A bug about system call on ARM

From: Wang, Yalin
Date: Wed May 29 2013 - 02:52:50 EST

Next message: Cherian, George: "RE: [PATCH 3/3] usb: dwc3: omap Modify dwc3_omap_readl/writel withoffsets"
Previous message: Mike Turquette: "Re: [PATCH 0/2] clk: add of_clk_provider stubs to enable clk-si5351 on non OF"
Next in thread: richard -rw- weinberger: "Re: A bug about system call on ARM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I am a new comer to this mailing list ,
I am happy to join this community .

I have a bug reported from our android phones which is caused by the system call .
It seems like kernel bugs from my view .

Crash in file arch\arm\kernel\ entry-common.S

/***************************************************************/

ENTRY(vector_swi)
sub sp, sp, #S_FRAME_SIZE
stmia sp, {r0 - r12} @ Calling r0 - r12
ARM( add r8, sp, #S_PC )
ARM( stmdb r8, {sp, lr}^ ) @ Calling sp, lr
THUMB( mov r8, sp )
THUMB( store_user_sp_lr r8, r10, S_SP ) @ calling sp, lr
mrs r8, spsr @ called from non-FIQ mode, so ok.
str lr, [sp, #S_PC] @ Save calling PC
str r8, [sp, #S_PSR] @ Save CPSR
str r0, [sp, #S_OLD_R0] @ Save OLD_R0
zero_fp

/*
* Get the system call number.
*/

#if defined(CONFIG_OABI_COMPAT)

/*
* If we have CONFIG_OABI_COMPAT then we need to look at the swi
* value to determine if it is an EABI or an old ABI call.
*/
#ifdef CONFIG_ARM_THUMB
tst r8, #PSR_T_BIT
movne r10, #0 @ no thumb OABI emulation
ldreq r10, [lr, #-4] @ get SWI instruction // crash at this instruction, when get SWI instruction
#else
ldr r10, [lr, #-4] @ get SWI instruction
A710( and ip, r10, #0x0f000000 @ check for SWI )
A710( teq ip, #0x0f000000 )
A710( bne .Larm710bug )
#endif
#ifdef CONFIG_CPU_ENDIAN_BE8
rev r10, r10 @ little endian instruction
#endif

/***************************************************************************************************/

Then reason why it will crash when get SWI instruction is maybe
This page is clear to aged by kernel,
But this MMU fault happpened in kernel,
So the kernel do_page_fault function will not clear this page to young,
So that will crash .

It should poll this page to make it present or the fault should be handled by fixup section ,
Anyway, this place should not crash by kernel .

The kernel version I used is 3.4.0
I have add the kernel log and the call stack recovered by trace32 tools
Pls have a look at it .

Thanks .

Sony Mobile Communications
Tel: +86 10 5966 9819
Phone: 18610323092
Address: No.16 Guangshun South Street, Chaoyang, Beijing, P.R.C.

sonymobile.com

Attachment: kernel.log
Description: kernel.log

crash_noites_save_this_cpu(type = CRASH_NOTE_CRASHING = 0x2, cpu = 0x1)
update_crash_notes(?, ?, ?)
notifier_call_chain(?, val = 0x0, v = 0xC0ECBE9C, nr_to_call = 0x5, nr_calls = 0x0)
__atomic_notifier_call_chain(nh = 0xC0ECC29C, val = 0x0, v = 0xC0ECBE9C, nr_to_call = 0xFFFFFFFF, nr_calls = 0x0)
atomic_notifier_call_chain(?, ?, ?)
panic(fmt = 0xC098BC02)
die(?, regs = 0xE0601F68, err = 0x17)
__do_kernel_fault.part.8(mm = 0xC73E7DC0, addr = 0x4020841C, fsr = 0x17, regs = 0xE0601F68)
do_page_fault(addr = 0xC73E7DC0, fsr = 0x17, regs = 0x4020841C)
do_DataAbort(addr = 0x4020841C, fsr = 0x17, regs = 0xE0601F68)
__dabt_svc(asm)
exception
vector_swi(asm)
ret_fast_syscall(asm)
exception
NUR:0xFFFF:0x40208420(asm)
end of frame

Next message: Cherian, George: "RE: [PATCH 3/3] usb: dwc3: omap Modify dwc3_omap_readl/writel withoffsets"
Previous message: Mike Turquette: "Re: [PATCH 0/2] clk: add of_clk_provider stubs to enable clk-si5351 on non OF"
Next in thread: richard -rw- weinberger: "Re: A bug about system call on ARM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]