BUG: Unaligned kernel access on ssb_sprom->il0mac causes kernel Oopson bcm47xx

From: Jochen Friedrich
Date: Wed Jul 27 2011 - 12:31:09 EST

Next message: Oleg Nesterov: "[PATCH 0/8] make vfork killable/restartable/traceable"
Previous message: Konrad Rzeszutek Wilk: "Re: [Xen-devel] Re: [PATCH 0/5] Collected vdso/vsyscall fixes for 3.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Booting a current OpenWRT version on a modified MN-700 router fails.
Using a JTAG adapter, I was able to retrieve the Oops below from the routers memory. The culprit code that triggers an unaligned access is in drivers/ssb/pci.h, sprom_extract_r123:

for (i = 0; i < 3; i++) {
v = in[SPOFF(loc[0]) + i];
*(((__be16 *)out->il0mac) + i) = cpu_to_be16(v);
}

out->il0mac is misaligned as struct ssb_sprom is defined as:

struct ssb_sprom {
u8 revision;
u8 il0mac[6]; /* MAC address for 802.11b/g */
[...]
}

It looks like there might be an HW interrupt while the kernel is in the misalignment handler. The problem immediately disappears if il0mac[6] is properly aligned.

Thanks,
Jochen

# ksymoops -m System.map -t none < Z
ksymoops 2.4.11 on sparc64 2.6.32-5-sparc64. Options used
-V (default)
-k /proc/ksyms (default)
-l /proc/modules (default)
-o /lib/modules/2.6.32-5-sparc64/ (default)
-m System.map (specified)
-t none

Error (regular_file): read_ksyms stat /proc/ksyms failed
ksymoops: No such file or directory
No modules in ksyms, skipping objects
No ksyms, skipping lsmod
<1>CPU 0 Unable to handle kernel paging request at virtual address 00000008, epc == 8003ad68, ra == 8003ad38
<4>Cpu 0
<4>$ 0 : 00000000 10000000 00000000 00000013
<4>$ 4 : 0000801b 8081dd00 00000000 38850080
<4>$ 8 : 8081b96c 00000001 38850080 0000801b
<4>$12 : 000003ff 8022f8d0 00000001 8022f8c8
<4>$16 : 8081dc40 80818888 8081dd18 80270000
<4>$20 : 00000000 00000001 802c0000 00000001
<4>$24 : 00000000 80016560
<4>$28 : 8081a000 8081b958 80270000 8003ad38
<4>Hi : 000005df
<4>Lo : 000568e6
<4>epc : 8003ad68 0x8003ad68
Using defaults from ksymoops -a sparc
<4>Status: 10000002 KERNEL EXL
<4>Cause : 00800008
<4> 00000000 00000001 38850080 0000801b 80270000 8002822c 00000000 1c5fe1a8
<4> 802c0000 80270000 8081baa0 00000000 802c0000 80047aa8 80273520 1b6c36ca
<4> 003d0000 802757b0 802be1e0 00000001 1c5fe1a8 00000000 00000000 80275bb4
<4> 00000007 00000000 8081bc40 8000c730 00000001 00000000 8081b9f0 8081b9f0
<4>Call Trace:[<80016590>] 0x80016590
<4>[<800281d4>] 0x800281d4
<4>[<8002822c>] 0x8002822c
<4>[<80047aa8>] 0x80047aa8
<4>[<8000c730>] 0x8000c730
<4>[<800500a8>] 0x800500a8
<4>[<801805cc>] 0x801805cc
<4>[<80052e80>] 0x80052e80
<4>[<801805cc>] 0x801805cc
<4>[<8004fa0c>] 0x8004fa0c
<4>[<8011ac18>] 0x8011ac18
<4>[<80006dd0>] 0x80006dd0
<4>[<800022a0>] 0x800022a0
<4>[<800051a4>] 0x800051a4
<4>[<800226c0>] 0x800226c0
<4>[<801805cc>] 0x801805cc
<4>[<801805cc>] 0x801805cc
<4>[<80228068>] 0x80228068
<4>[<8000c314>] 0x8000c314
<4>[<80180bf0>] 0x80180bf0
<4>[<80005ab4>] 0x80005ab4
<4>[<8001cd44>] 0x8001cd44
<4>[<801805cc>] 0x801805cc
<4>[<80228068>] 0x80228068
<4>[<80180bf0>] 0x80180bf0
<4>[<8017f6ec>] 0x8017f6ec
<4>[<801805cc>] 0x801805cc
<4>[<8017d918>] 0x8017d918
<4>Code: 27a80014 50600014 8c520008 <8c450008> 02a5282b 50a00003 8c450004 0800eb6d 8c520008
Error (Oops_bfd_perror): /tmp/ksymoops.FY6Yx3 Invalid bfd target

>>RA; 8003ad38 <run_posix_cpu_timers+3a8/808>
>>$13; 8022f8d0 <degrade_factor+0/28>
>>$15; 8022f8c8 <degrade_zero_ticks+0/8>
>>$19; 80270000 <__nosave_begin+0/0>
>>$22; 802c0000 <futex_queues+690/800>
>>$25; 80016560 <task_tick_fair+0/140>
>>$30; 80270000 <__nosave_begin+0/0>
>>$31; 8003ad38 <run_posix_cpu_timers+3a8/808>

>>???; 8003ad68 <run_posix_cpu_timers+3d8/808> <=====

Trace; 80016590 <task_tick_fair+30/140>
Trace; 800281d4 <run_local_timers+10/20>
Trace; 8002822c <update_process_times+48/60>
Trace; 80047aa8 <tick_nohz_handler+ac/124>
Trace; 8000c730 <c0_compare_interrupt+74/98>
Trace; 800500a8 <handle_irq_event_percpu+5c/2b4>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 80052e80 <handle_percpu_irq+58/8c>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 8004fa0c <generic_handle_irq+3c/4c>
Trace; 8011ac18 <number.clone.6+1b8/360>
Trace; 80006dd0 <do_IRQ+1c/2c>
Trace; 800022a0 <plat_irq_dispatch+40/c0>
Trace; 800051a4 <ret_from_irq+0/4>
Trace; 800226c0 <__do_softirq+100/18c>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 80228068 <ssb_pcihost_probe+0/118>
Trace; 8000c314 <do_ade+264/380>
Trace; 80180bf0 <ssb_pci_get_invariants+624/698>
Trace; 80005ab4 <handle_adel_int+2c/58>
Trace; 8001cd44 <vprintk+348/3a8>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 80228068 <ssb_pcihost_probe+0/118>
Trace; 80180bf0 <ssb_pci_get_invariants+624/698>
Trace; 8017f6ec <sprom_extract_r123+24/248>
Trace; 801805cc <ssb_pci_get_invariants+0/698>
Trace; 8017d918 <ssb_fetch_invariants+34/7c>

<0>Kernel panic - not syncing: Fatal exception in interrupt

2 errors issued. Results may not be reliable.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "[PATCH 0/8] make vfork killable/restartable/traceable"
Previous message: Konrad Rzeszutek Wilk: "Re: [Xen-devel] Re: [PATCH 0/5] Collected vdso/vsyscall fixes for 3.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]