ARM Linux 内核 panic 之cache 一致性 ——cci-400 cache一致互联

时间:2015-06-08 21:13:45   收藏:0   阅读:3851

ARM Linux 内核 panic 之cache 一致性 ——cci-400 cache一致互联

CCI-400 集合了互联和一致性功能,有 2 个 ACE slave 接口和 3 个 ACE-Lite slave 接口,有 3 个 AXI master 接口。2 个 ACE slave 接口可以相互 snoop 对方,ACE-Lite slave 接口可以 snoop 这 2 个 ACE slave 接口。本文首先介绍cci-400相关结构,然后以内核的panic为引子,最后给出导致内核panic的真正原因。

1 cci-400

cci-400参考手册中的例子系统入下图所示。

技术分享

ACE slave 接口的3和4接cortex-a7或者a-15处理器;

ACE-Lite slave 接口的2接GPU(Mali-T604),1接一致性的I/O设备,0接DMA或者LCD;

AXI master接口的1和1接内存控制器,0接其它的设备。

 

而本文中的平台,cci结构图如下所示。

技术分享

挂接了4核的Cortex-A7、Mali T628的GPU、单核的Cortex-A7。

 

2 内核panic

承接上一篇博文,http://www.cnblogs.com/fozu/p/4552938.html

ARM Linux 大小核切换——cortex-A7 big.LITTLE 大小切换代码分析。

此处的大核就是4核中的CPU0,而小核就是那个单独的CPU。实际使用中,为了省电等,需要在这两个CPU之间来回切换。

目前的使用环境是这样的,5个Cortex-A7 CPU都处于ARM TrustZone的None-Secure模式(非安全的模式),这样让大核和小核互相切换。经过测试发现,小核一旦执行下电操作,就会导致内核的panic,且每次的panic位置都不一样,我截取了几处,下面详细分析。

2.1 sched_info_arrive

2.1.1 原始日志

[  186.935821]{4} IRQ41 no longer affine to CPU4

[  186.936523]{0} CPU4: shutdown

[  186.956817]{0} BUG: recent printk recursion!

[  186.956817]{0} Unable to handle kernel paging request at virtual address 600101a7

[  186.969970]{0} pgd = d31d8000

[  186.973297]{0} [600101a7] *pgd=00000000

[  186.977600]{0} Internal error: Oops: 5 [#1] PREEMPT SMP ARM

[  186.983886]{0} Modules linked in:

[  186.987609]{0} in dump_stack_print_info, line:2909         mpidr:0x80000100

[  186.994659]{0} CPU: 0 PID: 2034 Comm: sh Not tainted 3.10.0 #88

[  187.001312]{0} task: d5912880 ti: d3baa000 task.ti: d3baa000

[  187.007690]{0} PC is at sched_info_arrive+0x14/0xc8

[  187.013183]{0} LR is at __schedule+0x380/0x504

[  187.018188]{0} pc : [<c0103b78>]    lr : [<c05a6058>]    psr: 200f0193

[  187.018188]{0} sp : d3babdf8  ip : 00000590  fp : d3babe0c

[  187.031677]{0} r10: d6c51b00  r9 : 0000002b  r8 : 877ea4da

[  187.037841]{0} r7 : d5912b58  r6 : d3baa000  r5 : c0d36a80  r4 : d5912880

[  187.045501]{0} r3 : c0838a80  r2 : c08588d8  r1 : 60010193  r0 : d6c51b00

[  187.053131]{0} Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user

[  187.061553]{0} Control: 10c5387d  Table: 195d806a  DAC: 00000015

[  187.068298]{0}

[  187.068298]{0} PC: 0xc0103af8:

[  187.073699]{0} 3af8  e59f505c e59f605c e1a00005 eb12862a e595401c e2855018 e2444004 ea00000a

[  187.083190]{0} 3b18  e7962107 e5943000 e7930002 e3500000 0a000003 e5d4302c e3530000 1a000000

[  187.092681]{0} 3b38  ebffe422 e5944008 e2444004 e2843004 e1530005 1afffff1 e59f0004 e8bd40f8

[  187.102203]{0} 3b58  ea12857e c088044c c08588d8 e92d48f0 e28db014 e5901004 e59f20ac e59f30ac

[  187.111694]{0} 3b78  e591c014 e792210c e3a0ce1f e0833002 e2833e49 e1c360d0 e18020dc e1924003

[  187.121185]{0} 3b98  01a04002 01a05003 0a000003 e1a04006 e1a05007 e0544002 e0c55003 e3a02000

[  187.130676]{0} 3bb8  e3a03000 e18020fc e3a0ce1e e18020dc e0922004 e0a33005 e18020fc e3a03f7a

[  187.140167]{0} 3bd8  e59f2044 e18060f3 e59031d8 e2833001 e58031d8 e5911014 e59f3030 e7921101

[  187.149688]{0}

[  187.149688]{0} LR: 0xc05a5fd8:

[  187.155059]{0} 5fd8  e1c380d0 e3a03f7a e18400d3 0a000006 e3a0ce59 e18e20dc e0922008 e0a33009

[  187.164550]{0} 5ff8  e0522000 e0c33001 e18e20fc e5943000 e3530000 1a00000c e3a01e1f e18420d1

[  187.174072]{0} 6018  e1920003 1a000008 e5942004 e59f3194 e5920014 e59f2190 e7922100 e0833002

[  187.183563]{0} 6038  e2833e49 e1c320d0 e18420f1 e59e347c e15a0003 0a000001 e1a0000a ebed76c2

[  187.193054]{0} 6058  e59a8214 e3a03001 e58a3018 e3580000 e5947218 1a000007 e58a7218 e2873030

[  187.202575]{0} 6078  e1932f9f e2822001 e1831f92 e3310000 1afffffa ea000019 e5983158 e5969014

[  187.212066]{0} 6098  e313001f 0a00000b e3590000 e289301f a1a03009 e1a032c3 e0883103 e5932158

[  187.221557]{0} 60b8  e209301f e1a03332 e3130001 1a000001 ebe9c24d f57ff04f e1a00009 e2881f56

[  187.231048]{0}

[  187.231048]{0} SP: 0xd3babd78:

[  187.236419]{0} bd78  c0d36ac8 877ea4da d59128b8 c010ce60 c0d36ac8 d59128b8 84652f3a 0000000c

[  187.245941]{0} bd98  d59128b8 c0103b78 200f0193 ffffffff d3babde4 c000d4d8 d6c51b00 60010193

[  187.255432]{0} bdb8  c08588d8 c0838a80 d5912880 c0d36a80 d3baa000 d5912b58 877ea4da 0000002b

[  187.264923]{0} bdd8  d6c51b00 d3babe0c 00000590 d3babdf8 c05a6058 c0103b78 200f0193 ffffffff

[  187.274414]{0} bdf8  d5912880 c0d36a80 d3baa000 d5912b58 d3babe3c c05a6058 c083fad0 c0838a80

[  187.283905]{0} be18  0000004c d3baa000 200f0013 ffffffff d3babe84 c000d560 d3baa000 00000000

[  187.293365]{0} be38  d3babe4c c05a6614 000003ff c02ba184 00000000 c000d578 0000b9ca ffffffff

[  187.302825]{0} be58  0000475c c02ba158 00000001 00000014 f8899000 c088e470 0000001c 00000000

[  187.312286]{0}

[  187.312286]{0} FP: 0xd3babd8c:

[  187.317657]{0} bd8c  d59128b8 84652f3a 0000000c d59128b8 c0103b78 200f0193 ffffffff d3babde4

[  187.327117]{0} bdac  c000d4d8 d6c51b00 60010193 c08588d8 c0838a80 d5912880 c0d36a80 d3baa000

[  187.336608]{0} bdcc  d5912b58 877ea4da 0000002b d6c51b00 d3babe0c 00000590 d3babdf8 c05a6058

[  187.346130]{0} bdec  c0103b78 200f0193 ffffffff d5912880 c0d36a80 d3baa000 d5912b58 d3babe3c

[  187.355621]{0} be0c  c05a6058 c083fad0 c0838a80 0000004c d3baa000 200f0013 ffffffff d3babe84

[  187.365112]{0} be2c  c000d560 d3baa000 00000000 d3babe4c c05a6614 000003ff c02ba184 00000000

[  187.374633]{0} be4c  c000d578 0000b9ca ffffffff 0000475c c02ba158 00000001 00000014 f8899000

[  187.384124]{0} be6c  c088e470 0000001c 00000000 00000000 00000000 c0d34344 d3babe98 c001ab70

[  187.393646]{0}

[  187.393646]{0} R0: 0xd6c51a80:

[  187.399047]{0} 1a80  d6c3e004 d6c50000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000

[  187.408538]{0} 1aa0  60010193 00000000 00000000 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff

[  187.418029]{0} 1ac0  00000000 00000000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd

[  187.427551]{0} 1ae0  fb773bd7 00000000 ffbffffd 00001008 c0862a38 c08ca248 d6c51bd8 00000000

[  187.437072]{0} 1b00  00000000 60010193 00000000 c05980f0 c06fb857 d6c51b2c 00001008 d6c51b2c

[  187.446563]{0} 1b20  00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000400 00400000

[  187.456054]{0} 1b40  d6c50dc1 00000000 00000000 d6c51b4c d6c51b4c 00000000 877ea4da 0000002b

[  187.465576]{0} 1b60  000ba43c 00000000 ffea937b ffffffff 00007736 00000000 00000000 00000000

[  187.475067]{0}

[  187.475067]{0} R2: 0xc0858858:

[  187.480468]{0} 8858  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.489959]{0} 8878  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.499450]{0} 8898  00000064 c0d610c0 00009000 0000000f c0d61100 00000005 00000009 c0d61080

[  187.508941]{0} 88b8  0000002c c0d34000 c0d61000 c0d61040 00000001 00001000 00000000 00000004

[  187.518463]{0} 88d8  004fe000 00507000 00510000 00519000 00522000 00000000 00000002 0001dffb

[  187.527954]{0} 88f8  0001dfff 00002c0c 00002000 00000001 00000032 0000fffa 00000001 00000000

[  187.537445]{0} 8918  00000001 d6c08800 d6d400c0 c0592010 c018b5ec c018a65c c0187d74 00000000

[  187.546966]{0} 8938  c018b4e8 c0188298 c018824c 00000000 00000000 c0187650 00000003 00000000

[  187.556457]{0}

[  187.556457]{0} R3: 0xc0838a00:

[  187.561859]{0} 8a00  6d75536b 7972616d 3178303d 556d202c 41726573 76697463 53797469 616d6d75

[  187.571350]{0} 8a20  303d7972 202c3078 6f6f426d 6d6f4374 74656c70 743d6465 0a657572 302d3130

[  187.580841]{0} 8a40  32312031 3a32353a 352e3632 20203039 33373720 38202020 44203332 776f5020

[  187.590362]{0} 8a60  614d7265 6567616e 72655372 65636976 6168203a 656c646e 646e6153 3a6e616d

[  187.599853]{0} 8a80  6e616320 61657244 61663d6d 2c65736c 61576d20 7566656b 73656e6c 73413d73

[  187.609374]{0} 8aa0  7065656c 2d31300a 31203130 32353a32 2e36323a 20303935 37372020 20202033

[  187.618865]{0} 8ac0  20353837 63412056 69766974 614d7974 6567616e 73203a72 74726174 76726553

[  187.628356]{0} 8ae0  3a656369 746e4920 20746e65 6361207b 6f633d74 6e612e6d 696f7264 6d6d2e64

[  187.637847]{0}

[  187.637847]{0} R4: 0xd5912800:

[  187.643249]{0} 2800  00001008 c08ca248 00000000 00000000 00000000 00000000 00000000 00000020

[  187.652740]{0} 2820  00000000 0000c350 0000c350 00000000 00000000 00000000 00000000 00000000

[  187.662261]{0} 2840  00000000 00000000 e5900000 e3031670 e7d00001 e3500000 1a00001a e51f0da8

[  187.671752]{0} 2860  e5900000 e3041230 e0800001 e5d00001 e3500002 1a000001 e3a00000 eb00f0e1

[  187.681274]{0} 2880  00000000 d3baa000 00000002 00404100 00000000 c05a6dd8 a0010193 ffffffff

[  187.690765]{0} 28a0  d59128dc c000d4d8 c08ca248 ffffffff 00000011 d5912000 00000000 c08ca248

[  187.700286]{0} 28c0  c08ca248 ffffffff 00000000 00000000 60010193 00000000 00000000 d59128f0

[  187.709777]{0} 28e0  c00e02e8 c05a6dd8 a0010193 ffffffff 04306afd 00000000 00000008 00000000

[  187.719268]{0}

[  187.719268]{0} R5: 0xc0d36a00:

[  187.724670]{0} 6a00  00000000 d6c4d460 d6c4d460 00000000 00000001 00000000 00000000 00000000

[  187.734161]{0} 6a20  d6c216c0 00000000 00000000 00000001 00000000 00000000 00000000 00000000

[  187.743682]{0} 6a40  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.753173]{0} 6a60  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.762664]{0} 6a80  39133912 00000002 00000400 00000500 00000340 000001d0 000000f4 ffffd3cb

[  187.772186]{0} 6aa0  00000000 00000000 00000000 00000000 00000400 00000000 00002f5b 00000000

[  187.781677]{0} 6ac0  0003ec12 00000000 00000400 00000000 00000001 00000001 3c41cf92 0000000f

[  187.791198]{0} 6ae0  84652f3a 0000000c 84652f3a 0000000c d59128c0 d59128c0 00000000 00000000

[  187.800689]{0}

[  187.800689]{0} R6: 0xd3ba9f80:

[  187.806060]{0} 9f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.815582]{0} 9fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.825073]{0} 9fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.834564]{0} 9fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.844055]{0} a000  00000000 40000003 00000000 d5912880 c087e268 00000000 00000015 d5912880

[  187.853576]{0} a020  c0d36a80 d3baa000 d54b4e00 d54b4a80 00000000 d542c380 d3babe04 d3babdd8

[  187.863067]{0} a040  c05a6118 00000000 00000000 00000000 00000000 00000000 01010000 00000000

[  187.872589]{0} a060  b6f3ff24 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.882080]{0}

[  187.882080]{0} R7: 0xd5912ad8:

[  187.887481]{0} 2ad8  d5910d80 d5912adc d5912adc d5910fdc d5910fdc d5912880 d5912af0 d5912af0

[  187.896972]{0} 2af8  d5912af8 d5912af8 00000000 d0997848 d0997840 00000000 d099784c d0997840

[  187.906463]{0} 2b18  d5911018 d185dc10 d185dc00 d5912b24 d5912b24 00000000 00000000 00000000

[  187.915985]{0} 2b38  00000000 00000006 00000000 00000006 00000000 00000000 00000000 c05a6dd8

[  187.925476]{0} 2b58  a0010193 ffffffff d5912b9c c000d4d8 c08ca248 ffffffff 0000000f d5912000

[  187.934967]{0} 2b78  00000000 c08ca248 c08ca248 ffffffff 00000000 00000000 60010193 00000000

[  187.944488]{0} 2b98  00000000 d5912bb0 c00e02e8 c05a6dd8 a0010193 ffffffff 00000030 00000000

[  187.953979]{0} 2bb8  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  187.963470]{0}

[  187.963470]{0} R10: 0xd6c51a80:

[  187.968963]{0} 1a80  d6c3e004 d6c50000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000

[  187.978485]{0} 1aa0  60010193 00000000 00000000 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff

[  187.987976]{0} 1ac0  00000000 00000000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd

[  187.997497]{0} 1ae0  fb773bd7 00000000 ffbffffd 00001008 c0862a38 c08ca248 d6c51bd8 00000000

[  188.006988]{0} 1b00  00000000 60010193 00000000 c05980f0 c06fb857 d6c51b2c 00001008 d6c51b2c

[  188.016479]{0} 1b20  00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000400 00400000

[  188.025970]{0} 1b40  d6c50dc1 00000000 00000000 d6c51b4c d6c51b4c 00000000 877ea4da 0000002b

[  188.035461]{0} 1b60  000ba43c 00000000 ffea937b ffffffff 00007736 00000000 00000000 00000000

[  188.044982]{0} Process ??? (pid: 2034, stack limit = 0xd3baa238)

[  188.052337]{0} Stack: (0xd3babdf8 to 0xd3bac000)

[  188.057525]{0} bde0:                                                       d5912880 c0d36a80

[  188.067016]{0} be00: d3baa000 d5912b58 d3babe3c c05a6058 c083fad0 c0838a80 0000004c d3baa000

[  188.076538]{0} be20: 200f0013 ffffffff d3babe84 c000d560 d3baa000 00000000 d3babe4c c05a6614

[  188.086029]{0} be40: 000003ff c02ba184 00000000 c000d578 0000b9ca ffffffff 0000475c c02ba158

[  188.095520]{0} be60: 00000001 00000014 f8899000 c088e470 0000001c 00000000 00000000 00000000

[  188.105041]{0} be80: c0d34344 d3babe98 c001ab70 c02ba184 200f0013 ffffffff 0000001e 00000000

[  188.114532]{0} bea0: 00000000 c08616f8 00000000 c001ac00 00000000 00000000 00000064 c001775c

[  188.124053]{0} bec0: 00000000 c00179a0 00000004 00000000 00000000 c0593da8 00000004 c0591ac8

[  188.133544]{0} bee0: b8f1ec44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002

[  188.143035]{0} bf00: d6ce01c0 d09f3180 d09f3198 c05fe518 c0d58050 c0591bec c0d58048 c05921c8

[  188.152557]{0} bf20: 00000002 d3babf80 00000002 c02f9ee0 00000002 c01dca14 c5034480 00000002

[  188.162048]{0} bf40: b8f23e54 d3babf80 00000000 00000000 00000000 c018ed10 c5034480 b8f23e54

[  188.171569]{0} bf60: 00000002 c5034480 00000000 b8f23e54 00000002 00000000 00000000 c018f050

[  188.181060]{0} bf80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4

[  188.190582]{0} bfa0: d3baa000 c000d940 00000003 00000002 00000001 b8f23e54 00000002 ffffffff

[  188.200073]{0} bfc0: 00000003 00000002 00000001 00000004 b8f23e54 00000000 00000000 00000000

[  188.209594]{0} bfe0: 00000000 bede57b8 b6f50c5d b6eef338 20010010 00000001 e3c0600f e320f000

[  188.219085]{0} [<c0103b78>] (sched_info_arrive+0x14/0xc8) from [<c05a6058>] (__schedule+0x380/0x504)

[  188.229370]{0} [<c05a6058>] (__schedule+0x380/0x504) from [<c05a6614>] (preempt_schedule_irq+0x44/0x64)

[  188.239959]{0} [<c05a6614>] (preempt_schedule_irq+0x44/0x64) from [<c000d578>] (svc_preempt+0x8/0x18)

[  188.250366]{0} [<c000d578>] (svc_preempt+0x8/0x18) from [<c02ba184>] (__loop_delay+0x0/0xc)

[  188.259765]{0} Code: e28db014 e5901004 e59f20ac e59f30ac (e591c014)

[  188.266906]{0} ---[ end

2.1.2 分析原因

sched_info_arrive函数的代码如下:

static void sched_info_arrive(struct task_struct *t)

{

         unsigned long long now = task_rq(t)->clock, delta = 0;

 

         if (t->sched_info.last_queued)

                   delta = now - t->sched_info.last_queued;

         sched_info_reset_dequeued(t);

         t->sched_info.run_delay += delta;

         t->sched_info.last_arrival = now;

         t->sched_info.pcount++;

 

         rq_sched_info_arrive(task_rq(t), delta);

}

内核panic后PC指针的位置在sched_info_arrive+0x14/0xc8,将这个函数反汇编后如下:

00000000 <sched_info_arrive>:

       0:        e92d48f0         push          {r4, r5, r6, r7, fp, lr}

       4:        e28db014        add  fp, sp, #20

       8:        e5901004        ldr    r1, [r0, #4]

       c:        e59f20ac         ldr    r2, [pc, #172]   ; c0 <sched_info_arrive+0xc0>

      10:        e59f30ac         ldr    r3, [pc, #172]   ; c4 <sched_info_arrive+0xc4>

      14:        e591c014        ldr    ip, [r1, #20]

      18:        e792210c        ldr    r2, [r2, ip, lsl #2]               

 

task_rq(t) -> cpu_rq(task_cpu(p))

task_cpu(p) -> task_thread_info(p)->cpu;

#define task_thread_info(task)       ((struct thread_info *)(task)->stack)

(task)->stack) 就是传入的参数指针p的第二个变量,是个指针,然后将其转化为struct thread_info型的指针。对应的汇编就是上面的标号8处,此时的r0是0x d6c5  1b00,则R1变为[0x d6c5 1b00 + 4]取内容,则R1变为0x 6001 0193。

 

出问题的地方是标号14处,意思是将R1地址加上20,然后在这个地址上取内容,赋值给ip,[0x6001 0193 + 20(0x14)     ]就是[0x6001        01a7],而这个地址是错误的虚拟地址,找不到对应的物理地址,故内核panic了。

2.2 do_set_cpus_allowed

2.2.1原始日志

[  156.644378]{4} IRQ41 no longer affine to CPU4

[  156.645019]{0} CPU4: shutdown

[  156.655181]{0} BUG: recent printk recursion!

[  156.655181]{0} Unable to handle kernel paging request at virtual address 00030000

[  156.668334]{0} pgd = d1260000

[  156.671661]{0} [00030000] *pgd=00000000

[  156.675964]{0} Internal error: Oops: 80000005 [#1] PREEMPT SMP ARM

[  156.682891]{0} Modules linked in:

[  156.686584]{0} in dump_stack_print_info, line:2909         mpidr:0x80000100

[  156.693603]{0} CPU: 0 PID: 1989 Comm: sh Not tainted 3.10.0 #88

[  156.700256]{0} task: cfeb3180 ti: d12c2000 task.ti: d12c2000

[  156.706604]{0} PC is at 0x30000

[  156.710113]{0} LR is at do_set_cpus_allowed+0x2c/0x48

[  156.715759]{0} pc : [<00030000>]    lr : [<c0109c0c>]    psr: 20010193

[  156.715759]{0} sp : d12c3bf0  ip : 00000004  fp : d12c3bfc

[  156.729248]{0} r10: c05d216c  r9 : 00000000  r8 : c05d2164

[  156.735382]{0} r7 : c0858410  r6 : 00000002  r5 : c0857b98  r4 : d6c52880

[  156.743011]{0} r3 : 00030002  r2 : 00000004  r1 : c0857b98  r0 : d6c52880

[  156.750610]{0} Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user

[  156.759002]{0} Control: 10c5387d  Table: 1766006a  DAC: 00000015

[  156.765747]{0}

[  156.765747]{0} LR: 0xc0109b8c:

[  156.771118]{0} 9b8c  0a000001 e1a00004 ebffffb7 e59432a4 e50b3018 e51b4018 e2444fa9 e1540005

[  156.780578]{0} 9bac  1afffff2 e59431f8 e50b3018 e51b5018 e2455f7e e1550007 1affffeb eb00378b

[  156.790039]{0} 9bcc  e24bd014 e8bd48f0 eaffc070 c08616f8 c071b5fc e92d4830 e1a04000 e5903030

[  156.799530]{0} 9bec  e28db00c e1a05001 e3530000 0a000003 e5933038 e3530000 0a000000 e12fff33

[  156.808990]{0} 9c0c  e5953000 e58431bc e5950000 e200001f eb07021e e58401b8 e8bd8830 e92d4ff8

[  156.818450]{0} 9c2c  e1a04000 e28db024 e1a06001 e1a05002 f57ff05f e2807fee e1a00007 eb127470

[  156.827941]{0} 9c4c  e5943000 e0166003 01a04006 e1a0a000 0a000067 e5943004 e5938014 e594301c

[  156.837402]{0} 9c6c  e3530000 0a00001f e59f9198 e5943004 e59f2194 e5933014 e7926103 e0896006

[  156.846893]{0}

[  156.846893]{0} SP: 0xd12c3b70:

[  156.852264]{0} 3b70  c08588d8 004fe000 00000000 20010193 d12c3bf4 c010fda8 cfeb31b8 c010ce60

[  156.861724]{0} 3b90  00000000 00030000 20010193 ffffffff d12c3bdc c000d638 d6c52880 c0857b98

[  156.871185]{0} 3bb0  00000004 00030002 d6c52880 c0857b98 00000002 c0858410 c05d2164 00000000

[  156.880676]{0} 3bd0  c05d216c d12c3bfc 00000004 d12c3bf0 c0109c0c 00030000 20010193 ffffffff

[  156.890136]{0} 3bf0  00000005 d6c52880 d12c3c24 c0598bf8 d6c78000 d6c52880 00000000 00000001

[  156.899627]{0} 3c10  d6c52c38 00000001 00000000 20010193 d12c3c4c c0109dbc 00000000 d6c79f2c

[  156.909088]{0} 3c30  00000000 c0882b08 00000001 00000003 00000000 00000000 d12c3c7c c00fd088

[  156.918579]{0} 3c50  c0882b14 c0103de4 00000000 c0882b10 60010193 00000001 00000003 00000000

[  156.928039]{0}

[  156.928039]{0} FP: 0xd12c3b7c:

[  156.933410]{0} 3b7c  20010193 d12c3bf4 c010fda8 cfeb31b8 c010ce60 00000000 00030000 20010193

[  156.942901]{0} 3b9c  ffffffff d12c3bdc c000d638 d6c52880 c0857b98 00000004 00030002 d6c52880

[  156.952362]{0} 3bbc  c0857b98 00000002 c0858410 c05d2164 00000000 c05d216c d12c3bfc 00000004

[  156.961853]{0} 3bdc  d12c3bf0 c0109c0c 00030000 20010193 ffffffff 00000005 d6c52880 d12c3c24

[  156.971313]{0} 3bfc  c0598bf8 d6c78000 d6c52880 00000000 00000001 d6c52c38 00000001 00000000

[  156.980804]{0} 3c1c  20010193 d12c3c4c c0109dbc 00000000 d6c79f2c 00000000 c0882b08 00000001

[  156.990295]{0} 3c3c  00000003 00000000 00000000 d12c3c7c c00fd088 c0882b14 c0103de4 00000000

[  156.999786]{0} 3c5c  c0882b10 60010193 00000001 00000003 00000000 c0123a58 c0d34658 d12c3ca4

[  157.009277]{0}

[  157.009277]{0} R0: 0xd6c52800:

[  157.014648]{0} 2800  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000020

[  157.024169]{0} 2820  00000000 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff

[  157.033660]{0} 2840  00000012 d6c52000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000

[  157.043121]{0} 2860  60010193 00000000 00000000 d6c52880 c00e02e8 c05a6dd8 a0010193 ffffffff

[  157.052612]{0} 2880  00000100 d6c78000 00000002 00208040 00000000 00000000 00000000 00000000

[  157.062103]{0} 28a0  00000078 00000000 00000078 00001008 c0862a38 c08ca248 d6c52998 00000000

[  157.071594]{0} 28c0  00000000 60010193 00000000 c05980f0 c06fb857 d6c528ec 00001008 d6c528ec

[  157.081085]{0} 28e0  00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000000 00000000

[  157.090576]{0}

[  157.090576]{0} R1: 0xc0857b18:

[  157.095947]{0} 7b18  90d34de8 5a0fecb3 a5d9c4e1 6f0565ba 31608756 fbbc260d 3ab7828b f06b23d0

[  157.105438]{0} 7b38  ae0ec13c 64d26067 00000000 00000001 c0019090 ffffffff c000f9b8 00000009

[  157.114929]{0} 7b58  000fb0d7 00000012 c0017174 c00171ac 90f00000 c0016cc0 c0016c84 00000690

[  157.124420]{0} 7b78  00000000 0000ea60 00001388 00000000 00000000 00000000 00000001 0000001f

[  157.133911]{0} 7b98  0000001f 00000001 00000000 d6c20a80 d6c20b40 d6c20c00 d6c22100 d6c20cc0

[  157.143402]{0} 7bb8  00000000 0000003c 00000001 00000000 00002e7b 000003e8 00000001 00000001

[  157.152893]{0} 7bd8  00000020 00000001 00000000 0007a120 0000000a 00989680 00004e20 00000000

[  157.162384]{0} 7bf8  00000000 00000000 00000000 00000001 00000000 00000000 00000000 00000000

[  157.171874]{0}

[  157.171874]{0} R4: 0xd6c52800:

[  157.177246]{0} 2800  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000020

[  157.186737]{0} 2820  00000000 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff

[  157.196197]{0} 2840  00000012 d6c52000 00000000 c08ca248 c08ca248 ffffffff 00000000 00000000

[  157.205688]{0} 2860  60010193 00000000 00000000 d6c52880 c00e02e8 c05a6dd8 a0010193 ffffffff

[  157.215148]{0} 2880  00000100 d6c78000 00000002 00208040 00000000 00000000 00000000 00000000

[  157.224639]{0} 28a0  00000078 00000000 00000078 00001008 c0862a38 c08ca248 d6c52998 00000000

[  157.234100]{0} 28c0  00000000 60010193 00000000 c05980f0 c06fb857 d6c528ec 00001008 d6c528ec

[  157.243591]{0} 28e0  00001008 c0008364 c06fb857 c06fb93b 00001008 c08ca248 00000000 00000000

[  157.253051]{0}

[  157.253051]{0} R5: 0xc0857b18:

[  157.258422]{0} 7b18  90d34de8 5a0fecb3 a5d9c4e1 6f0565ba 31608756 fbbc260d 3ab7828b f06b23d0

[  157.267883]{0} 7b38  ae0ec13c 64d26067 00000000 00000001 c0019090 ffffffff c000f9b8 00000009

[  157.277374]{0} 7b58  000fb0d7 00000012 c0017174 c00171ac 90f00000 c0016cc0 c0016c84 00000690

[  157.286834]{0} 7b78  00000000 0000ea60 00001388 00000000 00000000 00000000 00000001 0000001f

[  157.296295]{0} 7b98  0000001f 00000001 00000000 d6c20a80 d6c20b40 d6c20c00 d6c22100 d6c20cc0

[  157.305755]{0} 7bb8  00000000 0000003c 00000001 00000000 00002e7b 000003e8 00000001 00000001

[  157.315216]{0} 7bd8  00000020 00000001 00000000 0007a120 0000000a 00989680 00004e20 00000000

[  157.324676]{0} 7bf8  00000000 00000000 00000000 00000001 00000000 00000000 00000000 00000000

[  157.334106]{0}

[  157.334106]{0} R7: 0xc0858390:

[  157.339477]{0} 8390  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  157.348937]{0} 83b0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  157.358398]{0} 83d0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  157.367858]{0} 83f0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001

[  157.377288]{0} 8410  00000005 00000001 00000001 00000000 0000000a 00000000 00008000 00000000

[  157.386749]{0} 8430  00000000 00000000 00000001 00000001 00000001 00000001 00000001 c0858664

[  157.396209]{0} 8450  0000001f 00000000 00000000 00000000 c08ac370 c08ac3b0 c08ac3f0 c08ac430

[  157.405670]{0} 8470  c08ac470 c08ac4b0 c08ac4f0 c08ac530 c08ac570 c08ac5b0 c08ac5f0 c08ac630

[  157.415130]{0}

[  157.415130]{0} R8: 0xc05d20e4:

[  157.420501]{0} 20e4  00000001 00000002 00000004 00000008 00000010 00000020 00000040 00000080

[  157.429931]{0} 2104  00000100 00000200 00000400 00000800 00001000 00002000 00004000 00008000

[  157.439392]{0} 2124  00010000 00020000 00040000 00080000 00100000 00200000 00400000 00800000

[  157.448852]{0} 2144  01000000 02000000 04000000 08000000 10000000 20000000 40000000 80000000

[  157.458312]{0} 2164  c0857b9c c0857b94 c0857b90 c0857b98 0000001f 00000000 c073b489 00000001

[  157.467773]{0} 2184  c0719aec 00000002 c0719ac1 00000003 c0719ac8 00000004 c0739ec2 00000005

[  157.477233]{0} 21a4  c0719acf 00000006 c0719adc 00000007 c0719ae4 00000008 c0719aea 00000009

[  157.486694]{0} 21c4  c0719af2 ffffffff 00000000 63657622 2075253d 7463615b 3d6e6f69 225d7325

[  157.496154]{0}

[  157.496154]{0} R10: 0xc05d20ec:

[  157.501586]{0} 20ec  00000004 00000008 00000010 00000020 00000040 00000080 00000100 00000200

[  157.511047]{0} 210c  00000400 00000800 00001000 00002000 00004000 00008000 00010000 00020000

[  157.520507]{0} 212c  00040000 00080000 00100000 00200000 00400000 00800000 01000000 02000000

[  157.529968]{0} 214c  04000000 08000000 10000000 20000000 40000000 80000000 c0857b9c c0857b94

[  157.539428]{0} 216c  c0857b90 c0857b98 0000001f 00000000 c073b489 00000001 c0719aec 00000002

[  157.548889]{0} 218c  c0719ac1 00000003 c0719ac8 00000004 c0739ec2 00000005 c0719acf 00000006

[  157.558349]{0} 21ac  c0719adc 00000007 c0719ae4 00000008 c0719aea 00000009 c0719af2 ffffffff

[  157.567810]{0} 21cc  00000000 63657622 2075253d 7463615b 3d6e6f69 225d7325 4552202c 763e2d43

[  157.577239]{0} Process sh (pid: 1989, stack limit = 0xd12c2238)

[  157.583892]{0} Stack: (0xd12c3bf0 to 0xd12c4000)

[  157.589050]{0} 3be0:                                     00000005 d6c52880 d12c3c24 c0598bf8

[  157.598510]{0} 3c00: d6c78000 d6c52880 00000000 00000001 d6c52c38 00000001 00000000 20010193

[  157.607940]{0} 3c20: d12c3c4c c0109dbc 00000000 d6c79f2c 00000000 c0882b08 00000001 00000003

[  157.617401]{0} 3c40: 00000000 00000000 d12c3c7c c00fd088 c0882b14 c0103de4 00000000 c0882b10

[  157.626861]{0} 3c60: 60010193 00000001 00000003 00000000 c0123a58 c0d34658 d12c3ca4 c0104b2c

[  157.636291]{0} 3c80: 00000000 00773594 00000001 c0882bfc 00000002 00000003 c0883080 724f1086

[  157.645751]{0} 3ca0: d12c3d58 c0152660 00010000 d12c2000 cfeb3180 00000000 00000000 c00ec0f0

[  157.655181]{0} 3cc0: 60010013 d12c3e18 c0d345f0 00000024 c0d34778 c0123b00 c0d34778 c0d345fc

[  157.664642]{0} 3ce0: 724f1086 00000024 c0d34778 c0d345f0 c0d345b8 00000000 c0d345f0 c00ff940

[  157.674102]{0} 3d00: c0d34778 d12c3d58 724f099d 71ea4080 00000024 c0d345b8 00000000 c0d345f0

[  157.683563]{0} 3d20: c0d34690 c0d34658 c0d346c8 c010052c 724f099d 00000024 ffffffff 7fffffff

[  157.692993]{0} 3d40: 724f099d 00000024 c0d35ec4 00000003 724f099d 00000024 724f099d 00000024

[  157.702453]{0} 3d60: ffffc7f4 c08675c0 0000004c 00000001 0000004c 00000000 00000000 60010013

[  157.711883]{0} 3d80: 00000000 c00192a0 c0867740 d12c2000 c083fa80 c01366d0 c08ca72c d12c3da8

[  157.721343]{0} 3da0: 00000000 c07194f4 0000009c c083fa80 c083fad0 c0867740 d12c3e4c 00000000

[  157.730804]{0} 3dc0: 00000000 60010013 00000000 c01368e8 c083fa80 c083fad0 c0858ab0 c0139298

[  157.740234]{0} 3de0: c01391dc 0000004c 00000000 c0135f60 000001ca c000e2e0 0000004c f811a000

[  157.749694]{0} 3e00: d12c3e18 c0008478 c00e05d4 60010013 ffffffff c000d540 c0d34340 c0d35a90

[  157.759155]{0} 3e20: 00000000 00000000 0000000e 00000006 c08cab52 00000005 00000000 00000000

[  157.768585]{0} 3e40: 60010013 00000000 c0d34344 d12c3e60 c00dfdc0 c00e05d4 60010013 ffffffff

[  157.778045]{0} 3e60: 00000000 00000000 00000000 00000000 c08cab52 0000000e d12c3e78 000001f4

[  157.787506]{0} 3e80: 00000000 00000000 00000002 00000004 00000000 00000000 c08616f8 00000000

[  157.796936]{0} 3ea0: 00000000 00000000 00000000 c05980f0 c06fb089 d12c3ecc 00000000 d12c3ecc

[  157.806396]{0} 3ec0: 00000004 c0593d90 c06fb089 00000004 00000000 00000000 00000004 c0591ac8

[  157.815856]{0} 3ee0: b83eec44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002

[  157.825286]{0} 3f00: d6ce01c0 c6eb8980 c6eb8998 c05fe518 c0d58050 c0591bec c0d58048 c05921c8

[  157.834747]{0} 3f20: 00000002 d12c3f80 00000002 c02f9ee0 00000002 c01dca14 d22a1900 00000002

[  157.844207]{0} 3f40: b83f3f54 d12c3f80 00000000 00000000 00000000 c018ed10 d22a1900 b83f3f54

[  157.853637]{0} 3f60: 00000002 d22a1900 00000000 b83f3f54 00000002 00000000 00000000 c018f050

[  157.863098]{0} 3f80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4

[  157.872528]{0} 3fa0: d12c2000 c000d940 00000003 00000002 00000001 b83f3f54 00000002 ffffffff

[  157.881988]{0} 3fc0: 00000003 00000002 00000001 00000004 b83f3f54 00000000 00000000 00000000

[  157.891448]{0} 3fe0: 00000000 bee777b8 b6f6ac5d b6f09338 20010010 00000001 00000000 00000000

[  157.900909]{0} [<c0109c0c>] (do_set_cpus_allowed+0x2c/0x48) from [<c0598bf8>] (select_fallback_rq+0x13c/0x19c)

[  157.912109]{0} [<c0598bf8>] (select_fallback_rq+0x13c/0x19c) from [<c0109dbc>] (try_to_wake_up+0x194/0x1f8)

[  157.923004]{0} [<c0109dbc>] (try_to_wake_up+0x194/0x1f8) from [<c00fd088>] (autoremove_wake_function+0xc/0x34)

[  157.934204]{0} [<c00fd088>] (autoremove_wake_function+0xc/0x34) from [<c0103de4>] (__wake_up_common+0x48/0x7c)

[  157.945404]{0} [<c0103de4>] (__wake_up_common+0x48/0x7c) from [<c0104b2c>] (__wake_up+0x3c/0x50)

[  157.955261]{0} [<c0104b2c>] (__wake_up+0x3c/0x50) from [<c0152660>] (__irq_work_run+0x90/0xc8)

[  157.964904]{0} [<c0152660>] (__irq_work_run+0x90/0xc8) from [<c00ec0f0>] (update_process_times+0x50/0x64)

[  157.975616]{0} [<c00ec0f0>] (update_process_times+0x50/0x64) from [<c0123b00>] (tick_sched_timer+0xa8/0xdc)

[  157.986541]{0} [<c0123b00>] (tick_sched_timer+0xa8/0xdc) from [<c00ff940>] (__run_hrtimer+0x1a4/0x2b8)

[  157.996948]{0} [<c00ff940>] (__run_hrtimer+0x1a4/0x2b8) from [<c010052c>] (hrtimer_interrupt+0x11c/0x278)

[  158.007659]{0} [<c010052c>] (hrtimer_interrupt+0x11c/0x278) from [<c00192a0>] (clockevent_interrupt_cb+0x120/0x144)

[  158.019348]{0} [<c00192a0>] (clockevent_interrupt_cb+0x120/0x144) from [<c01366d0>] (handle_irq_event_percpu+0xb0/0x28c)

[  158.031524]{0} [<c01366d0>] (handle_irq_event_percpu+0xb0/0x28c) from [<c01368e8>] (handle_irq_event+0x3c/0x5c)

[  158.042846]{0} [<c01368e8>] (handle_irq_event+0x3c/0x5c) from [<c0139298>] (handle_fasteoi_irq+0xbc/0x124)

[  158.053649]{0} [<c0139298>] (handle_fasteoi_irq+0xbc/0x124) from [<c0135f60>] (generic_handle_irq+0x30/0x44)

[  158.064666]{0} [<c0135f60>] (generic_handle_irq+0x30/0x44) from [<c000e2e0>] (handle_IRQ+0x64/0x8c)

[  158.074798]{0} [<c000e2e0>] (handle_IRQ+0x64/0x8c) from [<c0008478>] (gic_handle_irq+0x34/0x58)

[  158.084533]{0} [<c0008478>] (gic_handle_irq+0x34/0x58) from [<c000d540>] (__irq_svc+0x40/0x70)

[  158.094177]{0} Exception stack(0xd12c3e18 to 0xd12c3e60)

[  158.100128]{0} 3e00:                                                       c0d34340 c0d35a90

[  158.109558]{0} 3e20: 00000000 00000000 0000000e 00000006 c08cab52 00000005 00000000 00000000

[  158.119018]{0} 3e40: 60010013 00000000 c0d34344 d12c3e60 c00dfdc0 c00e05d4 60010013 ffffffff

[  158.128479]{0} [<c000d540>] (__irq_svc+0x40/0x70) from [<c00e05d4>] (vprintk_emit+0x3e4/0x434)

[  158.138122]{0} [<c00e05d4>] (vprintk_emit+0x3e4/0x434) from [<c05980f0>] (printk+0x2c/0x3c)

[  158.147460]{0} [<c05980f0>] (printk+0x2c/0x3c) from [<c0593d90>] (__cpu_die+0x34/0x78)

[  158.156341]{0} [<c0593d90>] (__cpu_die+0x34/0x78) from [<c0591ac8>] (_cpu_down+0x130/0x22c)

[  158.165679]{0} [<c0591ac8>] (_cpu_down+0x130/0x22c) from [<c0591bec>] (cpu_down+0x28/0x3c)

[  158.174926]{0} [<c0591bec>] (cpu_down+0x28/0x3c) from [<c05921c8>] (store_online+0x2c/0x74)

[  158.184295]{0} [<c05921c8>] (store_online+0x2c/0x74) from [<c02f9ee0>] (dev_attr_store+0x18/0x24)

[  158.194244]{0} [<c02f9ee0>] (dev_attr_store+0x18/0x24) from [<c01dca14>] (sysfs_write_file+0x7c/0xb0)

[  158.204559]{0} [<c01dca14>] (sysfs_write_file+0x7c/0xb0) from [<c018ed10>] (vfs_write+0xd4/0x16c)

[  158.214477]{0} [<c018ed10>] (vfs_write+0xd4/0x16c) from [<c018f050>] (SyS_write+0x3c/0x60)

[  158.223754]{0} [<c018f050>] (SyS_write+0x3c/0x60) from [<c000d940>] (ret_fast_syscall+0x0/0x30)

[  158.233489]{0} Code: bad PC value

[  158.237182]{0} ---[ end trace 1e855ca44fc46f0a ]---

2.2.2 分析原因

do_set_cpus_allowed函数的代码如下。

void do_set_cpus_allowed(struct task_struct *p, const struct cpumask *new_mask)

{

         if (p->sched_class && p->sched_class->set_cpus_allowed)

                   p->sched_class->set_cpus_allowed(p, new_mask);

 

         cpumask_copy(&p->cpus_allowed, new_mask);

         p->nr_cpus_allowed = cpumask_weight(new_mask);

}

内核panic后PC指针的位置在PC is at 0x30000,而LR在do_set_cpus_allowed+0x2c/0x48,PC是个错误的值,则只能根据LR反推了,将这个函数反汇编后如下:

0000607c <do_set_cpus_allowed>:

    607c:        e92d4830        push          {r4, r5, fp, lr}

    6080:        e1a04000        mov r4, r0

    6084:        e5903030        ldr    r3, [r0, #48]     ; 0x30

    6088:        e28db00c        add  fp, sp, #12

    608c:        e1a05001        mov r5, r1

    6090:        e3530000        cmp r3, #0

    6094:        0a000003        beq  60a8 <do_set_cpus_allowed+0x2c>

    6098:        e5933038        ldr    r3, [r3, #56]     ; 0x38

    609c:        e3530000        cmp r3, #0

    60a0:        0a000000        beq  60a8 <do_set_cpus_allowed+0x2c>

    60a4:        e12fff33          blx    r3

    60a8:        e5953000        ldr    r3, [r5]

p->sched_class 就是指针p偏移48个字节,当时的R0是(后来的R4的值)0x d6c5 2880,则[0xd6c5 2880 + 48]=[0xd6c5 28b0]的内容是c0862a38,赋值给R3。

R3和0比较,不为0,则p->sched_class->set_cpus_allowed就是在R3的基础上偏移56个字节,[0xc086 2a38+56]=[0xc086 2a70],取出的内容赋值给R3

 

内核编译的system.map文件中,部分内容如下,则0xc086 2a70在fsr_info中的一个地方。

c08629b8 d fsr_info

c0862bb8 d ifsr_info

struct fsr_info {

         int    (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs);

         int    sig;

         int    code;

         const char *name;

};    //占据16个字节

 

static struct fsr_info fsr_info[] = {

         /*

          * The following are the standard ARMv3 and ARMv4 aborts.  ARMv5

          * defines these to be "precise" aborts.

          */

         { do_bad,          SIGSEGV, 0,               "vector exception"              },                                                 // 29b8

         { do_bad,          SIGBUS,   BUS_ADRALN,        "alignment exception"                 },                                                                                            

         { do_bad,          SIGKILL, 0,                 "terminal exception"                    },

         { do_bad,          SIGBUS,   BUS_ADRALN,        "alignment exception"                 },

         { do_bad,          SIGBUS,   0,             "external abort on linefetch"     },

         { do_translation_fault,    SIGSEGV, SEGV_MAPERR,       "section translation fault"          },                  //2a08

         { do_bad,          SIGBUS,   0,             "external abort on linefetch"     },

         { do_page_fault,      SIGSEGV, SEGV_MAPERR,       "page translation fault"     },

         { do_bad,          SIGBUS,   0,             "external abort on non-linefetch"  },

         { do_bad,          SIGSEGV, SEGV_ACCERR,        "section domain fault"                 },

         { do_bad,          SIGBUS,   0,             "external abort on non-linefetch"  },

         { do_bad,          SIGSEGV, SEGV_ACCERR,        "page domain fault"                     },                   //2a68

         { do_bad,          SIGBUS,   0,             "external abort on translation"          },

         { do_sect_fault,        SIGSEGV, SEGV_ACCERR,        "section permission fault"          },

         { do_bad,          SIGBUS,   0,             "external abort on translation"          },

         { do_page_fault,      SIGSEGV, SEGV_ACCERR,        "page permission fault"              },

         /*

          * The following are "imprecise" aborts, which are signalled by bit

          * 10 of the FSR, and may not be recoverable.  These are only

          * supported if the CPU abort handler supports bit 10.

          */

         { do_bad,          SIGBUS,  0,              "unknown 16"                       },

         { do_bad,          SIGBUS,  0,              "unknown 17"                       },

         { do_bad,          SIGBUS,  0,              "unknown 18"                       },

         { do_bad,          SIGBUS,  0,              "unknown 19"                       },

         { do_bad,          SIGBUS,  0,              "lock abort"                           }, /* xscale */

         { do_bad,          SIGBUS,  0,              "unknown 21"                       },

         { do_bad,          SIGBUS,  BUS_OBJERR,          "imprecise external abort"         }, /* xscale */

         { do_bad,          SIGBUS,  0,              "unknown 23"                       },

         { do_bad,          SIGBUS,  0,              "dcache parity error"                   }, /* xscale */

         { do_bad,          SIGBUS,  0,              "unknown 25"                       },

         { do_bad,          SIGBUS,  0,              "unknown 26"                       },

         { do_bad,          SIGBUS,  0,              "unknown 27"                       },

         { do_bad,          SIGBUS,  0,              "unknown 28"                       },

         { do_bad,          SIGBUS,  0,              "unknown 29"                       },

         { do_bad,          SIGBUS,  0,              "unknown 30"                       },

         { do_bad,          SIGBUS,  0,              "unknown 31"                       },

};

则共32*16=512个字节,就是从c08629b8到c0862bb8。

0xc086 2a70对应的内容是SEGV_ACCERR的值。

#define SEGV_ACCERR    (__SI_FAULT|2)         =  3<<16 | 2            =      0x0003 0002

则R3的值变为0x 0003 0002。

blx    r3,PC跳转到这样的地址,当然是要出错的。

2.3 _raw_spin_lock

2.3.1 原始日志

[  126.963012]{4} IRQ41 no longer affine to CPU4

[  126.968200]{0} Alignment trap: not handling instruction e1903f9f at [<c05a6da8>]

[  126.981109]{0} BUG: recent printk recursion!

[  126.981109]{0} Unhandled fault: alignment exception (0x001) at 0xffffffff

[  126.993316]{0} Internal error: : 1 [#1] PREEMPT SMP ARM

[  126.999084]{0} Modules linked in:

[  127.002746]{0} in dump_stack_print_info, line:2909         mpidr:0x80000100

[  127.009674]{0} CPU: 0 PID: 1906 Comm: sh Not tainted 3.10.0 #99

[  127.016204]{0} task: c62b5a00 ti: c8e52000 task.ti: c8e52000

[  127.022460]{0} PC is at _raw_spin_lock+0x1c/0x50

[  127.027557]{0} LR is at __queue_work+0x118/0x364

[  127.032653]{0} pc : [<c05a6dac>]    lr : [<c00f5f78>]    psr: 200f0193

[  127.032653]{0} sp : c8e53d50  ip : 371ad678  fp : c08588d8

[  127.045928]{0} r10: 00000000  r9 : ffffffff  r8 : 00000005

[  127.051971]{0} r7 : d6c20a80  r6 : c8e52000  r5 : c08a77fc  r4 : c0d39d00

[  127.059478]{0} r3 : c8e52000  r2 : 00000101  r1 : 00000008  r0 : ffffffff

[  127.066986]{0} Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user

[  127.075256]{0} Control: 10c5387d  Table: 0800006a  DAC: 00000015

[  127.081878]{0}

[  127.081878]{0} PC: 0xc05a6d2c:

[  127.087158]{0} 6d2c  f57ff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eb000026 e1a01000 eafffff3

[  127.096496]{0} 6d4c  e3e03000 e5843000 e89d000c e1a00005 e5823004 e5832000 e59f2010 e59f3010

[  127.105834]{0} 6d6c  e88d000c eb0000e9 e28dd014 e8bd80f0 00100100 00200200 e3a01000 eaffffcd

[  127.115173]{0} 6d8c  00000000 e1a0200d e3c23d7f e3c3303f e5932004 e2822001 e5832004 e1903f9f

[  127.124511]{0} 6dac  e2832801 e1801f92 e3310000 1afffffa e6ff2073 e7ef3853 ea000001 e320f002

[  127.133850]{0} 6dcc  e1d020b0 e1530002 1afffffb f57ff05f e12fff1e e1a03000 e10f0000 f10c0080

[  127.143157]{0} 6dec  e1a0100d e3c12d7f e3c2203f e5921004 e2811001 e5821004 e1932f9f e2821801

[  127.152496]{0} 6e0c  e183cf91 e33c0000 1afffffa e6ff1072 e7ef2852 ea000001 e320f002 e1d310b0

[  127.161834]{0}

[  127.161834]{0} LR: 0xc00f5ef8:

[  127.167114]{0} 5ef8  0a000009 e59f42ac e5d43010 e3530001 0a0000a6 e59f02a0 e300151b ebffa0c5

[  127.176452]{0} 5f18  e3a03001 e5c43010 ea0000a0 e1a0200d e59fb288 e3c26d7f e3c6603f e3580005

[  127.185760]{0} 5f38  e5973080 0596a014 e3130002 15974088 1a000002 e79b410a e5973084 e0834004

[  127.195098]{0} 5f58  e1a00005 ebffff57 e2509000 0a00000f e5943000 e1590003 0a00000c eb12c385

[  127.204437]{0} 5f78  e1a00009 e1a01005 ebfff9cf e3500000 0a000004 e5903010 e5932004 e1520007

[  127.213745]{0} 5f98  01a04003 0a000003 e1a00009 eb12c44c e5940000 eb12c377 e5943010 e3530000

[  127.223083]{0} 5fb8  1a000011 e5973080 e3130002 0a000002 e5940000 eb12c442 eaffffd7 e59f61d4

[  127.232421]{0} 5fd8  e5d63011 e3530001 0a000007 e2873068 e59f01c4 e300154f e59f21c4 e58da000

[  127.241760]{0}

[  127.241760]{0} SP: 0xc8e53cd0:

[  127.247039]{0} 3cd0  00989680 00000000 88d98293 0000001d 8971fb00 0000001d 00000000 00989680

[  127.256378]{0} 3cf0  00000000 c05a6da8 200f0193 ffffffff c8e53d3c c000d4d8 ffffffff 00000008

[  127.265686]{0} 3d10  00000101 c8e52000 c0d39d00 c08a77fc c8e52000 d6c20a80 00000005 ffffffff

[  127.275024]{0} 3d30  00000000 c08588d8 371ad678 c8e53d50 c00f5f78 c05a6dac 200f0193 ffffffff

[  127.284362]{0} 3d50  00000005 d6c20a80 c08a77fc 00000100 c08a780c c00f61c4 c00f61c4 c08a77fc

[  127.293701]{0} 3d70  00000000 c08a77fc 0000000a c00eb1b0 c08a780c c00f61c4 c09cb280 c08a780c

[  127.303039]{0} 3d90  c8e52000 c00f61c4 c08a77fc 00000000 00000000 c00eb760 0000004c 00000000

[  127.312377]{0} 3db0  c8e53db8 00000002 c8e53db8 c8e53db8 00000000 c8e52000 c083c084 00000101

[  127.321685]{0}

[  127.321685]{0} FP: 0xc0858858:

[  127.326995]{0} 8858  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.336334]{0} 8878  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.345642]{0} 8898  00000064 c0d610c0 00009000 0000000f c0d61100 00000005 00000009 c0d61080

[  127.354980]{0} 88b8  0000002c c0d34000 c0d61000 c0d61040 00000001 00001000 00000000 00000004

[  127.364318]{0} 88d8  004fe000 00507000 00510000 00519000 00522000 00000000 00000002 0001dffb

[  127.373657]{0} 88f8  0001dfff 00002c0c 00002000 00000001 00000032 0000fffa 00000001 00000000

[  127.382995]{0} 8918  00000001 d6c08800 d6d400c0 c0591ff0 c018b5d8 c018a648 c0187d60 00000000

[  127.392333]{0} 8938  c018b4d4 c0188284 c0188238 00000000 00000000 c018763c 00000003 00000000

[  127.401672]{0}

[  127.401672]{0} R3: 0xc8e51f80:

[  127.406951]{0} 1f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.416290]{0} 1fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.425628]{0} 1fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.434967]{0} 1fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.444305]{0} 2000  00000000 00000102 00000000 c62b5a00 c087e268 00000000 00000015 c62b5a00

[  127.453613]{0} 2020  c0d36a80 c8e52000 d1f6b880 00000000 0000001d c62b5580 c8e53e3c c8e53e10

[  127.462951]{0} 2040  c05a60e8 00000000 00000000 00000000 00000000 00000000 01010000 00000000

[  127.472290]{0} 2060  b6efdf24 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.481628]{0}

[  127.481628]{0} R4: 0xc0d39c80:

[  127.486907]{0} 9c80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.496246]{0} 9ca0  00000000 00000000 d3219080 00003080 c0c9c300 c0c54940 00000076 00000075

[  127.505584]{0} 9cc0  c0d39cc0 c0d39cc0 00000000 00000000 00000000 00000000 00000000 00000000

[  127.514923]{0} 9ce0  00000000 00000000 00000000 00000000 00000036 00014a32 000000a0 00000000

[  127.524261]{0} 9d00  c0d36600 d6c20a80 00000000 ffffffff 00000001 00000000 00000000 00000000

[  127.533569]{0} 9d20  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.542907]{0} 9d40  00000000 00000000 00000000 00000000 00000000 00000100 c0d39d58 c0d39d58

[  127.552246]{0} 9d60  d6c20a80 c0d42d60 c0d39d68 c0d39d68 ffffffe0 c0d39d74 c0d39d74 c00f7f34

[  127.561584]{0}

[  127.561584]{0} R5: 0xc08a777c:

[  127.566864]{0} 777c  c04e74d8 c04e748c c04e84cc c076c7ad 00000000 d624e180 00000000 00000000

[  127.576202]{0} 779c  c08a7764 d619ec00 00000000 00000001 00000000 00000000 00000bb8 00000064

[  127.585540]{0} 77bc  00001770 0000069e 000001f4 00010000 00000003 00000000 00000003 00000064

[  127.594879]{0} 77dc  00000050 00000040 00000000 00000bb8 00000080 00000200 00000400 ffff8c7e

[  127.604217]{0} 77fc  00000001 c08a7800 c08a7800 c042dd6c 00000000 00200200 ffffbc5c c09cb283

[  127.613555]{0} 781c  c00f61c4 c08a77fc ffffffff ffffffff 00000000 00000000 00000000 00000000

[  127.622894]{0} 783c  00000000 d6c20a80 00000005 00000000 00000000 00000000 c09cb280 c042b5a4

[  127.632232]{0} 785c  c08a7764 ffffffff ffffffff 00000000 00000000 00000000 00000000 00000000

[  127.641540]{0}

[  127.641540]{0} R6: 0xc8e51f80:

[  127.646850]{0} 1f80  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.656188]{0} 1fa0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.665527]{0} 1fc0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.674835]{0} 1fe0  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.684173]{0} 2000  00000000 00000102 00000000 c62b5a00 c087e268 00000000 00000015 c62b5a00

[  127.693511]{0} 2020  c0d36a80 c8e52000 d1f6b880 00000000 0000001d c62b5580 c8e53e3c c8e53e10

[  127.702850]{0} 2040  c05a60e8 00000000 00000000 00000000 00000000 00000000 01010000 00000000

[  127.712188]{0} 2060  b6efdf24 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.721496]{0}

[  127.721496]{0} R7: 0xd6c20a00:

[  127.726806]{0} 0a00  d6c209fc d6c20a04 d6c20a04 d6c20a0c d6c20a0c d6c20a14 d6c20a14 d6c20a1c

[  127.736145]{0} 0a20  d6c20a1c 00000000 ffffffea 00000000 00000000 00000000 00000003 00000000

[  127.745452]{0} 0a40  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.754791]{0} 0a60  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  127.764129]{0} 0a80  c0d5dd60 c0d39d60 c087ff2c d6c20b48 00000001 00000000 d6c20a98 d6c20a98

[  127.773468]{0} 0aa0  00000000 00000000 00000000 00000000 00000000 00000000 d6c20ab8 d6c20ab8

[  127.782806]{0} 0ac0  d6c20ac0 d6c20ac0 d6c20ac8 d6c20ac8 00000000 00000000 00000100 00000000

[  127.792144]{0} 0ae0  00000000 00000000 6e657665 00007374 00000000 00000000 00000000 00000000

[  127.801483]{0} Process sh (pid: 1906, stack limit = 0xc8e52238)

[  127.808013]{0} Stack: (0xc8e53d50 to 0xc8e54000)

[  127.813110]{0} 3d40:                                     00000005 d6c20a80 c08a77fc 00000100

[  127.822448]{0} 3d60: c08a780c c00f61c4 c00f61c4 c08a77fc 00000000 c08a77fc 0000000a c00eb1b0

[  127.831787]{0} 3d80: c08a780c c00f61c4 c09cb280 c08a780c c8e52000 c00f61c4 c08a77fc 00000000

[  127.841125]{0} 3da0: 00000000 c00eb760 0000004c 00000000 c8e53db8 00000002 c8e53db8 c8e53db8

[  127.850463]{0} 3dc0: 00000000 c8e52000 c083c084 00000101 00000100 00000001 00000000 00000000

[  127.859771]{0} 3de0: 0000000a c00e540c c083fad0 c0867740 c8e53e84 00404100 ffffbc5e 00000000

[  127.869110]{0} 3e00: 00000000 c8e52000 00000000 c0858ab0 c8e53e84 0000001c 00000000 00000000

[  127.878448]{0} 3e20: 00000000 c00e587c 0000004c c000e2e4 0000004c f811a000 c8e53e50 c0008478

[  127.887786]{0} 3e40: c02ba164 200f0013 ffffffff c000d540 00003136 ffffffff 00001514 c02ba138

[  127.897125]{0} 3e60: 00000001 0000001e f8899000 c088e470 0000001c 00000000 00000000 00000000

[  127.906433]{0} 3e80: 00000000 c8e53e98 c001ab30 c02ba164 200f0013 ffffffff 0000001d 00000000

[  127.915771]{0} 3ea0: 00000000 c08616f8 00000000 c001abc0 00000000 00000000 00000064 c0017724

[  127.925109]{0} 3ec0: 00000000 c0017968 00000004 00000000 00000000 c0593d7c 00000004 c0591aa8

[  127.934448]{0} 3ee0: b8780c44 0000080f 00000028 0000080f 00000000 00000004 00000004 00000002

[  127.943786]{0} 3f00: d6ce01c0 c1ccc4c0 c1ccc4d8 c05fe518 c0d58050 c0591bcc c0d58048 c05921a8

[  127.953124]{0} 3f20: 00000002 c8e53f80 00000002 c02f9ec0 00000002 c01dca00 d288f6c0 00000002

[  127.962432]{0} 3f40: b8785f54 c8e53f80 00000000 00000000 00000000 c018ecfc d288f6c0 b8785f54

[  127.971771]{0} 3f60: 00000002 d288f6c0 00000000 b8785f54 00000002 00000000 00000000 c018f03c

[  127.981109]{0} 3f80: 00000000 00000000 00000002 00000003 00000002 00000001 00000004 c000dac4

[  127.990447]{0} 3fa0: c8e52000 c000d940 00000003 00000002 00000001 b8785f54 00000002 ffffffff

[  127.999786]{0} 3fc0: 00000003 00000002 00000001 00000004 b8785f54 00000000 00000000 00000000

[  128.009124]{0} 3fe0: 00000000 bed9b7b8 b6f0ec5d b6ead338 20010010 00000001 eaffffe2 005869e8

[  128.018463]{0} [<c05a6dac>] (_raw_spin_lock+0x1c/0x50) from [<c00f5f78>] (__queue_work+0x118/0x364)

[  128.028472]{0} [<c00f5f78>] (__queue_work+0x118/0x364) from [<c00eb1b0>] (call_timer_fn+0xa4/0x1a4)

[  128.038452]{0} [<c00eb1b0>] (call_timer_fn+0xa4/0x1a4) from [<c00eb760>] (run_timer_softirq+0x20c/0x284)

[  128.048950]{0} [<c00eb760>] (run_timer_softirq+0x20c/0x284) from [<c00e540c>] (__do_softirq+0x144/0x2b4)

[  128.059448]{0} [<c00e540c>] (__do_softirq+0x144/0x2b4) from [<c00e587c>] (irq_exit+0x74/0xbc)

[  128.068878]{0} [<c00e587c>] (irq_exit+0x74/0xbc) from [<c000e2e4>] (handle_IRQ+0x68/0x8c)

[  128.077941]{0} [<c000e2e4>] (handle_IRQ+0x68/0x8c) from [<c0008478>] (gic_handle_irq+0x34/0x58)

[  128.087554]{0} [<c0008478>] (gic_handle_irq+0x34/0x58) from [<c000d540>] (__irq_svc+0x40/0x70)

[  128.097106]{0} Exception stack(0xc8e53e50 to 0xc8e53e98)

[  128.102966]{0} 3e40:                                     00003136 ffffffff 00001514 c02ba138

[  128.112335]{0} 3e60: 00000001 0000001e f8899000 c088e470 0000001c 00000000 00000000 00000000

[  128.121673]{0} 3e80: 00000000 c8e53e98 c001ab30 c02ba164 200f0013 ffffffff

[  128.129272]{0} [<c000d540>] (__irq_svc+0x40/0x70) from [<c02ba164>] (__loop_delay+0x0/0xc)

[  128.138427]{0} Code: e5932004 e2822001 e5832004 e1903f9f (

2.3.2 分析原因

_raw_spin_lock函数代码如下:

void __lockfunc _raw_spin_lock(raw_spinlock_t *lock)

{

         __raw_spin_lock(lock);

}

__raw_spin_lock代码如下:

static inline void __raw_spin_lock(raw_spinlock_t *lock)

{

         preempt_disable();

         spin_acquire(&lock->dep_map, 0, 0, _RET_IP_);

         LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);

}

将_raw_spin_lock反汇编后如下:

Disassembly of section .spinlock.text:

 

00000000 <_raw_spin_lock>:

   0:        e1a0200d        mov r2, sp

   4:        e3c23d7f         bic    r3, r2, #8128    ; 0x1fc0

   8:        e3c3303f         bic    r3, r3, #63        ; 0x3f

   c:        e5932004        ldr    r2, [r3, #4]

  10:        e2822001        add  r2, r2, #1

  14:        e5832004        str    r2, [r3, #4]

  18:        e1903f9f          ldrex         r3, [r0]              

  1c:        e2832801        add  r2, r3, #65536 ; 0x10000                  

  20:        e1801f92         strex         r1, r2, [r0]

  24:        e3310000        teq   r1, #0

  28:        1afffffa    bne  18 <_raw_spin_lock+0x18>

  2c:        e6ff2073          uxth r2, r3

  30:        e7ef3853         ubfx r3, r3, #16, #16

  34:        ea000001        b       40 <_raw_spin_lock+0x40>

  38:        e320f002         wfe

  3c:        e1d020b0        ldrh  r2, [r0]

  40:        e1530002        cmp r3, r2

  44:        1afffffb    bne  38 <_raw_spin_lock+0x38>

  48:        f57ff05f   dmb sy

  4c:        e12fff1e bx     lr

出问题是PC的位置在_raw_spin_lock+0x1c/0x50,就是上面的1C前后的位置。

ldrex         r3, [r0]      此处的指令二进制代码是e190 3f9f,表示从r0排它性取内容到r3,

而R0的值是0xffff ffff,从这个虚拟地址上取内容,故会发生对齐异常,内核panic。

2.4 __wake_up_common

2.4.1 原始日志

[  139.595489]{4} IRQ41 no longer affine to CPU4

[  139.607574]{0} Unable to handle kernel paging request at virtual address a0030193

[  139.620727]{0} pgd = d0730000

[  139.624023]{0} [a0030193] *pgd=00000000

[  139.628295]{0} Internal error: Oops: 5 [#1] PREEMPT SMP ARM

[  139.634490]{0} Modules linked in:

[  139.638183]{0} in dump_stack_print_info, line:2909         mpidr:0x80000100

[  139.645202]{0} CPU: 0 PID: 1781 Comm: sh Not tainted 3.10.0 #99

[  139.651794]{0} task: d215e780 ti: d1c9c000 task.ti: d1c9c000

[  139.658142]{0} PC is at __wake_up_common+0x60/0x7c

[  139.663482]{0} LR is at __wake_up_common+0x48/0x7c

[  139.668823]{0} pc : [<c0103de8>]    lr : [<c0103dd0>]    psr: 600f0193

[  139.668823]{0} sp : d1c9dc90  ip : c05a6da8  fp : d1c9dcb4

[  139.682220]{0} r10: 00000000  r9 : 00000000  r8 : 00000003

[  139.688354]{0} r7 : 00000001  r6 : a0030187  r5 : 00000000  r4 : c0882b14

[  139.695953]{0} r3 : 00000000  r2 : 00000000  r1 : 00000000  r0 : d6c79f2c

[  139.703521]{0} Flags: nZCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user

[  139.711883]{0} Control: 10c5387d  Table: 16b3006a  DAC: 00000015

[  139.718597]{0}

[  139.718597]{0} PC: 0xc0103d68:

[  139.723937]{0} 3d68  f57ff05f e59f300c e5932014 e2822001 e5832014 e8bd88f0 c09cd180 c083c0c0

[  139.733367]{0} 3d88  e92d4ff8 e1a04000 e1a0a003 e5b43004 e28db024 e1a08001 e1a07002 e243000c

[  139.742797]{0} 3da8  e5936000 e59b9004 e246600c ea00000e e590c008 e1a01008 e1a0200a e1a03009

[  139.752227]{0} 3dc8  e5905000 e12fff3c e3500000 0a000003 e3150001 0a000001 e2577001 08bd8ff8

[  139.761657]{0} 3de8  e596300c e1a00006 e243600c e280300c e1530004 1affffed e8bd8ff8 e92d4800

[  139.771087]{0} 3e08  e28db004 e24dd008 e3a03000 e58d3000 ebffffda e24bd004 e8bd8800 e92d4800

[  139.780517]{0} 3e28  e28db004 e24dd008 e3a03000 e58d2000 e3a02001 ebffffd1 e24bd004 e8bd8800

[  139.789947]{0} 3e48  e92d4800 e28db004 e5900024 e2400078 e8bd8800 e59f300c e92d4800 e28db004

[  139.799377]{0}

[  139.799377]{0} LR: 0xc0103d50:

[  139.804718]{0} 3d50  e5940010 ebffffc5 e30031f5 e0257593 e5845000 e5840010 f57ff05f e59f300c

[  139.814147]{0} 3d70  e5932014 e2822001 e5832014 e8bd88f0 c09cd180 c083c0c0 e92d4ff8 e1a04000

[  139.823577]{0} 3d90  e1a0a003 e5b43004 e28db024 e1a08001 e1a07002 e243000c e5936000 e59b9004

[  139.833007]{0} 3db0  e246600c ea00000e e590c008 e1a01008 e1a0200a e1a03009 e5905000 e12fff3c

[  139.842437]{0} 3dd0  e3500000 0a000003 e3150001 0a000001 e2577001 08bd8ff8 e596300c e1a00006

[  139.851898]{0} 3df0  e243600c e280300c e1530004 1affffed e8bd8ff8 e92d4800 e28db004 e24dd008

[  139.861297]{0} 3e10  e3a03000 e58d3000 ebffffda e24bd004 e8bd8800 e92d4800 e28db004 e24dd008

[  139.870758]{0} 3e30  e3a03000 e58d2000 e3a02001 ebffffd1 e24bd004 e8bd8800 e92d4800 e28db004

[  139.880187]{0}

[  139.880187]{0} SP: 0xd1c9dc10:

[  139.885528]{0} dc10  00000000 d215e7b8 c0d36ac8 80a9cb18 d215e7b8 c010ce4c 0002080a 00000000

[  139.894958]{0} dc30  00000034 c0103de8 600f0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c 00000000

[  139.904388]{0} dc50  00000000 00000000 c0882b14 00000000 a0030187 00000001 00000003 00000000

[  139.913818]{0} dc70  00000000 d1c9dcb4 c05a6da8 d1c9dc90 c0103dd0 c0103de8 600f0193 ffffffff

[  139.923248]{0} dc90  00000000 c0882b10 600f0193 00000001 00000003 00000000 c0123a44 c0d34658

[  139.932647]{0} dcb0  d1c9dcdc c0104b18 00000000 00773594 00000001 c0882bfc 00000002 00000003

[  139.942077]{0} dcd0  c0883080 7a40965e d1c9dd90 c015264c 00010000 d1c9c000 d215e780 00000000

[  139.951477]{0} dcf0  00000000 c00ec0dc 200f0013 d1c9de50 c0d345f0 00000020 c0d34778 c0123aec

[  139.960876]{0}

[  139.960876]{0} IP: 0xc05a6d28:

[  139.966217]{0} 6d28  e5867000 f57ff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eb000026 e1a01000

[  139.975616]{0} 6d48  eafffff3 e3e03000 e5843000 e89d000c e1a00005 e5823004 e5832000 e59f2010

[  139.985046]{0} 6d68  e59f3010 e88d000c eb0000e9 e28dd014 e8bd80f0 00100100 00200200 e3a01000

[  139.994476]{0} 6d88  eaffffcd 00000000 e1a0200d e3c23d7f e3c3303f e5932004 e2822001 e5832004

[  140.003875]{0} 6da8  e1903f9f e2832801 e1801f92 e3310000 1afffffa e6ff2073 e7ef3853 ea000001

[  140.013305]{0} 6dc8  e320f002 e1d020b0 e1530002 1afffffb f57ff05f e12fff1e e1a03000 e10f0000

[  140.022705]{0} 6de8  f10c0080 e1a0100d e3c12d7f e3c2203f e5921004 e2811001 e5821004 e1932f9f

[  140.032104]{0} 6e08  e2821801 e183cf91 e33c0000 1afffffa e6ff1072 e7ef2852 ea000001 e320f002

[  140.041503]{0}

[  140.041503]{0} FP: 0xd1c9dc34:

[  140.046813]{0} dc34  c0103de8 600f0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c 00000000 00000000

[  140.056243]{0} dc54  00000000 c0882b14 00000000 a0030187 00000001 00000003 00000000 00000000

[  140.065643]{0} dc74  d1c9dcb4 c05a6da8 d1c9dc90 c0103dd0 c0103de8 600f0193 ffffffff 00000000

[  140.075042]{0} dc94  c0882b10 600f0193 00000001 00000003 00000000 c0123a44 c0d34658 d1c9dcdc

[  140.084442]{0} dcb4  c0104b18 00000000 00773594 00000001 c0882bfc 00000002 00000003 c0883080

[  140.093841]{0} dcd4  7a40965e d1c9dd90 c015264c 00010000 d1c9c000 d215e780 00000000 00000000

[  140.103240]{0} dcf4  c00ec0dc 200f0013 d1c9de50 c0d345f0 00000020 c0d34778 c0123aec c0d34778

[  140.112640]{0} dd14  c0d345fc 7a40965e 00000020 c0d34778 c0d345f0 c0d345b8 00000000 c0d345f0

[  140.122039]{0}

[  140.122039]{0} R0: 0xd6c79eac:

[  140.127380]{0} 9eac  c0101724 ffffffff d6c80000 00000002 c08b3c90 00000000 c01018f0 00000000

[  140.136779]{0} 9ecc  00000002 d6c80000 d6c8001c d6c52880 d6c78000 d63d6a80 c010190c 00000000

[  140.146179]{0} 9eec  00000002 d6c80000 c000d910 000000c0 c0838a80 c0d58918 c0882a00 d6c78000

[  140.155578]{0} 9f0c  c0882b10 d6c79f38 00000002 c00fd068 c0882b10 c083c0c0 c013e2fc d6c52880

[  140.164978]{0} 9f2c  00010000 d6c52880 c05a6da8 a0030193 ffffffff d6c79f7c c000d4d8 c08ca248

[  140.174377]{0} 9f4c  ffffffff 00000003 d6c78000 00000000 c08ca248 c08ca248 ffffffff 00000000

[  140.183776]{0} 9f6c  00000000 60030193 00000004 00000000 d6c79f90 c00e02d4 c05a6da8 a0030193

[  140.193206]{0} 9f8c  ffffffff d6c79f90 d6c79f90 d6c79fac d6c3ff30 c00fc6f8 00000000 00000000

[  140.202606]{0}

[  140.202606]{0} R4: 0xc0882a94:

[  140.207946]{0} 2a94  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

[  140.217376]{0} 2ab4  00000000 00000000 00000000 c0882a00 00000001 00000000 00000000 00000000

[  140.226806]{0} 2ad4  00000000 00000005 c0836918 c013dda8 00000000 00000000 00000000 00000000

[  140.236236]{0} 2af4  00000000 00000000 00000000 00000000 fffffed7 fffffed7 d6c52880 001e001d

[  140.245666]{0} 2b14  d6c79f38 d6c79f38 00000001 00000000 00000000 00000000 00000000 00000000

[  140.255096]{0} 2b34  00000000 00000000 00000000 00000000 00000000 c0882b44 00000000 c0882b4c

[  140.264526]{0} 2b54  00000000 00000000 00000001 00000000 c0882b64 c0882b64 00000000 00000000

[  140.273956]{0} 2b74  00000001 00000000 c0882b7c c0882b7c 00000000 00000000 00000000 00000000

[  140.283416]{0} Process H? (pid: 0, stack limit = 0xd1c9c238)

[  140.290405]{0} Stack: (0xd1c9dc90 to 0xd1c9e000)

[  140.295562]{0} dc80:     

2.4.2 分析原因

__wake_up_common 函数的代码如下:

static void __wake_up_common(wait_queue_head_t *q, unsigned int mode,

                            int nr_exclusive, int wake_flags, void *key)

{

         wait_queue_t *curr, *next;

 

         list_for_each_entry_safe(curr, next, &q->task_list, task_list) {

                   unsigned flags = curr->flags;

 

                   if (curr->func(curr, mode, wake_flags, key) &&

                                     (flags & WQ_FLAG_EXCLUSIVE) && !--nr_exclusive)

                            break;

         }

}

出问题时,PC在__wake_up_common+0x60/0x7c,则对__wake_up_common反汇编,代码如下:

00000238 <__wake_up_common>:

     238:        e92d4ff8          push          {r3, r4, r5, r6, r7, r8, r9, sl, fp, lr}

     23c:        e1a04000        mov r4, r0

     240:        e1a0a003        mov sl, r3

     244:        e5b43004        ldr    r3, [r4, #4]!

     248:        e28db024        add  fp, sp, #36        ; 0x24

     24c:        e1a08001        mov r8, r1

     250:        e1a07002        mov r7, r2

     254:        e243000c        sub   r0, r3, #12

     258:        e5936000        ldr    r6, [r3]

     25c:        e59b9004        ldr    r9, [fp, #4]

     260:        e246600c        sub  r6, r6, #12

     264:        ea00000e        b       2a4 <__wake_up_common+0x6c>

     268:        e590c008        ldr    ip, [r0, #8]

     26c:        e1a01008        mov r1, r8

     270:        e1a0200a        mov r2, sl

     274:        e1a03009        mov r3, r9

     278:        e5905000        ldr    r5, [r0]

     27c:        e12fff3c blx    ip

     280:        e3500000        cmp r0, #0

     284:        0a000003        beq  298 <__wake_up_common+0x60>

     288:        e3150001        tst    r5, #1

     28c:        0a000001        beq  298 <__wake_up_common+0x60>

     290:        e2577001        subs r7, r7, #1

     294:        08bd8ff8          popeq       {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}

     298:        e596300c        ldr    r3, [r6, #12]

     29c:        e1a00006        mov r0, r6

     2a0:        e243600c        sub   r6, r3, #12

     2a4:        e280300c        add  r3, r0, #12

     2a8:        e1530004        cmp r3, r4

     2ac:        1affffed   bne  268 <__wake_up_common+0x30>

     2b0:        e8bd8ff8          pop  {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}

R0的值赋值与R4,R4变为c0882b14;

R3是R4偏移4个字节后取内容,则R3是[0xc088 2b18] = d6c79f38

R6是R3的地址上取内容,则变为a0030193。

然后再减去12,变为a0030187

最后出错的地方是,R6再加上12取内容赋值给R3,即[a0030193],而这个虚拟地址找不到对应的物理地址,故内核panic了。

3 panic的真正原因

根据第二部分的叙述,因为每次panic的位置都不一样,暂时无法定位是哪一个具体函数产生的,则只能分析是什么操作导致的了。

大小核切换时,小核执行下电,则会执行下面一个这样的函数,里面有对cci-400的操作。

static int  XXX_XXX_XXX_XXXX(u64 mpidr)

{

         int cluster;

         u32 port, a7_ctl, val;

 

         cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1);

         port = cluster ? CCI_SNOOP_CTL4_HA7 : CCI_SNOOP_CTL3_SA7;

         a7_ctl = cluster ? CTL_AP_HA7_CTRL : CTL_AP_SA7_CTRL;

         val = __raw_readl(io_p2v(port));

         if(!(val & 0x3))

                   goto disable_acinactm;

         val &= ~(0x3);

         __raw_writel(val, io_p2v(port));

         dsb();

 

         while(__raw_readl(io_p2v(CCI_SNOOP_STATUS)) & 0x1)

                   cpu_relax();

 

disable_acinactm:

         /* if cci port disabled, disable A7 ACINACTM */

         if(!(__raw_readl(io_p2v(port)) & 0x3)){

                   val = __raw_readl(io_p2v(a7_ctl));

 

                   if(val & 0x1)

                            return 0;

 

                   val |= 0x1;

                   __raw_writel(val, io_p2v(a7_ctl));

         }else

                   panic("Disalbe cluster %d cci port Error!!\n", cluster);

 

         return 0;

}

该函数首先根据传入的CPU ID,判断是那一簇的CPU在执行操作;

然后获取对应的cci 侦测控制寄存器的地址、核控制寄存器的地址;

然后读取侦测控制寄存器,这个读取就会直接导致内核panic。

这个寄存器的描述,原文如下:

 技术分享

如黄色字体所示,只能在安全模式才能访问,除非设置了安全访问寄存器,这个寄存器的描述如下图所示。

 技术分享

如此,则在CPU上电后,切换到非安全的模式之前,设置Secure Access Register寄存器将第0位设置成1,则非安全的那边也可以访问相关的cci-400寄存器了。

经过试验,内核的panic问题得以解决。

评论(0
© 2014 mamicode.com 版权所有 京ICP备13008772号-2  联系我们:gaon5@hotmail.com
迷上了代码!