当前位置 & &
& ARM全新互连架构:16核心、四通道可以有了!...
ARM全新互连架构:16核心、四通道可以有了!
14:14:57&&作者:
编辑:上方文Q &&)
让小伙伴们也看看:
阅读更多:
好文共享:
文章观点支持
文章价值打分
当前文章打分0 分,共有0人打分
[02-04][02-04][02-03][01-23][01-06][12-04][11-25][11-13][10-28][10-28]
登录驱动之家
没有帐号?
用合作网站帐户直接登录来讲个麒麟950的硬伤:总线
其实发布时候我还以为麒麟950用的是A72标配的CCI500总线内存性能应该不错,然而并不是这样
http://browser.primatelabs.com/geekbench3/4642745
搭配了LPDDR4内存的麒麟950跑geekbench的内存测试居然是上一代手机的数据,呵呵,10G都不破简直就是耻辱,CCI400的理论带宽是12.8G,CCI500是25.6G,原则上,LPDDR4配CCI-400是浪费,限制是总线,CCI500才是标配。
最近的X20的数据(搭配LPDDR3)
什么?LPDDR4和LPDDR3一个鸟样?
因为CCI400最多支持8核心,所以可以判断X20用MCSI总线不是原装CCI400,可能是400改,也可能是CCI500改,后者配LPDDR3是浪费,但居然几乎追上了配LPDDR4的麒麟950,所以要么是CCI500有bug,要么是华为根本没给配CCI500
鉴于目前三星自家link的8890内存单线得分为1900左右,跟华为类似,三星不至于用CCI400来改,所以,个人断言,一贯只会画PPT的ARM这次又做猪队友了,CCI500并没有达到带宽翻倍的预期,就和第一代CCI400有BUG不支持HMP一样。好了,该看看LPDDR4的真实水平了:
anandtech的820测试中的数据
VS 820的测试中就很明显了,同样LPDDR4,820依靠自主总线优势直接翻倍。
这才是LPDDR4的实力,骁龙820就靠这个赢得整体性能。
我前段时间就说,骁龙820是完全不同次元的产品,在高通产品线上也就跟个620(也就是625)同级,现在明白我是什么意思了吧
已投稿到:
以上网友发言只代表其个人观点,不代表新浪网的观点或立场。ARM Linux 内核 panic 之cache 一致性 ——cci-400 cache一致互联
时间: 21:13:45
&&&& 阅读:2313
&&&& 评论:
&&&& 收藏:0
标签:ARM Linux 内核 panic 之cache 一致性 &&cci-400 cache一致互联
CCI-400 集合了互联和一致性功能,有 2 个 ACE slave 接口和 3 个 ACE-Lite slave 接口,有 3 个 AXI master 接口。2 个 ACE slave 接口可以相互 snoop 对方,ACE-Lite slave 接口可以 snoop 这 2 个 ACE slave 接口。本文首先介绍cci-400相关结构,然后以内核的panic为引子,最后给出导致内核panic的真正原因。
cci-400参考手册中的例子系统入下图所示。
ACE slave 接口的3和4接cortex-a7或者a-15处理器;
ACE-Lite slave 接口的2接GPU(Mali-T604),1接一致性的I/O设备,0接DMA或者LCD;
AXI master接口的1和1接内存控制器,0接其它的设备。
而本文中的平台,cci结构图如下所示。
挂接了4核的Cortex-A7、Mali T628的GPU、单核的Cortex-A7。
2 内核panic
承接上一篇博文,http://www.cnblogs.com/fozu/p/4552938.html
ARM Linux&大小核切换&&cortex-A7 big.LITTLE&大小切换代码分析。
此处的大核就是4核中的CPU0,而小核就是那个单独的CPU。实际使用中,为了省电等,需要在这两个CPU之间来回切换。
目前的使用环境是这样的,5个Cortex-A7 CPU都处于ARM TrustZone的None-Secure模式(非安全的模式),这样让大核和小核互相切换。经过测试发现,小核一旦执行下电操作,就会导致内核的panic,且每次的panic位置都不一样,我截取了几处,下面详细分析。
2.1 sched_info_arrive
2.1.1 原始日志
[& 186.} IRQ41 no longer affine to CPU4
[& 186.} CPU4: shutdown
[& 186.} BUG: recent printk recursion!
[& 186.} Unable to handle kernel paging request at virtual address
[& 186.} pgd = d31d8000
[& 186.} [] *pgd=
[& 186.} Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[& 186.} Modules linked in:
[& 186.} in dump_stack_print_info, line:2909&&&&&&&& mpidr:0x
[& 186.} CPU: 0 PID: 2034 Comm: sh Not tainted 3.10.0 #88
[& 187.} task: d5912880 ti: d3baa000 task.ti: d3baa000
[& 187.} PC is at sched_info_arrive+0x14/0xc8
[& 187.} LR is at __schedule+0x380/0x504
[& 187.} pc : [&c0103b78&]&&& lr : [&c05a6058&]&&& psr: 200f0193
[& 187.} sp : d3babdf8& ip : & fp : d3babe0c
[& 187.} r10: d6c51b00& r9 : 0000002b& r8 : 877ea4da
[& 187.} r7 : d5912b58& r6 : d3baa000& r5 : c0d36a80& r4 : d5912880
[& 187.} r3 : c0838a80& r2 : c08588d8& r1 : & r0 : d6c51b00
[& 187.} Flags: nzCv& IRQs off& FIQs on& Mode SVC_32& ISA ARM& Segment user
[& 187.} Control: 10c5387d& Table: 195d806a& DAC:
[& 187.} PC: 0xc0103af8:
[& 187.} 3af8& e59f505c e59f605c e1a00005 eb12862a e595401c e44004 ea00000a
[& 187.} 3b18& e42 ead4302c ea000000
[& 187.} 3b38& ebffe422 e44 eafffff1 e59ff8
[& 187.} 3b58& ea12857e c088044c cd48f0 e28db014 ef20ac e59f30ac
[& 187.} 3b78& e591c014 e792210c e3a0ce1f e33e49 e1c360d0 e18020dc e1924003
[& 187.} 3b98& 01a03 0aa007 ec500
[& 187.} 3bb8& e3a0fc e3a0ce1e e18020dc ea3fc e3a03f7a
[& 187.} 3bd8& e59ff3 e3d8 ef1
[& 187.} LR: 0xc05a5fd8:
[& 187.} 5fd8& e1c380d0 e3a03f7a eaa0ce59 e18e20dc ea33009
[& 187.} 5ff8& ec3fc e00c e3a01e1f e18420d1
[& 187.} 6018& ea44 ef0 e0833002
[& 187.} 6038& ec320d0 ee347c e15a001 e1a0000a ebed76c2
[& 187.} 6058& e59a01 e58a0 eaa0
[& 187.} 6078& e1932f9f e31f92 eafffffa ea84
[& 187.} 6098& ea00000b e9301f a1a0c3 e32158
[& 187.} 60b8& e209301f e1a01 1a000001 ebe9c24d f57ff04f e1a0f56
[& 187.} SP: 0xd3babd78:
[& 187.} bd78& c0d36ac8 877ea4da d0ce60 c0d36ac8 d52f3a 0000000c
[& 187.} bd98& d03b78 200f0193 ffffffff d3babde4 c000d4d8 d6c51b00
[& 187.} bdb8& c38a80 dd36a80 d3baa000 dea4da 0000002b
[& 187.} bdd8& d6c51b00 d3babe0c babdf8 c05ab78 200f0193 ffffffff
[& 187.} bdf8& dd36a80 d3baa000 dbabe3c c05afad0 c0838a80
[& 187.} be18& 0000004c d3baa000 200f0013 ffffffff d3babe84 c000d560 d3baa000
[& 187.} be38& d3babe4c c05aff c02ba184 0d578 0000b9ca ffffffff
[& 187.} be58& 0000475c c02ba158 00 c088e470 000000
[& 187.} FP: 0xd3babd8c:
[& 187.} bd8c& d52f3a 0000000c d03b78 200f0193 ffffffff d3babde4
[& 187.} bdac& c000d4d8 d6c51b00 588d8 c1a80 d3baa000
[& 187.} bdcc& dea4da 0000002b d6c51b00 d3babe0c babdf8 c05a6058
[& 187.} bdec& cf0193 ffffffff dd36a80 d3baa000 dbabe3c
[& 187.} be0c& c05afad0 c0004c d3baa000 200f0013 ffffffff d3babe84
[& 187.} be2c& c000d560 d3baa000 babe4c c05aff c02ba184
[& 187.} be4c& c000d578 0000b9ca ffffffff 0000475c c02ba158 00
[& 187.} be6c& c088e470 00 c0d34344 d3babe98 c001ab70
[& 187.} R0: 0xd6c51a80:
[& 187.} 1a80& d6c3e004 d6c00 c08ca248 c08ca248 ffffffff 00000
[& 187.} 1aa0& 00 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff
[& 187.} 1ac0& 00000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd
[& 187.} 1ae0& fb773bd7
ffbffffd 62a38 c08ca248 d6c51bd8
[& 187.} 1b00&
980f0 c06fb857 d6c51b2c c51b2c
[& 187.} 1b20& 07 c06fb93b ca248 00000
[& 187.} 1b40& d6c50dc1 0b4c d6c51b4c ea4da 0000002b
[& 187.} 1b60& 000ba43c
ffea937b ffffffff 00
[& 187.} R2: 0xc0858858:
[& 187.} 00 00 00
[& 187.} 00 00 00
[& 187.} 64 c0d610c0 0000f c0d05 d61080
[& 187.} 88b8& 0000002c c0d300 c0d01 04
[& 187.} 88d8& 004fe000 00 02 0001dffb
[& 187.} 88f8& 0001dfff 32 0000fffa 00000
[& 187.} 01 d6c0c0 c8b5ec c018a65c c00000
[& 187.} 8938& c018b4e8 c00 03
[& 187.} R3: 0xc0838a00:
[& 187.} 8a00& 6d76d 6d202c 69 616d6d75
[& 187.} 8a20& 303d8 6f6f426d 6d6fc70 743d572 302d3130
[& 187.} 8a40& a332 20 f5020
[& 187.} 8a60& 614de 3a 656c646e 646ee616d
[& 187.} 8a80& 6ed6d 2c6d20 656e6c 73413d73
[& 187.} 8aa0& d330 e335 02033
[& 187.} 8ac0& 74 614de 53
[& 187.} 8ae0& 3aee65 f633d74 6e612e6d 696fd2e64
[& 187.} R4: 0xd5912800:
[& 187.} 08 c08ca248 00 20
[& 187.} 00 0c350 00 00000
[& 187.} 00 00 e7d00 1a00001a e51f0da8
[& 187.} 2860& e41 e5d02 1aa00000 eb00f0e1
[& 187.} 00 d3baa000 00 c05a6dd8 a0010193 ffffffff
[& 187.} 28a0& d59128dc c000d4d8 c08ca248 ffffffff 00 c08ca248
[& 187.} 28c0& c08ca248 ffffffff 93 0f0
[& 187.} 28e0& c00e02e8 c05a6dd8 a0010193 ffffffff 04306afd 00
[& 187.} R5: 0xc0d36a00:
[& 187.} 6a00& c4d460 d6c4d460 00 00000
[& 187.} 6a20& d6c216c0 01 00
[& 187.} 6a40& 00 00 00000
[& 187.} 6a60& 00 00 00000
[& 187.} 6a80& 00 d0
[& 187.} 6aa0& 00 00 000000
[& 187.} 6ac0& 00 01 3c41cf92 0000000f
[& 187.} 6ae0& 0f3a 0000000c d128c0 00000
[& 187.} R6: 0xd3ba9f80:
[& 187.} 9f80& 00 00 00000
[& 187.} 9fa0& 00 00 00000
[& 187.} 9fc0& 00 00 00000
[& 187.} 9fe0& 00 00 00000
[& 187.} a000& 00 d7e268 00
[& 187.} a020& c0d36a80 d3baa000 d54b4e00 d54b4a80 2c380 d3babe04 d3babdd8
[& 187.} a040& c05a0 00 00
[& 187.} a060& b6f3ff24 00 00
[& 187.} R7: 0xd5912ad8:
[& 187.} 2ad8& d12adc d5912adc d5910fdc d5910fdc d12af0 d5912af0
[& 187.} 2af8& d12af8 90 9784c d0997840
[& 187.} 2b18& d5dc10 d185dc00 d12b24 00
[& 187.} 2b38& 00 00 a6dd8
[& 187.} 2b58& a0010193 ffffffff d5912b9c c000d4d8 c08ca248 ffffffff 0000000f d5912000
[& 187.} 2b78& ca248 c08ca248 ffffffff 93
[& 187.} 2b98& 12bb0 c00e02e8 c05a6dd8 a0010193 ffffffff 00000
[& 187.} 2bb8& 00 00 00000
[& 187.} R10: 0xd6c51a80:
[& 187.} 1a80& d6c3e004 d6c00 c08ca248 c08ca248 ffffffff 00000
[& 187.} 1aa0& 00 d6c51ac0 c00e02e8 c05a6dd8 a0010193 ffffffff
[& 187.} 1ac0& 00000 fffff6ff 68fe7bdf fefe7fdb fffe7ffb fdfffff5 89fffffd
[& 187.} 1ae0& fb773bd7
ffbffffd 62a38 c08ca248 d6c51bd8
[& 188.} 1b00& 00 cfb857 d6c51b2c c51b2c
[& 188.} 1b20& 07 c06fb93b ca248 00000
[& 188.} 1b40& d6c50dc1 0b4c d6c51b4c ea4da 0000002b
[& 188.} 1b60& 000ba43c
ffea937b ffffffff 00
[& 188.} Process ??? (pid: 2034, stack limit = 0xd3baa238)
[& 188.} Stack: (0xd3babdf8 to 0xd3bac000)
[& 188.} bde0:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& dd36a80
[& 188.} be00: d3baa000 dbabe3c c05afad0 c0004c d3baa000
[& 188.} be20: 200f0013 ffffffff d3babe84 c000d560 d3baa000 babe4c c05a6614
[& 188.} be40: 000003ff c02ba184 0d578 0000b9ca ffffffff 0000475c c02ba158
[& 188.} be60: 00 c088e470 00
[& 188.} be80: c0d34344 d3babe98 c001ab70 c02ba184 200f0013 ffffffff 000000
[& 188.} bea0: 616f8 1ac00 64 c001775c
[& 188.} bec0: 179a0 00 c0ac8
[& 188.} bee0: b8f1ec44 00 02
[& 188.} bf00: d6ce01c0 d09f8 c05fe518 c0d5bec c0d5c8
[& 188.} bf20: babf80 f9ee0 dca14 c00002
[& 188.} bf40: b8f23e54 d3babf80 00 c018ed10 cf23e54
[& 188.} bf60: 00 b8f23e54 00 c018f050
[& 188.} bf80: 02 01 0dac4
[& 188.} bfa0: d3baa000 c000d940 01 b8f23e54
[& 188.} bfc0: 01 f23e54 00
[& 188.} bfe0:
bede57b8 b6f50c5d b6eef338 00f e320f000
[& 188.} [&c0103b78&] (sched_info_arrive+0x14/0xc8) from [&c05a6058&] (__schedule+0x380/0x504)
[& 188.} [&c05a6058&] (__schedule+0x380/0x504) from [&c05a6614&] (preempt_schedule_irq+0x44/0x64)
[& 188.} [&c05a6614&] (preempt_schedule_irq+0x44/0x64) from [&c000d578&] (svc_preempt+0x8/0x18)
[& 188.} [&c000d578&] (svc_preempt+0x8/0x18) from [&c02ba184&] (__loop_delay+0x0/0xc)
[& 188.} Code: e28db014 ef20ac e59f30ac (e591c014)
[& 188.} ---[ end
2.1.2 分析原因
sched_info_arrive函数的代码如下:
static void sched_info_arrive(struct task_struct *t)
&&&&&&&& unsigned long long now = task_rq(t)-&clock, delta = 0;
&&&&&&&& if (t-&sched_info.last_queued)
&&&&&&&&&&&&&&&&&& delta = now - t-&sched_info.last_
&&&&&&&& sched_info_reset_dequeued(t);
&&&&&&&& t-&sched_info.run_delay +=
&&&&&&&& t-&sched_info.last_arrival =
&&&&&&&& t-&sched_info.pcount++;
&&&&&&&& rq_sched_info_arrive(task_rq(t), delta);
内核panic后PC指针的位置在sched_info_arrive+0x14/0xc8,将这个函数反汇编后如下:
&sched_info_arrive&:
&&&&&& 0:&&&&&&& e92d48f0 &&&&&&& push&&&&&&&&& {r4, r5, r6, r7, fp, lr}
&&&&&& 4:&&&&&&& e28db014 &&&&&& add& fp, sp, #20
&&&&&& 8:&&&&&&& e5901004 &&&&&& ldr&&& r1, [r0, #4]
&&&&&& c:&&&&&&& e59f20ac &&&&&&& ldr&&& r2, [pc, #172]&& ; c0 &sched_info_arrive+0xc0&
&&&&& 10:&&&&&&& e59f30ac &&&&&&& ldr&&& r3, [pc, #172]&& ; c4 &sched_info_arrive+0xc4&
&&&&& 14:&&&&&&& e591c014 &&&&&& ldr&&& ip, [r1, #20]
&&&&& 18:&&&&&&& e792210c &&&&&& ldr&&& r2, [r2, ip, lsl #2]&&&&&&&&&&&&&&&
task_rq(t) -& cpu_rq(task_cpu(p))
task_cpu(p) -& task_thread_info(p)-&
#define task_thread_info(task)&&&&&& ((struct thread_info *)(task)-&stack)
(task)-&stack) 就是传入的参数指针p的第二个变量,是个指针,然后将其转化为struct thread_info型的指针。对应的汇编就是上面的标号8处,此时的r0是0x d6c5& 1b00,则R1变为[0x d6c5 1b00 + 4]取内容,则R1变为0x 。
出问题的地方是标号14处,意思是将R1地址加上20,然后在这个地址上取内容,赋值给ip,[0x + 20(0x14)&&&& ]就是[0x6001&&&&&&& 01a7],而这个地址是错误的虚拟地址,找不到对应的物理地址,故内核panic了。
2.2 do_set_cpus_allowed
2.2.1原始日志
[& 156.} IRQ41 no longer affine to CPU4
[& 156.} CPU4: shutdown
[& 156.} BUG: recent printk recursion!
[& 156.} Unable to handle kernel paging request at virtual address
[& 156.} pgd = d1260000
[& 156.} [] *pgd=
[& 156.} Internal error: Oops:
[#1] PREEMPT SMP ARM
[& 156.} Modules linked in:
[& 156.} in dump_stack_print_info, line:2909&&&&&&&& mpidr:0x
[& 156.} CPU: 0 PID: 1989 Comm: sh Not tainted 3.10.0 #88
[& 156.} task: cfeb3180 ti: d12c2000 task.ti: d12c2000
[& 156.} PC is at 0x30000
[& 156.} LR is at do_set_cpus_allowed+0x2c/0x48
[& 156.} pc : [&&]&&& lr : [&c0109c0c&]&&& psr:
[& 156.} sp : d12c3bf0& ip : & fp : d12c3bfc
[& 156.} r10: c05d216c& r9 : & r8 : c05d2164
[& 156.} r7 : c0858410& r6 : & r5 : c0857b98& r4 : d6c52880
[& 156.} r3 :
&r2 : & r1 : c0857b98& r0 : d6c52880
[& 156.} Flags: nzCv& IRQs off& FIQs on& Mode SVC_32& ISA ARM& Segment user
[& 156.} Control: 10c5387d& Table: 1766006a& DAC:
[& 156.} LR: 0xc0109b8c:
[& 156.} 9b8c& 0aa00004 ebffffb7 eb8 e40005
[& 156.} 9bac& 1afffff2 eb8 e2455f7e eaffffeb eb00378b
[& 156.} 9bcc& e24bd014 e8bd48f0 eaffc070 c1b5fc e92d00 e5903030
[& 156.} 9bec& e28db00c e1a00 0a30 0afff33
[& 156.} 9c0c& e431bc e0001f eb07021e ebdff8
[& 156.} 9c2c& e1a04 e1a002 f57ff05f e2807fee e1a00007 eb127470
[& 156.} 9c4c& e06 e1a0a000 0a44 e594301c
[& 156.} 9c6c& ea00001f e59f4 e59f4 e96006
[& 156.} SP: 0xd12c3b70:
[& 156.} 3b70& cfe000 1bf4 c010fda8 cfeb31b8 c010ce60
[& 156.} 3b90& 93 ffffffff d12c3bdc c000d638 d6c5b98
[& 156.} 3bb0& 380 c00 c05d0
[& 156.} 3bd0& c05d216c d12c3bfc c3bf0 c10193 ffffffff
[& 156.} 3bf0& c5c24 cc780 00001
[& 156.} 3c10& d6c52c38 93 d12c3c4c c0109dbc c79f2c
[& 156.} 3c30& 82b08 00 c3c7c c00fd088
[& 156.} 3c50& c03de4 82b10 03
[& 156.} FP: 0xd12c3b7c:
[& 156.} 3b7c& c3bf4 c010fda8 cfeb31b8 c010ce60 93
[& 156.} 3b9c& ffffffff d12c3bdc c000d638 d6c5b98 380
[& 156.} 3bbc& c00 c05d0 c05d216c d12c3bfc
[& 156.} 3bdc& d12c3bf0 c10193 ffffffff c5c24
[& 156.} 3bfc& cc780 0c38 00000
[& 156.} 3c1c& c3c4c c0109dbc c79f2c 82b08
[& 156.} 3c3c& 00 d12c3c7c c00fd088 c03de4
[& 156.} 3c5c& c01 0a58 c0d3ca4
[& 157.} R0: 0xd6c52800:
[& 157.} 00 00 00
[& 157.} 00 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff
[& 157.} 12 d6c00 c08ca248 c08ca248 ffffffff 00000
[& 157.} 93 080 c00e02e8 c05a6dd8 a0010193 ffffffff
[& 157.} 00 d6c02 00 00000
[& 157.} 28a0& 78 62a38 c08ca248 d6c00
[& 157.} 28c0& 00 cfb857 d6c528ec c528ec
[& 157.} 28e0& 07 c06fb93b ca248 00000
[& 157.} R1: 0xc0857b18:
[& 157.} 7b18& 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba
fbbc260d 3ab7828b f06b23d0
[& 157.} 7b38& ae0ec13c 64d00 19090 ffffffff c000f9b8
[& 157.} 7b58& 000fb0d7 1ac 90f0cc0 c00690
[& 157.} 7b78& 0ea60 00 1f
[& 157.} 7b98& 0a80 d6c20b40 d6c20c00 d6c2cc0
[& 157.} 7bb8& 01 02e7b
[& 157.} 7bd8& 00 80 00000
[& 157.} 7bf8& 00 00 00000
[& 157.} R4: 0xd6c52800:
[& 157.} 00 00 00
[& 157.} 00 c05a6dd8 a0010193 ffffffff d6c5286c c000d4d8 c08ca248 ffffffff
[& 157.} 12 d6c00 c08ca248 c08ca248 ffffffff 00000
[& 157.} 93 080 c00e02e8 c05a6dd8 a0010193 ffffffff
[& 157.} 00 d6c02 00 00000
[& 157.} 28a0& 78
c0862a38 c08ca248 d6c00
[& 157.} 28c0& 00 cfb857 d6c528ec c528ec
[& 157.} 28e0& 07 c06fb93b ca248 00000
[& 157.} R5: 0xc0857b18:
[& 157.} 7b18& 90d34de8 5a0fecb3 a5d9c4e1 6f0565ba
fbbc260d 3ab7828b f06b23d0
[& 157.} 7b38& ae0ec13c 64d00 19090 ffffffff c000f9b8
[& 157.} 7b58& 000fb0d7 1ac 90f0cc0 c00690
[& 157.} 7b78& 0ea60 00 1f
[& 157.} 7b98& 0a80 d6c20b40 d6c20c00 d6c2cc0
[& 157.} 7bb8& 01 02e7b
[& 157.} 7bd8& 00 80 00000
[& 157.} 7bf8& 00 00 00000
[& 157.} R7: 0xc0858390:
[& 157.} 00 00 00
[& 157.} 83b0& 00 00 00000
[& 157.} 83d0& 00 00 00000
[& 157.} 83f0& 00 00 00001
[& 157.} 05 00 00
[& 157.} 00 01 01 c0858664
[& 157.} 1f 00 c08ac370 c08ac3b0 c08ac3f0 c08ac430
[& 157.} 8470& c08ac470 c08ac4b0 c08ac4f0 c08ac530 c08ac570 c08ac5b0 c08ac5f0 c08ac630
[& 157.} R8: 0xc05d20e4:
[& 157.} 20e4& 04 20 00080
[& 157.} 00 00 00
[& 157.} 00 00 00
[& 157.} 00 00 00
[& 157.} 2164& c0857b9c c57b90 c00 c073b489
[& 157.} 2184& c0719aec 19ac1 19ac8 39ec2
[& 157.} 21a4& c0719acf 19adc 19ae4 19aea
[& 157.} 21c4& c0719af2 ffffffff 3d d6e6f69 225d7325
[& 157.} R10: 0xc05d20ec:
[& 157.} 20ec& 10 80 00200
[& 157.} 210c& 00 00 20000
[& 157.} 212c& 00 00 00000
[& 157.} 214c& 00 00 c0857b9c c0857b94
[& 157.} 216c& c57b98 3b489 19aec
[& 157.} 218c& c0ac8 39ec2 19acf
[& 157.} 21ac& c0719adc 19ae4 19aea 19af2 ffffffff
[& 157.} 21cc& 3d d6e6f69 225dc 763e2d43
[& 157.} Process sh (pid: 1989, stack limit = 0xd12c2238)
[& 157.} Stack: (0xd12c3bf0 to 0xd12c4000)
[& 157.} 3be0:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& c5c24 c0598bf8
[& 157.} 3c00: d6c780 0c38 93
[& 157.} 3c20: d12c3c4c c0109dbc c79f2c 82b08 00003
[& 157.} 3c40: 0c7c c00fd088 c03de4 82b10
[& 157.} 3c60: 03 23a58 c0d3ca4 c0104b2c
[& 157.} 3c80: 01 c0882bfc 00 724f1086
[& 157.} 3ca0: d12c3d58 c10 cfeb0 ec0f0
[& 157.} 3cc0: c3e18 c0d345f0 d3b00 c0d3fc
[& 157.} 3ce0: 724f4 c0d3f0 c0d345b8 d345f0 c00ff940
[& 157.} 3d00: c0d3d58 724f099d 71ea4 c0d345b8 d345f0
[& 157.} 3d20: c0d358 c0d346c8 c4f099d
ffffffff 7fffffff
[& 157.} 3d40: 724f099d d35ec4 f099d f099d
[& 157.} 3d60: ffffc7f4 c01 13
[& 157.} 3d80: 192a0 ccfa80 cca72c d12c3da8
[& 157.} 3da0: 194f4 0000009c c083fa80 c083fad0 cc3e4c
[& 157.} 3dc0: 00 c3fa80 c083fad0 c39298
[& 157.} 3de0: c01391dc 35f60 000001ca c000e2e0 0000004c f811a000
[& 157.} 3e00: d12c3e18 ce05d4
ffffffff c000d540 c0d3a90
[& 157.} 3e20: 0e cab52 00
[& 157.} 3e40: 044 d12c3e60 c00dfdc0 c00e05d4
[& 157.} 3e60: 00 cab52 0000000e d12c3e78
[& 157.} 3e80: 02 00 c00000
[& 157.} 3ea0: 00 cfb089 d12c3ecc c3ecc
[& 157.} 3ec0: 93d90 c06fb089 00 91ac8
[& 157.} 3ee0: b83eec44 00 02
[& 157.} 3f00: d6ce01c0 c6eb98 c05fe518 c0d5bec c0d5c8
[& 157.} 3f20: c3f80 f9ee0 dca14 d22a2
[& 157.} 3f40: b83f3f54 d12c3f80 00 c018ed10 d22af54
[& 157.} 3f60: a0 b83f3f54 00 c018f050
[& 157.} 3f80: 02 01 0dac4
[& 157.} 3fa0: d12c0 01 b83f3f54
[& 157.} 3fc0: 01 f3f54 00
[& 157.} 3fe0:
bee777b8 b6f6ac5d b6f10 00
[& 157.} [&c0109c0c&] (do_set_cpus_allowed+0x2c/0x48) from [&c0598bf8&] (select_fallback_rq+0x13c/0x19c)
[& 157.} [&c0598bf8&] (select_fallback_rq+0x13c/0x19c) from [&c0109dbc&] (try_to_wake_up+0x194/0x1f8)
[& 157.} [&c0109dbc&] (try_to_wake_up+0x194/0x1f8) from [&c00fd088&] (autoremove_wake_function+0xc/0x34)
[& 157.} [&c00fd088&] (autoremove_wake_function+0xc/0x34) from [&c0103de4&] (__wake_up_common+0x48/0x7c)
[& 157.} [&c0103de4&] (__wake_up_common+0x48/0x7c) from [&c0104b2c&] (__wake_up+0x3c/0x50)
[& 157.} [&c0104b2c&] (__wake_up+0x3c/0x50) from [&c0152660&] (__irq_work_run+0x90/0xc8)
[& 157.} [&c0152660&] (__irq_work_run+0x90/0xc8) from [&c00ec0f0&] (update_process_times+0x50/0x64)
[& 157.} [&c00ec0f0&] (update_process_times+0x50/0x64) from [&c0123b00&] (tick_sched_timer+0xa8/0xdc)
[& 157.} [&c0123b00&] (tick_sched_timer+0xa8/0xdc) from [&c00ff940&] (__run_hrtimer+0x1a4/0x2b8)
[& 157.} [&c00ff940&] (__run_hrtimer+0x1a4/0x2b8) from [&c010052c&] (hrtimer_interrupt+0x11c/0x278)
[& 158.} [&c010052c&] (hrtimer_interrupt+0x11c/0x278) from [&c00192a0&] (clockevent_interrupt_cb+0x120/0x144)
[& 158.} [&c00192a0&] (clockevent_interrupt_cb+0x120/0x144) from [&c01366d0&] (handle_irq_event_percpu+0xb0/0x28c)
[& 158.} [&c01366d0&] (handle_irq_event_percpu+0xb0/0x28c) from [&c01368e8&] (handle_irq_event+0x3c/0x5c)
[& 158.} [&c01368e8&] (handle_irq_event+0x3c/0x5c) from [&c0139298&] (handle_fasteoi_irq+0xbc/0x124)
[& 158.} [&c0139298&] (handle_fasteoi_irq+0xbc/0x124) from [&c0135f60&] (generic_handle_irq+0x30/0x44)
[& 158.} [&c0135f60&] (generic_handle_irq+0x30/0x44) from [&c000e2e0&] (handle_IRQ+0x64/0x8c)
[& 158.} [&c000e2e0&] (handle_IRQ+0x64/0x8c) from [&c0008478&] (gic_handle_irq+0x34/0x58)
[& 158.} [&c0008478&] (gic_handle_irq+0x34/0x58) from [&c000d540&] (__irq_svc+0x40/0x70)
[& 158.} Exception stack(0xd12c3e18 to 0xd12c3e60)
[& 158.} 3e00:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& c0d3a90
[& 158.} 3e20: 0e cab52 00
[& 158.} 3e40: 044 d12c3e60 c00dfdc0 c00e05d4
[& 158.} [&c000d540&] (__irq_svc+0x40/0x70) from [&c00e05d4&] (vprintk_emit+0x3e4/0x434)
[& 158.} [&c00e05d4&] (vprintk_emit+0x3e4/0x434) from [&c05980f0&] (printk+0x2c/0x3c)
[& 158.} [&c05980f0&] (printk+0x2c/0x3c) from [&c0593d90&] (__cpu_die+0x34/0x78)
[& 158.} [&c0593d90&] (__cpu_die+0x34/0x78) from [&c0591ac8&] (_cpu_down+0x130/0x22c)
[& 158.} [&c0591ac8&] (_cpu_down+0x130/0x22c) from [&c0591bec&] (cpu_down+0x28/0x3c)
[& 158.} [&c0591bec&] (cpu_down+0x28/0x3c) from [&c05921c8&] (store_online+0x2c/0x74)
[& 158.} [&c05921c8&] (store_online+0x2c/0x74) from [&c02f9ee0&] (dev_attr_store+0x18/0x24)
[& 158.} [&c02f9ee0&] (dev_attr_store+0x18/0x24) from [&c01dca14&] (sysfs_write_file+0x7c/0xb0)
[& 158.} [&c01dca14&] (sysfs_write_file+0x7c/0xb0) from [&c018ed10&] (vfs_write+0xd4/0x16c)
[& 158.} [&c018ed10&] (vfs_write+0xd4/0x16c) from [&c018f050&] (SyS_write+0x3c/0x60)
[& 158.} [&c018f050&] (SyS_write+0x3c/0x60) from [&c000d940&] (ret_fast_syscall+0x0/0x30)
[& 158.} Code: bad PC value
[& 158.} ---[ end trace 1e855ca44fc46f0a ]---
2.2.2 分析原因
do_set_cpus_allowed函数的代码如下。
void do_set_cpus_allowed(struct task_struct *p, const struct cpumask *new_mask)
&&&&&&&& if (p-&sched_class && p-&sched_class-&set_cpus_allowed)
&&&&&&&&&&&&&&&&&& p-&sched_class-&set_cpus_allowed(p, new_mask);
&&&&&&&& cpumask_copy(&p-&cpus_allowed, new_mask);
&&&&&&&& p-&nr_cpus_allowed = cpumask_weight(new_mask);
内核panic后PC指针的位置在PC is at 0x30000,而LR在do_set_cpus_allowed+0x2c/0x48,PC是个错误的值,则只能根据LR反推了,将这个函数反汇编后如下:
0000607c &do_set_cpus_allowed&:
&&& 607c:&&&&&&& e92d4830 &&&&&& push&&&&&&&&& {r4, r5, fp, lr}
&&& 6080:&&&&&&& e1a04000 &&&&&& mov r4, r0
&&& 6084:&&&&&&& e5903030 &&&&&& ldr&&& r3, [r0, #48]&&&& ; 0x30
&&& 6088:&&&&&&& e28db00c &&&&&& add& fp, sp, #12
&&& 608c:&&&&&&& e1a05001 &&&&&& mov r5, r1
&&& 6090:&&&&&&& e3530000 &&&&&& cmp r3, #0
&&& 6094:&&&&&&& 0a000003 &&&&&& beq& 60a8 &do_set_cpus_allowed+0x2c&
&&& 6098:&&&&&&& e5933038 &&&&&& ldr&&& r3, [r3, #56]&&&& ; 0x38
&&& 609c:&&&&&&& e3530000 &&&&&& cmp r3, #0
&&& 60a0:&&&&&&& 0a000000 &&&&&& beq& 60a8 &do_set_cpus_allowed+0x2c&
& &&60a4:&&&&&&& e12fff33 &&&&&&&& blx&&& r3
&&& 60a8:&&&&&&& e5953000 &&&&&& ldr&&& r3, [r5]
p-&sched_class 就是指针p偏移48个字节,当时的R0是(后来的R4的值)0x d6c5 2880,则[0xd6c5 2880 + 48]=[0xd6c5 28b0]的内容是c0862a38,赋值给R3。
R3和0比较,不为0,则p-&sched_class-&set_cpus_allowed就是在R3的基础上偏移56个字节,[0xc086 2a38+56]=[0xc086 2a70],取出的内容赋值给R3
内核编译的system.map文件中,部分内容如下,则0xc086 2a70在fsr_info中的一个地方。
c08629b8 d fsr_info
c0862bb8 d ifsr_info
struct fsr_info {
&&&&&&&& int&&& (*fn)(unsigned long addr, unsigned int fsr, struct pt_regs *regs);
&&&&&&&& int&&&
&&&&&&&& int&&&
&&&&&&&& const char *
};&&& //占据16个字节
static struct fsr_info fsr_info[] = {
&&&&&&&& /*
&&&&&&&& &* The following are the standard ARMv3 and ARMv4 aborts.& ARMv5
&&&&&&&& &* defines these to be "precise" aborts.
&&&&&&&& &*/
&&&&&&&& { do_bad,&&&&&&&&& SIGSEGV, 0,&&&&&&&&&&&&&& "vector exception"&&&&&&&&&& && }, & & & & & & & & & & & & & & & & & & & & & & & & // 29b8
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& BUS_ADRALN,&&&&&&& "alignment exception"&&&&&&&&&&&&& && },&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& &&&&&&&&
&&&&&&&& { do_bad,&&&&&&&&& SIGKILL, 0,&&&&&&&&&&&&&&&& "terminal exception"&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& BUS_ADRALN,&&&&&&& "alignment exception"&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on linefetch"& && },
&&&&&&&& { do_translation_fault,&&& SIGSEGV, SEGV_MAPERR,&&&&&& "section translation fault"&&&&&& && },&&&&&&&&&&&&&&&&& //2a08
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on linefetch"& && },
&&&&&&&& { do_page_fault,&&&&& SIGSEGV, SEGV_MAPERR,&&&&&& "page translation fault"& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on non-linefetch"& },
&&&&&&&& { do_bad,&&&&&&&&& SIGSEGV, SEGV_ACCERR,&&&&&&& "section domain fault"&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on non-linefetch"& },
&&&&&&&& { do_bad,&&&&&&&&& SIGSEGV, SEGV_ACCERR,&&&&&&& "page domain fault"&&&&&&&&&&&&&&&&& && },&&&&&&&&&&&&&&&&&&&//2a68
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on translation"&&&&&& && },
&&&&&&&& { do_sect_fault,&&&&&&& SIGSEGV, SEGV_ACCERR,&&&&&&& "section permission fault"&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,&& 0,&&&&&&&&&&&& "external abort on translation"&&&&&& && },
&&&&&&&& { do_page_fault,&&&&& SIGSEGV, SEGV_ACCERR,&&&&&&& "page permission fault"&&&&&&&&&& && },
&&&&&&&& /*
&&&&&&&& &* The following are "imprecise" aborts, which are signalled by bit
&&&&&&&& &* 10 of the FSR, and may not be recoverable.& These are only
&&&&&&&& &* supported if the CPU abort handler supports bit 10.
&&&&&&&& &*/
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 16"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 17"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 18"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 19"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "lock abort"&&&&&&&&&&&&&&&&&&&&&&& && }, /* xscale */
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 21"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& BUS_OBJERR,&&&&&&&&& "imprecise external abort"&&&&& && }, /* xscale */
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 23"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "dcache parity error"&&&&&&&&&&&&&&& && }, /* xscale */
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 25"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 26"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 27"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 28"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 29"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 30"&&&&&&&&&&&&&&&&&&& && },
&&&&&&&& { do_bad,&&&&&&&&& SIGBUS,& 0,&&&&&&&&&&&&& "unknown 31"&&&&&&&&&&&&&&&&&&& && },
则共32*16=512个字节,就是从c08629b8到c0862bb8。
故0xc086 2a70对应的内容是SEGV_ACCERR的值。
#define SEGV_ACCERR&&& (__SI_FAULT|2)&&&&&&&& =& 3&&16 | 2&& &&&&&&&& = &&&& 0x
则R3的值变为0x 。
blx&&& r3,PC跳转到这样的地址,当然是要出错的。
2.3 _raw_spin_lock
2.3.1 原始日志
[& 126.} IRQ41 no longer affine to CPU4
[& 126.} Alignment trap: not handling instruction e1903f9f at [&c05a6da8&]
[& 126.} BUG: recent printk recursion!
[& 126.} Unhandled fault: alignment exception (0x001) at 0xffffffff
[& 126.} Internal error: : 1 [#1] PREEMPT SMP ARM
[& 126.} Modules linked in:
[& 127.} in dump_stack_print_info, line:2909&&&&&&&& mpidr:0x
[& 127.} CPU: 0 PID: 1906 Comm: sh Not tainted 3.10.0 #99
[& 127.} task: c62b5a00 ti: c8e52000 task.ti: c8e52000
[& 127.} PC is at _raw_spin_lock+0x1c/0x50
[& 127.} LR is at __queue_work+0x118/0x364
[& 127.} pc : [&c05a6dac&]&&& lr : [&c00f5f78&]&&& psr: 200f0193
[& 127.} sp : c8e53d50& ip : 371ad678& fp : c08588d8
[& 127.} r10: & r9 : ffffffff& r8 :
[& 127.} r7 : d6c20a80& r6 : c8e52000& r5 : c08a77fc& r4 : c0d39d00
[& 127.} r3 : c8e52000& r2 : & r1 : & r0 : ffffffff
[& 127.} Flags: nzCv& IRQs off& FIQs on& Mode SVC_32& ISA ARM& Segment user
[& 127.} Control: 10c5387d& Table: 0800006a& DAC:
[& 127.} PC: 0xc05a6d2c:
[& 127.} 6d2c& f57ff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eba01000 eafffff3
[& 127.} 6d4c& e3e00 e89d000c e1a04 ef0
[& 127.} 6d6c& e88d000c ebdd014 e8bd80f0 000 eaffffcd
[& 127.} 6d8c& a0200d e3c23d7f e3c3303f e24 e1903f9f
[& 127.} 6dac& e01f92 eafffffa e6ff53 ea0f002
[& 127.} 6dcc& e1d020b0 eafffffb f57ff05f e12fff1e e1a00 f10c0080
[& 127.} 6dec& e1a0100d e3c12d7f e3c2203f e14 e1932f9f e2821801
[& 127.} 6e0c& e183cf91 e33c0000 1afffffa e6ff52 ea0f002 e1d310b0
[& 127.} LR: 0xc00f5ef8:
[& 127.} 5ef8& 0af42ac e5d41 0af02a0 e300151b ebffa0c5
[& 127.} 5f18& e3a010 eaa0200d e59fb288 e3c26d7f e3c6603f e3580005
[& 127.} 5f38& e6a014 e002 e79b410a e34004
[& 127.} 5f58& e1a00005 ebffff57 ea00000f e00c eb12c385
[& 127.} 5f78& e1a005 ebfff9cf ea04 e1520007
[& 127.} 5f98& 01a003 e1a00009 eb12c44c e5940000 eb12c377 e30000
[& 127.} 5fb8& 1a72 0a40000 eb12c442 eaffffd7 e59f61d4
[& 127.} 5fd8& e5d61 0a7c4 e300154f e59f21c4 e58da000
[& 127.} SP: 0xc8e53cd0:
[& 127.} 3cd0& 93 71fb00 89680
[& 127.} 3cf0& a6da8 200f0193 ffffffff c8e53d3c c000d4d8 ffffffff
[& 127.} 3d10& e5d00 c08a77fc c8e5a80
[& 127.} 3d30& 588d8 371ad678 c8e53d50 c00f5f78 c05a6dac 200f0193 ffffffff
[& 127.} 3d50& c20a80 c08a77fc a780c c00f61c4 c00f61c4 c08a77fc
[& 127.} 3d70& a77fc 0000000a c00eb1b0 c08a780c c00f61c4 c09cb280 c08a780c
[& 127.} 3d90& c8e5c4 c08a77fc 00 000000
[& 127.} 3db0& c8e53db8 e53db8 c8e53db8 e54
[& 127.} FP: 0xc0858858:
[& 127.} 00 00 00
[& 127.} 00 00 00
[& 127.} 64 c0d610c0 0000f c0d05 d61080
[& 127.} 88b8& 0000002c c0d300 c0d01 04
[& 127.} 88d8& 004fe000 00 02 0001dffb
[& 127.} 88f8& 0001dfff 32 0000fffa 00000
[& 127.} 01 d6c0c0 c8b5d8 c018a648 c00000
[& 127.} 8938& c018b4d4 c00 03
[& 127.} R3: 0xc8e51f80:
[& 127.} 1f80& 00 00 00000
[& 127.} 1fa0& 00 00 00000
[& 127.} 1fc0& 00 00 00000
[& 127.} 1fe0& 00 00 00000
[& 127.} 00 0a00 c087e268 0a00
[& 127.} 2020& c0d36a80 c8e5b880 0001d c62be3c c8e53e10
[& 127.} 2040& c05a60e8 00 00
[& 127.} 2060& b6efdf24 00 00
[& 127.} R4: 0xc0d39c80:
[& 127.} 9c80& 00 00 00000
[& 127.} 9ca0& 00 c9c300 c0c76
[& 127.} 9cc0& c0d39cc0 c0d39cc0 00 00
[& 127.} 9ce0& 00 a32
[& 127.} 9d00& c0d3a80
ffffffff 00
[& 127.} 9d20& 00 00 00000
[& 127.} 9d40& 00 00 c0d39d58 c0d39d58
[& 127.} 9d60& d6c20a80 c0d42d60 c0d39d68 c0d39d68 ffffffe0 c0d39d74 c0d39d74 c00f7f34
[& 127.} R5: 0xc08a777c:
[& 127.} 777c& c04e74d8 c04e748c c04e84cc c076c7ad 4e180 00000
[& 127.} 779c& c08aec00 00 00bb8
[& 127.} 77bc& f4 00 00064
[& 127.} 77dc& 00 000
[& 127.} 77fc& a0 c042dd6c 00200 ffffbc5c c09cb283
[& 127.} 781c& c00f61c4 c08a77fc ffffffff ffffffff 00
[& 127.} 783c& c20a80 00 cb280 c042b5a4
[& 127.} 785c& c08a7764 ffffffff ffffffff 00 00000
[& 127.} R6: 0xc8e51f80:
[& 127.} 1f80& 00 00 00000
[& 127.} 1fa0& 00 00 00000
[& 127.} 1fc0& 00 00 00000
[& 127.} 1fe0& 00 00 00000
[& 127.} 00 0a00 c087e268 0a00
[& 127.} 2020& c0d36a80 c8e5b880 0001d c62be3c c8e53e10
[& 127.} 2040& c05a60e8 00 00
[& 127.} 2060& b6efdf24 00 00
[& 127.} R7: 0xd6c20a00:
[& 127.} 0a00& d6c209fc d6c20a04 d6c20a04 d6c20a0c d6c20a0c d6c20a14 d6c20a14 d6c20a1c
[& 127.} 0a20& d6c20a1c
ffffffea 00 00000
[& 127.} 0a40& 00 00 00000
[& 127.} 0a60& 00 00 00000
[& 127.} 0a80& c0d5dd60 c0d39d60 c087ff2c d6c20b48 0a98 d6c20a98
[& 127.} 0aa0& 00 00 d6c20ab8 d6c20ab8
[& 127.} 0ac0& d6c20ac0 d6c20ac0 d6c20ac8 d6c20ac8 00
[& 127.} 0ae0& 665 00 00000
[& 127.} Process sh (pid: 1906, stack limit = 0xc8e52238)
[& 127.} Stack: (0xc8e53d50 to 0xc8e54000)
[& 127.} 3d40:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& c20a80 c08a77fc
[& 127.} 3d60: c08a780c c00f61c4 c00f61c4 c08a77fc a77fc 0000000a c00eb1b0
[& 127.} 3d80: c08a780c c00f61c4 c09cb280 c08a780c c8e5c4 c08a77fc
[& 127.} 3da0: eb760 e53db8 e53db8 c8e53db8
[& 127.} 3dc0: e54 01 00000
[& 127.} 3de0: 0000000a c00e540c c083fad0 ce53e84
[& 127.} 3e00: e00 ce53e84 00000
[& 127.} 3e20: e587c 0000004c c000e2e4 0000004c f811a000 c8e53e50 c0008478
[& 127.} 3e40: c02ba164 200f0013 ffffffff c000d540
ffffffff ba138
[& 127.} 3e60: 0001e f8e470 00
[& 127.} 3e80: e53e98 c001ab30 c02ba164 200f0013 ffffffff 000000
[& 127.} 3ea0: 616f8 1abc0 64 c0017724
[& 127.} 3ec0: 04 0d7c 91aa8
[& 127.} 3ee0: b28 04
[& 127.} 3f00: d6ce01c0 c1ccc4c0 c1ccc4d8 c05fe518 c0d5bcc c0d5a8
[& 127.} 3f20: e53f80 f9ec0 dca00 d288f6c0
[& 127.} 3f40: be53f80 00 c018ecfc d288f6c0 b8785f54
[& 127.} 3f60: 8f6c0 85f54 00 c018f03c
[& 127.} 3f80: 02 01 0dac4
[& 127.} 3fa0: c8e50 01 b00002 ffffffff
[& 127.} 3fc0: 01 85f54 00
[& 128.} 3fe0:
bed9b7b8 b6f0ec5d b6ead338 00001 eaffffe2
[& 128.} [&c05a6dac&] (_raw_spin_lock+0x1c/0x50) from [&c00f5f78&] (__queue_work+0x118/0x364)
[& 128.} [&c00f5f78&] (__queue_work+0x118/0x364) from [&c00eb1b0&] (call_timer_fn+0xa4/0x1a4)
[& 128.} [&c00eb1b0&] (call_timer_fn+0xa4/0x1a4) from [&c00eb760&] (run_timer_softirq+0x20c/0x284)
[& 128.} [&c00eb760&] (run_timer_softirq+0x20c/0x284) from [&c00e540c&] (__do_softirq+0x144/0x2b4)
[& 128.} [&c00e540c&] (__do_softirq+0x144/0x2b4) from [&c00e587c&] (irq_exit+0x74/0xbc)
[& 128.} [&c00e587c&] (irq_exit+0x74/0xbc) from [&c000e2e4&] (handle_IRQ+0x68/0x8c)
[& 128.} [&c000e2e4&] (handle_IRQ+0x68/0x8c) from [&c0008478&] (gic_handle_irq+0x34/0x58)
[& 128.} [&c0008478&] (gic_handle_irq+0x34/0x58) from [&c000d540&] (__irq_svc+0x40/0x70)
[& 128.} Exception stack(0xc8e53e50 to 0xc8e53e98)
[& 128.} 3e40:&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
ffffffff ba138
[& 128.} 3e60: 0001e f8e470 00
[& 128.} 3e80: e53e98 c001ab30 c02ba164 200f0013 ffffffff
[& 128.} [&c000d540&] (__irq_svc+0x40/0x70) from [&c02ba164&] (__loop_delay+0x0/0xc)
[& 128.} Code: e24 e1903f9f (
2.3.2 分析原因
_raw_spin_lock函数代码如下:
void __lockfunc _raw_spin_lock(raw_spinlock_t *lock)
&&&&&&&& __raw_spin_lock(lock);
__raw_spin_lock代码如下:
static inline void __raw_spin_lock(raw_spinlock_t *lock)
&&&&&&&& preempt_disable();
&&&&&&&& spin_acquire(&lock-&dep_map, 0, 0, _RET_IP_);
&&&&&&&& LOCK_CONTENDED(lock, do_raw_spin_trylock, do_raw_spin_lock);
将_raw_spin_lock反汇编后如下:
Disassembly of section .spinlock.text:
&_raw_spin_lock&:
&& 0:&&&&&&& e1a0200d &&&&&& mov r2, sp
&& 4:&&&&&&& e3c23d7f &&&&&&& bic&&& r3, r2, #8128&&& ; 0x1fc0
&& 8:&&&&&&& e3c3303f &&&&&&& bic&&& r3, r3, #63&&&&&&& ; 0x3f
&& c:&&&&&&& e5932004 &&&&&& ldr&&& r2, [r3, #4]
& 10:&&&&&&& e2822001 &&&&&& add& r2, r2, #1
& 14:&&&&&&& e5832004 &&&&&& str&&& r2, [r3, #4]
&&18:&&&&&&& e1903f9f &&&&&&&& ldrex&&&&&&&& r3, [r0]&&&&&&&&&&&&&&
& 1c:&&&&&&& e2832801 &&&&&& add& r2, r3, #65536 ; 0x10000&&&&&&&&&&&&&&&&&&
& 20:&&&&&&& e1801f92 &&&&&&& strex&&&&&&&& r1, r2, [r0]
& 24:&&&&&&& e3310000 &&&&&& teq&& r1, #0
& 28:&&&&&&& 1afffffa && bne& 18 &_raw_spin_lock+0x18&
& 2c:&&&&&&& e6ff2073 &&&&&&&& uxth r2, r3
& 30:&&&&&&& e7ef3853 &&&&&&& ubfx r3, r3, #16, #16
& 34:&&&&&&& ea000001 &&&&&& b&&&&&& 40 &_raw_spin_lock+0x40&
& 38:&&&&&&& e320f002 &&&&&&& wfe
& 3c:&&&&&&& e1d020b0 &&&&&& ldrh& r2, [r0]
& 40:&&&&&&& e1530002 &&&&&& cmp r3, r2
& 44:&&&&&&& 1afffffb && bne& 38 &_raw_spin_lock+0x38&
& 48:&&&&&&& f57ff05f & dmb sy
& 4c:&&&&&&& e12fff1e bx&&&& lr
出问题是PC的位置在_raw_spin_lock+0x1c/0x50,就是上面的1C前后的位置。
ldrex&&&&&&&& r3, [r0]&&&&& 此处的指令二进制代码是e190 3f9f,表示从r0排它性取内容到r3,
而R0的值是0xffff ffff,从这个虚拟地址上取内容,故会发生对齐异常,内核panic。
2.4 __wake_up_common
2.4.1 原始日志
[& 139.} IRQ41 no longer affine to CPU4
[& 139.} Unable to handle kernel paging request at virtual address a0030193
[& 139.} pgd = d0730000
[& 139.} [a0030193] *pgd=
[& 139.} Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[& 139.} Modules linked in:
[& 139.} in dump_stack_print_info, line:2909&&&&&&&& mpidr:0x
[& 139.} CPU: 0 PID: 1781 Comm: sh Not tainted 3.10.0 #99
[& 139.} task: d215e780 ti: d1c9c000 task.ti: d1c9c000
[& 139.} PC is at __wake_up_common+0x60/0x7c
[& 139.} LR is at __wake_up_common+0x48/0x7c
[& 139.} pc : [&c0103de8&]&&& lr : [&c0103dd0&]&&& psr: 600f0193
[& 139.} sp : d1c9dc90& ip : c05a6da8& fp : d1c9dcb4
[& 139.} r10: & r9 : & r8 :
[& 139.} r7 : & r6 : a0030187& r5 : & r4 : c0882b14
[& 139.} r3 : & r2 : & r1 : & r0 : d6c79f2c
[& 139.} Flags: nZCv& IRQs off& FIQs on& Mode SVC_32& ISA ARM& Segment user
[& 139.} Control: 10c5387d& Table: 16b3006a& DAC:
[& 139.} PC: 0xc0103d68:
[& 139.} 3d68& f57ff05f e59f300c e24 e8bd88f0 c09cd180 c083c0c0
[& 139.} 3d88& e92d4ff8 e1a0a003 e5b44 e1a002 e243000c
[& 139.} 3da8& ebc ea00000e e590c008 e1a00a e1a03009
[& 139.} 3dc8& efff3c ea001 ebd8ff8
[& 139.} 3de8& e596300c e1a0c e280300c eaffffed e8bd8ff8 e92d4800
[& 139.} 3e08& e28db004 e24dd008 e3a00 ebffffda e24bd004 e8bd0
[& 139.} 3e28& e28db004 e24dd008 e3a00 e3a02001 ebffffd1 e24bd004 e8bd8800
[& 139.} 3e48& e92d4 e000 e59f300c e92d4
[& 139.} LR: 0xc0103d50:
[& 139.} 3d50& e5940010 ebffffc5 e50 eff05f e59f300c
[& 139.} 3d70& e24 e8bd88f0 c09cd180 c083c0c0 e92d4ff8 e1a04000
[& 139.} 3d90& e1a0a003 e5b44 e1a002 e243000c eb9004
[& 139.} 3db0& e246600c ea00000e e590c008 e1a00a e1a00 e12fff3c
[& 139.} 3dd0& ea001 ebd8ff8 e596300c e1a00006
[& 139.} 3df0& e243600c e280300c eaffffed e8bd8ff8 e92d4 e24dd008
[& 139.} 3e10& e3a00 ebffffda e24bd004 e8bd0 e28db004 e24dd008
[& 139.} 3e30& e3a00 e3a02001 ebffffd1 e24bd004 e8bd0 e28db004
[& 139.} SP: 0xd1c9dc10:
[& 139.} dc10& 5e7b8 c0d36ac8 80a9cb18 d215e7b8 c010ce4c 000000
[& 139.} dc30& 03de8 600f0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c
[& 139.} dc50& 0b14 01 00000
[& 139.} dc70& c9dcb4 c05a6da8 d1c9dc90 c03de8 600f0193 ffffffff
[& 139.} dc90& 82b10 600f1 0a44 c0d34658
[& 139.} dcb0& d1c9dcdc c94 82bfc 00003
[& 139.} dcd0& ca40965e d1c9dd90 cc9c000 d215e780
[& 139.} dcf0& ec0dc 200fde50 c0d345f0 d3aec
[& 139.} IP: 0xc05a6d28:
[& 139.} 6d28& eff05f e1a00005 eb0000f8 ebfffd58 e1a00005 eba01000
[& 139.} 6d48& eafffff3 e3e00 e89d000c e1a04 ef2010
[& 139.} 6d68& e59fc ebdd014 e8bd80f0 000
[& 139.} 6d88& eaffffcd a0200d e3c23d7f e3c3303f e24
[& 140.} 6da8& e1903f9f e01f92 eafffffa e6ff53 ea000001
[& 140.} 6dc8& e320f002 e1d020b0 eafffffb f57ff05f e12fff1e e1a00
[& 140.} 6de8& f10c0d e3c12d7f e3c2203f e14 e1932f9f
[& 140.} 6e08& e3cf91 e33c0000 1afffffa e6ff52 ea0f002
[& 140.} FP: 0xd1c9dc34:
[& 140.} dc34& cf0193 ffffffff d1c9dc7c c000d4d8 d6c79f2c 00000
[& 140.} dc54& 82b14 01 00
[& 140.} dc74& d1c9dcb4 c05a6da8 d1c9dc90 c03de8 600f0193 ffffffff
[& 140.} dc94& cf1 0a44 c0d3dcdc
[& 140.} dcb4& c94 82bfc 00
[& 140.} dcd4& 7a40965e d1c9dd90 cc9c000 d215e780 00000
[& 140.} dcf4& c00ec0dc 200fde50 c0d345f0 d3aec c0d34778
[& 140.} dd14& c0d345fc 7a420 c0d3f0 c0d345b8 d345f0
[& 140.} R0: 0xd6c79eac:
[& 140.} 9eac& c0101724 ffffffff d6c02 c08b3c90 018f0
[& 140.} 9ecc& c81c d6c500 d63d6a80 c000000
[& 140.} 9eec& c80
cd5a00 d6c78000
[& 140.} 9f0c& cc79f38 fd068 c3c0c0 c013e2fc d6c52880
[& 140.} 9f2c& c5da8 a0030193 ffffffff d6c79f7c c000d4d8 c08ca248
[& 140.} 9f4c& ffffffff c00 c08ca248 c08ca248 ffffffff
[& 140.} 9f6c& 04 c79f90 c00e02d4 c05a6da8 a0030193
[& 140.} 9f8c& ffffffff d6c79f90 d6c79f90 d6c79fac d6c3ff30 c00fc6f8 00000
[& 140.} R4: 0xc0882a94:
[& 140.} 2a94& 00 00 00000
[& 140.} 2ab4& 00 c00 00000
[& 140.} 2ad4& 08 c013dda8 00
[& 140.} 2af4& 00
fffffed7 fffffed7 d6c1d
[& 140.} 2b14& d6c79f38 d6c79f38 00 00
[& 140.} 2b34& 00 0b44 82b4c
[& 140.} 2b54& 01 82b64 c00
[& 140.} 2b74& 0b7c c00
[& 140.} Process H????? (pid: 0, stack limit = 0xd1c9c238)
[& 140.} Stack: (0xd1c9dc90 to 0xd1c9e000)
[& 140.} dc80:&&&&&
2.4.2 分析原因
__wake_up_common 函数的代码如下:
static void __wake_up_common(wait_queue_head_t *q, unsigned int mode,
&&&&&&&&&&&&&&&&&&&&&&&&&&& int nr_exclusive, int wake_flags, void *key)
&&&&&&&& wait_queue_t *curr, *
&&&&&&&& list_for_each_entry_safe(curr, next, &q-&task_list, task_list) {
&&&&&&&&&&&&&&&&&& unsigned flags = curr-&
&&&&&&&&&&&&&&&&&& if (curr-&func(curr, mode, wake_flags, key) &&
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& (flags & WQ_FLAG_EXCLUSIVE) && !--nr_exclusive)
&&&&&&&&&&&&&&&&&&&&&&&&&&&
&&&&&&&& }
出问题时,PC在__wake_up_common+0x60/0x7c,则对__wake_up_common反汇编,代码如下:
&__wake_up_common&:
&&&& 238:&&&&&&& e92d4ff8 &&&&&&&& push&&&&&&&&& {r3, r4, r5, r6, r7, r8, r9, sl, fp, lr}
&& &&23c:&&&&&&& e1a04000 &&&&&& mov r4, r0
&&&& 240:&&&&&&& e1a0a003 &&&&&& mov sl, r3
&&& &244:&&&&&&& e5b43004 &&&&&& ldr&&& r3, [r4, #4]!
&&&& 248:&&&&&&& e28db024 &&&&&& add& fp, sp, #36&&&&&&& ; 0x24
&&&& 24c:&&&&&&& e1a08001 &&&&&& mov r8, r1
&&&& 250:&&&&&&& e1a07002 &&&&&& mov r7, r2
&&&& 254:&&&&&&& e243000c &&&&&& sub&& r0, r3, #12
&&&& 258:&&&&&&& e5936000 &&&&&& ldr&&& r6, [r3]
&&&& 25c:&&&&&&& e59b9004 &&&&&& ldr&&& r9, [fp, #4]
&&&& 260:&&&&&&& e246600c &&&&&& sub& r6, r6, #12
&&&& 264:&&&&&&& ea00000e &&&&&& b&&&&&& 2a4 &__wake_up_common+0x6c&
&&&& 268:&&&&&&& e590c008 &&&&&& ldr&&& ip, [r0, #8]
&&&& 26c:&&&&&&& e1a01008 &&&&&& mov r1, r8
&&&& 270:&&&&&&& e1a0200a &&&&&& mov r2, sl
&&&& 274:&&&&&&& e1a03009 &&&&&& mov r3, r9
&&&& 278:&&&&&&& e5905000 &&&&&& ldr&&& r5, [r0]
&&&& 27c:&&&&&&& e12fff3c blx&&& ip
&&&& 280:&&&&&&& e3500000 &&&&&& cmp r0, #0
&&&& 284:&&&&&&& 0a000003 &&&&&& beq& 298 &__wake_up_common+0x60&
&&&& 288:&&&&&&& e3150001 &&&&&& tst&&& r5, #1
&&&& 28c:&&&&&&& 0a000001 &&&&&& beq& 298 &__wake_up_common+0x60&
&&&& 290:&&&&&&& e2577001 &&&&&& subs r7, r7, #1
&&&& 294:&&&&&&& 08bd8ff8 &&&&&&&& popeq&&&&&& {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}
&&&& 298:&&&&&&& e596300c &&&&&& ldr&&& r3, [r6, #12]
&&&& 29c:&&&&&&& e1a00006 &&&&&& mov r0, r6
&&&& 2a0:&&&&&&& e243600c &&&&&& sub&& r6, r3, #12
&&&& 2a4:&&&&&&& e280300c &&&&&& add& r3, r0, #12
&&&& 2a8:&&&&&&& e1530004 &&&&&& cmp r3, r4
&&&& 2ac:&&&&&&& 1affffed & bne& 268 &__wake_up_common+0x30&
&&&& 2b0:&&&&&&& e8bd8ff8 &&&&&&&& pop& {r3, r4, r5, r6, r7, r8, r9, sl, fp, pc}
R0的值赋值与R4,R4变为c0882b14;
R3是R4偏移4个字节后取内容,则R3是[0xc088 2b18] = d6c79f38
R6是R3的地址上取内容,则变为a0030193。
然后再减去12,变为a0030187
最后出错的地方是,R6再加上12取内容赋值给R3,即[a0030193],而这个虚拟地址找不到对应的物理地址,故内核panic了。
3 panic的真正原因
根据第二部分的叙述,因为每次panic的位置都不一样,暂时无法定位是哪一个具体函数产生的,则只能分析是什么操作导致的了。
大小核切换时,小核执行下电,则会执行下面一个这样的函数,里面有对cci-400的操作。
static int& XXX_XXX_XXX_XXXX(u64 mpidr)
&&&&&&&& u32 port, a7_ctl,
&&&&&&&& cluster = MPIDR_AFFINITY_LEVEL(mpidr, 1);
&&&&&&&& port = cluster ? CCI_SNOOP_CTL4_HA7 : CCI_SNOOP_CTL3_SA7;
&&&&&&&& a7_ctl = cluster ? CTL_AP_HA7_CTRL : CTL_AP_SA7_CTRL;
&&&&&&&& val = __raw_readl(io_p2v(port));
&&&&&&&& if(!(val & 0x3))
&&&&&&&&&&&&&&&&&& goto disable_
&&&&&&&& val &= ~(0x3);
&&&&&&&& __raw_writel(val, io_p2v(port));
&&&&&&&& dsb();
&&&&&&&& while(__raw_readl(io_p2v(CCI_SNOOP_STATUS)) & 0x1)
&&&&&&&&&&&&&&&&&& cpu_relax();
disable_acinactm:
&&&&&&&& /* if cci port disabled, disable A7 ACINACTM */
&&&&&&&& if(!(__raw_readl(io_p2v(port)) & 0x3)){
&&&&&&&&&&&&&&&&&& val = __raw_readl(io_p2v(a7_ctl));
&&&&&&&&&&&&&&&&&& if(val & 0x1)
&&&&&&&&&&&&&&&&&&&&&&&&&&& return 0;
&&&&&&&&&&&&&&&&&& val |= 0x1;
&&&&&&&&&&&&&&&&&& __raw_writel(val, io_p2v(a7_ctl));
&&&&&&&& }else
&&&&&&&&&&&&&&&&&& panic("Disalbe cluster %d cci port Error!!\n", cluster);
&&&&&&&& return 0;
该函数首先根据传入的CPU ID,判断是那一簇的CPU在执行操作;
然后获取对应的cci 侦测控制寄存器的地址、核控制寄存器的地址;
然后读取侦测控制寄存器,这个读取就会直接导致内核panic。
这个寄存器的描述,原文如下:
如黄色字体所示,只能在安全模式才能访问,除非设置了安全访问寄存器,这个寄存器的描述如下图所示。
如此,则在CPU上电后,切换到非安全的模式之前,设置Secure Access Register寄存器,将第0位设置成1,则非安全的那边也可以访问相关的cci-400寄存器了。
经过试验,内核的panic问题得以解决。标签:原文地址:http://www.cnblogs.com/fozu/p/4561891.html
&&国之画&&&& &&&&chrome插件&&
版权所有 京ICP备号-2
迷上了代码!
