arm_syscall cacheflush breakage on VIPT platforms

All of lore.kernel.org
 help / color / mirror / Atom feed

From: imre.deak@nokia.com (Imre Deak)
To: linux-arm-kernel@lists.infradead.org
Subject: arm_syscall cacheflush breakage on VIPT platforms
Date: Mon, 28 Sep 2009 12:29:19 +0300	[thread overview]
Message-ID: <20090928092919.GA30271@localhost> (raw)

Hi,

the following test app will cause an unhandled kernel paging request
on VIPT platforms. The triggering condition is the mmap_sem held by
thread_func while the main thread performs cache flushing.

Since the likelihood of this to trigger is relatively low, a patch will
follow that makes similar bugs more visible.

--Imre

#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>

#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/mman.h>

static int exit_thread;
static pthread_t tid;

void *thread_func(void *arg)
{
	while (1) {
		int map_size = 4096;
		void *mem;

		if (exit_thread)
			break;
		mem = mmap(NULL, map_size, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
		if (mem == MAP_FAILED) {
			perror("mmap");
			break;
		}
		munmap(mem, map_size);
	}
}

int start_mmap_thread(void)
{
	if (pthread_create(&tid, NULL, thread_func, NULL) < 0) {
		perror("pthread_create");
		return -1;
	}
}

int stop_mmap_thread(void)
{
	exit_thread = 1;
	pthread_join(tid, NULL);
}

int main(int argc, char *argv[])
{
	void *mem;
	pid_t tid;
	int r;
	size_t size;
	unsigned long end;
	int i;
	int nr_iter = 1000;

	size = 4096;
	if (posix_memalign(&mem, size, 4096) != 0) {
		fprintf(stderr, "malloc\n");
		return -1;
	}

	start_mmap_thread();

	for (i = 0; i < nr_iter; i++) {
		end = (unsigned long)mem + size - 1;
		r = syscall(__ARM_NR_cacheflush, (unsigned long)mem, end, 0);
		if (r < 0) {
			fprintf(stderr, "syscall: %d\n", r);
			goto out;
		}
	}
out:
	free(mem);

	stop_mmap_thread();

	return 0;
}


[   92.347442] Unable to handle kernel paging request at virtual address 00012000
[   92.354797] pgd = cf1d4000
[   92.357574] [00012000] *pgd=8f1dc031, *pte=00000000, *ppte=00000000
[   92.363983] Internal error: Oops: 817 [#1] PREEMPT
[   92.368804] Modules linked in:
[   92.415679] CPU: 0    Not tainted  (2.6.28-omap1-00042-g96a5ca2-dirty #231)
[   92.422729] PC is at v7_coherent_kern_range+0x18/0x44
[   92.427825] LR is@arm_syscall+0x1c4/0x2b0
[   92.432159] pc : [<c0033b88>]    lr : [<c00306ec>]    psr: 80000053
[   92.432159] sp : cf2a3e80  ip : cf1de0b0  fp : cf2a3fa4
[   92.443725] r10: 40024000  r9 : cf2a2000  r8 : 00000000
[   92.449005] r7 : 000f0002  r6 : 00000000  r5 : 00012fff  r4 : 00012000
[   92.455596] r3 : 0000003f  r2 : 00000040  r1 : 00013000  r0 : 00012000
[   92.462188] Flags: Nzcv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
[   92.469482] Control: 10c5387d  Table: 8f1d4018  DAC: 00000015
[   92.475280] Process ct (pid: 768, stack limit = 0xcf2a22e0)
[   92.480895] Stack: (0xcf2a3e80 to 0xcf2a4000)
[   92.485290] 3e80: cfdb23c0 c0281880 cf2a3eb4 cf2a3e98 c0285b08 c0285a68 00000000 c004f980
[   92.493743] 3ea0: cf16401c cfdb2700 cf2a3ecc cf2a3eb8 c0285b54 c0285ae0 cf2df900 cfdb2700
[   92.502166] 3ec0: cf2a3efc cf2a3ed0 c02816b8 c00501fc 40000000 cf2a2000 c0381540 00000000
[   92.510589] 3ee0: 00000301 00000000 00000000 00000000 cf2a3f14 cf2a3f00 c0281880 c0281410
[   92.519012] 3f00: cfdb23c0 c0381540 cf2a3f3c cf2a3f18 c0052ff4 c0281848 003d0f00 60000053
[   92.527435] 3f20: cf2a3f3c cfdb23c0 003d0f00 00000000 cf2a3f8c cf2a3f40 c0054f1c c0052f0c
[   92.535858] 3f40: 409734d8 cf215bc0 00000000 c0156750 cf2a3fa4 cf2a3f60 c00a34d4 c0070930
[   92.544281] 3f60: 00100070 409734d8 40973490 4004c000 00000078 c002cac4 cf2a2000 40033888
[   92.552703] 3f80: cf2a3fa4 cf2a3f90 c002f9c0 00000000 bea99ef4 00000001 00000000 cf2a3fa8
[   92.561126] 3fa0: c002c940 c0030534 00000000 bea99ef4 00012000 00012fff 00000000 40023e08
[   92.569549] 3fc0: 00000000 bea99ef4 00000001 000f0002 00000000 00000000 40024000 bea99d9c
[   92.577972] 3fe0: bea99d68 bea99d58 00008788 4010d6f0 60000050 00012000 805b6021 805b6421
[   92.586395] Backtrace:
[   92.588867] [<c0030528>] (arm_syscall+0x0/0x2b0) from [<c002c940>] (ret_fast_syscall+0x0/0x2c)
[   92.597625]  r6:00000001 r5:bea99ef4 r4:00000000
[   92.602294] Code: e3a02010 e1a02312 e2423001 e1c00003 (ee070f3b)
[   92.609893] mtdoops: Ready 26, 219 (no erase)
[   92.878631] ---[ end trace 6854c4877e56a241 ]---

next             reply	other threads:[~2009-09-28  9:29 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-28  9:29 Imre Deak [this message]
2009-09-28  9:41 ` arm_syscall cacheflush breakage on VIPT platforms Russell King - ARM Linux
2009-09-28  9:54   ` Imre Deak
2009-09-28  9:59     ` Russell King - ARM Linux
2009-09-28 10:10       ` Imre Deak
2009-09-28 10:28         ` Russell King - ARM Linux
2009-09-28 11:00           ` Imre Deak
2009-09-28 16:54       ` Catalin Marinas
2009-09-28  9:48 ` [PATCH] ARM: add warning for invalid kernel page faults Imre Deak
2009-09-28  9:55   ` Russell King - ARM Linux
2009-09-28 10:00     ` Imre Deak
2009-09-28 10:04       ` Russell King - ARM Linux
2009-09-28 10:16         ` Imre Deak
2009-09-28 10:27           ` Russell King - ARM Linux
2009-09-28 11:01             ` Imre Deak
2009-09-28 11:05               ` [PATCH v2] " Imre Deak
2009-09-28 11:26               ` [PATCH] " Russell King - ARM Linux
2009-09-28 11:33                 ` Imre Deak
2009-09-28 11:34                   ` Russell King - ARM Linux
2009-09-29 10:07                     ` [PATCH v3] ARM: add debug check " Imre Deak
2009-09-28 12:49 ` arm_syscall cacheflush breakage on VIPT platforms Jamie Lokier
2009-09-28 13:16   ` Imre Deak
2009-09-28 13:19     ` Jamie Lokier
2009-09-28 13:25       ` Russell King - ARM Linux
2009-09-28 13:56         ` Jamie Lokier
2009-09-28 13:31       ` Imre Deak
2009-09-28 13:42         ` Russell King - ARM Linux
2009-09-28 13:55           ` Aguirre Rodriguez, Sergio Alberto
2009-09-28 14:07             ` Jamie Lokier
2009-09-28 14:10           ` Laurent Pinchart
2009-09-28 14:15             ` Jamie Lokier
2009-09-28 14:22               ` Laurent Pinchart
2009-09-28 14:50                 ` Jamie Lokier
2009-09-28 16:28                   ` Imre Deak
2009-09-28 19:35                     ` Jamie Lokier
2009-09-29  9:10                       ` Imre Deak
2009-09-28 20:18               ` Steven Walter
2009-09-29  0:50                 ` Jamie Lokier
2009-09-28 14:20             ` Bill Gatliff
2009-09-28 13:23     ` Russell King - ARM Linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090928092919.GA30271@localhost \
    --to=imre.deak@nokia.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.