b0: e8bd8ff8 pop {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}
R0的值赋值与R4,R4变为c0882b14;
R3是R4偏移4个字节后取内容,则R3是[0xc088 2b18] = d6c79f38
R6是R3的地址上取内容,则变为a0030193。
然后再减去12,变为a0030187
最后出错的地方是,R6再加上12取内容赋值给R3,即[a0030193],而这个虚拟地址找不到对应的物理地址,故内核panic了。
3 panic的真正原因
根据第二部分的叙述,因为每次panic的位置都不一样,暂时无法定位是哪一个具体函数产生的,则只能分析是什么操作导致的了。
大小核切换时,小核执行下电,则会执行下面一个这样的函数,里面有对cci-400的操作。
static int XXX_XXX_XXX_XXXX(u64 mpidr)
{
int cluster;
u32 port, a7_ctl, val;
cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1);
port = cluster ? CCI_SNOOP_CTL4_HA7 : CCI_SNOOP_CTL3_SA7;
a7_ctl = cluster ? CTL_AP_HA7_CTRL : CTL_AP_SA7_CTRL;
val = __raw_readl(io_p2v(port));
if(!(val & 0x3))
goto disable_acinactm;
val &= ~(0x3);
__raw_writel(val, io_p2v(port));
dsb();
while(__raw_readl(io_p2v(CCI_SNOOP_STATUS)) & 0x1)
cpu_relax();
disable_acinactm:
/* if cci port disabled, disable A7 ACINACTM */
if(!(__raw_readl(io_p2v(port)) & 0x3)){
val = __raw_readl(io_p2v(a7_ctl));
if(val & 0x1)
return 0;
val |= 0x1;
__raw_writel(val, io_p2v(a7_ctl));
}else
panic("Disalbe cluster %d cci port Error!!\n", cluster);
return 0;
}
该函数首先根据传入的CPU ID,判断是那一簇的CPU在执行操作;
然后获取对应的cci 侦测控制寄存器的地址、核控制寄存器的地址;
然后读取侦测控制寄存器,这个读取就会直接导致内核panic。
这个寄存器的描述,原文如下:
如黄色字体所示,只能在安全模式才能访问,除非设置了安全访问寄存器,这个寄存器的描述如下图所示。
如此,则在CPU上电后,切换到非安全的模式之前,设置Secure Access Register寄存器,将第0位设置成1,则非安全的那边也可以访问相关的cci-400寄存器了。
经过试验,内核的panic问题得以解决。