Panic when calling _bus_dmamap_load_buffer() with BUS_DMA_COULD_BOUNCE (armv6)

Thomas Skibo ThomasSkibo at sbcglobal.net
Fri Feb 15 22:29:12 UTC 2013 

Hello:

This is the Zedboard port which is the armv6 architecture.  I integrated 
to my project branch late Wednesday which included some big changes to 
busdma stuff.  Now my kernel panics early in boot-up.

I'm getting the a vm_fault when a certain driver calls bus_dmamap_load() 
with a dma tag with BUS_DMA_COULD_BOUNCE set.

What appears to be happening is that the code at lines 971-980 in 
sys/arm/arm/busdma_machdep-v6.c is calling _bus_dmamap_count_pages() 
before map->pmap is set (it's NULL).  _bus_dmamap_count_pages() in turn 
calls pmap_extract() with a NULL pointer.

(_bus_dmamap_count_pages() is inlined by the compiler so doesn't show up 
in the following back-trace.)

I patched busdma_machdep-v6.c to get moving again by moving the 
"map->pmap = pmap" statement before the BUS_DMA_COULD_BOUNCE check.  I'm 
not suggesting that's the right fix at all.

==== //depot/user/skibo/skibo_zynq/sys/arm/arm/busdma_machdep-v6.c#2 - 
/home/skibo/p4/skibo_zynq/sys/arm/arm/busdma_machdep-v6.c ====
970a971,972
> 	map->pmap = pmap;
>
982d983
< 	map->pmap = pmap;

--Thomas







vm_fault(0xc04fae94, 0, 1, 0) -> 1
Fatal kernel mode data abort: 'Translation Fault (S)'
trapframe: 0xc0526ab8
FSR=00000005, FAR=00000010, spsr=000000d3
r0 =c04fabb0, r1 =00000004, r2 =00000004, r3 =00000010
r4 =00000000, r5 =c2dd9000, r6 =c2dda000, r7 =c2dd9000
r8 =c2dd5580, r9 =c2dd55cc, r10=00001000, r11=c0526b1c
r12=c04fabb0, ssp=c0526b04, slr=c041c41c, pc =c0424b90

[ thread pid 0 tid 100000 ]
Stopped at      pmap_extract+0x30:      ldrex   r14, [r3]
db> bt
Tracing pid 0 tid 100000 td 0xc04fabb0
db_trace_self() at db_trace_self+0xc
scp=0xc041e6d8 rlv=0xc041e724 (db_trace_thread+0x38)
         rsp=0xc05267cc rfp=0xc05267d8
db_trace_thread() at db_trace_thread+0xc
scp=0xc041e6f8 rlv=0xc012b6f8 (db_command_init+0x354)
         rsp=0xc05267dc rfp=0xc05267f8
db_command_init() at db_command_init+0x27c
scp=0xc012b620 rlv=0xc012b0fc (db_skip_to_eol+0x4a0)
         rsp=0xc05267fc rfp=0xc05268a0
         r5=0x00000000 r4=0xc04cc258
db_skip_to_eol() at db_skip_to_eol+0x1d4
scp=0xc012ae30 rlv=0xc012b268 (db_command_loop+0x60)
         rsp=0xc05268a4 rfp=0xc05268b0
         r10=0x600001d3 r8=0x00000005
         r7=0x00000000 r6=0x00000010 r5=0xc04cc520 r4=0xc05268bc
db_command_loop() at db_command_loop+0xc
scp=0xc012b214 rlv=0xc012d748 (X_db_sym_numargs+0xf4)
         rsp=0xc05268b4 rfp=0xc05269d0
X_db_sym_numargs() at X_db_sym_numargs+0x14
scp=0xc012d668 rlv=0xc0285a80 (kdb_trap+0xa4)
         rsp=0xc05269d4 rfp=0xc05269f8
         r4=0xc0526ab8
kdb_trap() at kdb_trap+0xc
scp=0xc02859e8 rlv=0xc042d934 (badaddr_read+0x284)
         rsp=0xc05269fc rfp=0xc0526a18
         r10=0x00000000 r8=0xc0526ab8
         r7=0xc04fabb0 r6=0x00000010 r5=0x00000005 r4=0xc0526ab8
badaddr_read() at badaddr_read+0xfc
scp=0xc042d7ac rlv=0xc042de70 (data_abort_handler+0x4e4)
         rsp=0xc0526a1c rfp=0xc0526ab4
         r6=0xc0526ef8 r5=0xc04fa8c8
         r4=0x00000000
data_abort_handler() at data_abort_handler+0xc
scp=0xc042d998 rlv=0xc041fedc (address_exception_entry+0x50)
         rsp=0xc0526ab8 rfp=0xc0526b1c
         r10=0x00001000 r9=0xc2dd55cc
         r8=0xc2dd5580 r7=0xc2dd9000 r6=0xc2dda000 r5=0xc2dd9000
         r4=0x00000000
pmap_extract() at pmap_extract+0xc
scp=0xc0424b6c rlv=0xc041c41c (_bus_dmamap_load_buffer+0x7c)
         rsp=0xc0526b20 rfp=0xc0526b50
         r5=0xc2dd5480 r4=0xc2dd9000
_bus_dmamap_load_buffer() at _bus_dmamap_load_buffer+0xc
scp=0xc041c3ac rlv=0xc0281ca8 (bus_dmamap_load+0xac)
         rsp=0xc0526b54 rfp=0xc0526bb4
         r10=0xc2dad040 r9=0xc0146108
         r8=0x00001000 r7=0x00000000 r6=0xc2dd5580 r5=0xc2dd5480
         r4=0xc2dd9000
bus_dmamap_load() at bus_dmamap_load+0xc
scp=0xc0281c08 rlv=0xc0149354 (sdhci_init_slot+0x100)
         rsp=0xc0526bb8 rfp=0xc0526c08
         r10=0x00000001 r9=0xc2d58700
         r8=0x00000000 r7=0xc2d89580 r6=0xc2dad0d4 r5=0xc2dad018
         r4=0x00000000
sdhci_init_slot() at sdhci_init_slot+0xc
scp=0xc0149260 rlv=0xc0439670 (zy7_slcr_init_postload_pl+0x3ce8)
         rsp=0xc0526c0c rfp=0xc0526c44
         r10=0x00000001 r9=0xc2d58700
         r8=0x00000000 r7=0xc2d89580 r6=0x00000000 r5=0xc2dad000
         r4=0xc2dad000
db>



-- 
--------
Thomas Skibo
ThomasSkibo at sbcglobal.net

More information about the freebsd-arm mailing list