From: Hans Verkuil <hverkuil@xs4all.nl>
To: Prabhakar Lad <prabhakar.csengg@gmail.com>
Cc: linux-media@vger.kernel.org,
Federico Vaga <federico.vaga@gmail.com>,
Mauro Carvalho Chehab <mchehab@redhat.com>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Subject: Re: Recent patch for videobuf causing a crash to my driver
Date: Fri, 22 Jun 2012 09:50:44 +0200 [thread overview]
Message-ID: <4FE423D4.9010609@xs4all.nl> (raw)
In-Reply-To: <CA+V-a8uDgmiy52wEs0rR5B08aAmSk=Wyf+e3mMzazeGykdMA4w@mail.gmail.com>
On 22/06/12 05:39, Prabhakar Lad wrote:
> Hi Federico,
>
> Recent patch from you (commit id a8f3c203e19b702fa5e8e83a9b6fb3c5a6d1cce4) which
> added cached buffer support to videobuf dma contig, is causing my
> driver to crash.
> Has this patch being tested for 'uncached' buffers ? If I replace this
> mapping logic with
> remap_pfn_range() my driver works without any crash.
>
> Or is that I am missing somewhere ?
No, I had the same problem this week with vpif_capture. Since I was running an
unusual setup (a 3.0 kernel with the media subsystem patched to 3.5-rc1) I didn't
know whether it was caused by a mismatch between 3.0 and a 3.5 media subsystem.
I intended to investigate this next week, but now it is clear that it is this patch
that is causing the problem.
Here is our trace:
Unable to handle kernel paging request at virtual address d5ffdf51
pgd = c2ae8000
[d5ffdf51] *pgd=00000000
Internal error: Oops: 1 [#1] PREEMPT
CPU: 0 Not tainted (3.0.31-jqiang #1)
PC is at vm_insert_page+0x34/0x5c
LR is at __videobuf_mmap_mapper+0xf0/0x1f4
pc : [<c00c1494>] lr : [<c0215d2c>] psr: 00000013
sp : c5589ed0 ip : 00000000 fp : c5587628
r10: c046bc54 r9 : c2a44dc0 r8 : 0011e000
r7 : bfc01000 r6 : c5591fc4 r5 : c2afbee8 r4 : 424d5000
r3 : c2afbee8 r2 : c0c6f000 r1 : 424d5000 r0 : d5ffdf4d
Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
Control: 0005317f Table: 82ae8000 DAC: 00000015
Process Video (pid: 1230, stack limit = 0xc5588270)
Stack: (0xc5589ed0 to 0xc558a000)
9ec0: c0215c3c c5587628 c2afbee8 424d5000
9ee0: c564a200 0011e000 0000011e c2afbee8 c5588000 c0213620 c55bf400 c2b416e0
9f00: 424d5000 c02020f4 c2b44a90 424d5000 c564a200 c2b44a8c c2b44a90 c00c6524
9f20: 000000ff 00000000 c2b416e0 00000000 00000000 c5588000 0011e000 c2b44a70
9f40: c2b416e0 00000000 c759fa70 00000001 00000000 425f3000 c7960000 00000001
9f60: c5588000 c2b416e0 00000003 0011df00 c5588000 00000000 00592d2c c00c6ad4
9f80: 000000ff 00000000 00592d2c 00000021 00000000 00000021 000000c0 c002bc48
9fa0: 00000000 c002baa0 00000021 00000000 00000000 0011df00 00000003 00000001
9fc0: 00000021 00000000 00000021 000000c0 00000001 00592ca4 000a2aa0 00592d2c
9fe0: 00000000 00592b68 00023ce8 403318d8 40000010 00000000 00000000 00000000
[<c00c1494>] (vm_insert_page+0x34/0x5c) from [<c0215d2c>]
(__videobuf_mmap_mapper+0xf0/0x1f4)
[<c0215d2c>] (__videobuf_mmap_mapper+0xf0/0x1f4) from [<c0213620>]
(videobuf_mmap_mapper+0xa0/0x128)
[<c0213620>] (videobuf_mmap_mapper+0xa0/0x128) from [<c02020f4>]
(v4l2_mmap+0x88/0xb8)
[<c02020f4>] (v4l2_mmap+0x88/0xb8) from [<c00c6524>]
(mmap_region+0x340/0x530)
[<c00c6524>] (mmap_region+0x340/0x530) from [<c00c6ad4>]
(sys_mmap_pgoff+0x7c/0xbc)
[<c00c6ad4>] (sys_mmap_pgoff+0x7c/0xbc) from [<c002baa0>]
(ret_fast_syscall+0x0/0x2c)
Code: e5920000 e3100902 1592000c 01a00002 (e5900004)
---[ end trace 907d90a82cfa0ada ]---
I've traced the bug to the fact that the page returned by:
page = virt_to_page((void *)pos);
does not have a valid page->first_page pointer, causing page_count() to fail.
As far as I can tell from reading the diff the remap_pfn_range() was just dropped,
presumably by accident.
This (untested!) patch restores it:
diff --git a/drivers/media/video/videobuf-dma-contig.c b/drivers/media/video/videobuf-dma-contig.c
index b6b5cc1..75efd8f 100644
--- a/drivers/media/video/videobuf-dma-contig.c
+++ b/drivers/media/video/videobuf-dma-contig.c
@@ -359,8 +359,17 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
size = vma->vm_end - vma->vm_start;
size = (size < mem->size) ? size : mem->size;
- if (!mem->cached)
+ if (!mem->cached) {
vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
+ retval = remap_pfn_range(vma, vma->vm_start,
+ mem->dma_handle >> PAGE_SHIFT,
+ size, vma->vm_page_prot);
+ if (retval) {
+ dev_err(q->dev, "mmap: remap failed with error %d.\n", retval);
+ __videobuf_dc_free(q->dev, mem);
+ goto error;
+ }
+ }
pos = (unsigned long)mem->vaddr;
I'll test this next week.
Regards,
Hans
>
> ------
> Thx,
> --Prabhakar
>
> Following is the crash log:
>
> Unable to handle kernel paging request at virtual address e1a0201a
> pgd = c372c000
> [e1a0201a] *pgd=00000000
> Internal error: Oops: 1 [#1] PREEMPT ARM
> Modules linked in:
> CPU: 0 Not tainted (3.5.0-rc3+ #32)
> PC is at flush_dcache_page+0x4c/0x1b8
> LR is at insert_page+0x38/0x158
> pc : [<c000f028>] lr : [<c0075b58>] psr: a0000013
> sp : c36d5d90 ip : c36d5dd8 fp : c36d5dd4
> r10: c5000000 r9 : 00000000 r8 : 00281000
> r7 : 00000103 r6 : c2d60780 r5 : e1a02006 r4 : c056f000
> r3 : 00000000 r2 : e1a02006 r1 : b6bb8000 r0 : c056f000
> Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> Control: 0005317f Table: c372c000 DAC: 00000015
> Process vpif_display (pid: 1167, stack limit = 0xc36d4270)
> Stack: (0xc36d5d90 to 0xc36d6000)
> 5d80: 00000000 00000000 c36d5de4 c36d5da8
> 5da0: c0019da8 c00194d0 c04b1fc0 0000000d c056f000 b6bb8000 c2d60780 00000103
> 5dc0: 00281000 c5000000 c36d5e04 c36d5dd8 c0075b58 c000efec c36d5e04 c36d5de8
> 5de0: c033c164 c2c349a0 c365e264 c364a20c c37abd60 00281000 c36d5e14 c36d5e08
> 5e00: c0075cd8 c0075b30 c36d5e4c c36d5e18 c0248ca0 c0075c88 00000003 b6bb8000
> 5e20: 00000000 c364a20c c2c349a0 c365ed80 c2d60780 b6bb8000 00000281 c37a6688
> 5e40: c36d5e64 c36d5e50 c0246608 c0248b58 c2c349a0 c364a000 c36d5e7c c36d5e68
> 5e60: c0250364 c0246548 c3611a00 c2c349a0 c36d5e9c c36d5e80 c0235c90 c0250334
> 5e80: c035c608 c2c349a0 000000ff c365ed80 c36d5f04 c36d5ea0 c007ab78 c0235c2c
> 5ea0: 000000ff 00000000 c365ed80 00000000 00000000 c365ed80 00000001 00281000
> 5ec0: b6e39000 00000000 00000007 c374bcd4 c374bcdc c374b8f0 c36d5f04 c365ed80
> 5ee0: 000000ff 00281000 00000007 00000001 00000000 c2d60780 c36d5f44 c36d5f08
> 5f00: c007b034 c007a950 000000ff 00000000 c365ed80 00000281 c36d5f34 c2d607b4
> 5f20: c365ed80 00000003 00280400 00000000 c36d4000 00000000 c36d5f74 c36d5f48
> 5f40: c006efd0 c007adbc 00000001 00000000 c36d5f74 c365ed80 00000001 00000003
> 5f60: 00280400 00000000 c36d5fa4 c36d5f78 c0079364 c006ef7c 00000001 00000000
> 5f80: 00001000 00000003 00000000 00008598 000000c0 c00095a4 00000000 c36d5fa8
> 5fa0: c0009420 c00792f8 00000003 00000000 00000000 00280400 00000003 00000001
> 5fc0: 00000003 00000000 00008598 000000c0 00000000 00000000 b6f9c000 bef89c94
> 5fe0: 00000000 bef89b58 00008b54 b6ef8908 40000010 00000000 00000000 00000000
> Backtrace:
> [<c000efdc>] (flush_dcache_page+0x0/0x1b8) from [<c0075b58>]
> (insert_page+0x38/0x158)
> [<c0075b20>] (insert_page+0x0/0x158) from [<c0075cd8>]
> (vm_insert_page+0x60/0x6c)
> r8:00281000 r7:c37abd60 r6:c364a20c r5:c365e264 r4:c2c349a0
> [<c0075c78>] (vm_insert_page+0x0/0x6c) from [<c0248ca0>]
> (__videobuf_mmap_mapper+0x158/0x1f4)
> [<c0248b48>] (__videobuf_mmap_mapper+0x0/0x1f4) from [<c0246608>]
> (videobuf_mmap_mapper+0xd0/0x114)
> [<c0246538>] (videobuf_mmap_mapper+0x0/0x114) from [<c0250364>]
> (vpif_mmap+0x40/0x50)
> r5:c364a000 r4:c2c349a0
> [<c0250324>] (vpif_mmap+0x0/0x50) from [<c0235c90>] (v4l2_mmap+0x74/0x98)
> r5:c2c349a0 r4:c3611a00
> [<c0235c1c>] (v4l2_mmap+0x0/0x98) from [<c007ab78>] (mmap_region+0x238/0x46c)
> r6:c365ed80 r5:000000ff r4:c2c349a0 r3:c035c608
> [<c007a940>] (mmap_region+0x0/0x46c) from [<c007b034>]
> (do_mmap_pgoff+0x288/0x2e8)
> [<c007adac>] (do_mmap_pgoff+0x0/0x2e8) from [<c006efd0>]
> (vm_mmap_pgoff+0x64/0x7c)
> [<c006ef6c>] (vm_mmap_pgoff+0x0/0x7c) from [<c0079364>]
> (sys_mmap_pgoff+0x7c/0x9c)
> r8:00000000 r7:00280400 r6:00000003 r5:00000001 r4:c365ed80
> [<c00792e8>] (sys_mmap_pgoff+0x0/0x9c) from [<c0009420>]
> (ret_fast_syscall+0x0/0x2c)
> r8:c00095a4 r7:000000c0 r6:00008598 r5:00000000 r4:00000003
> Code: 11a05003 1a000008 e3550000 0a000006 (e5953014)
> ---[ end trace 57f3e388e320b7e4 ]--
> --
> To unsubscribe from this list: send the line "unsubscribe linux-media" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-06-22 7:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-06-22 3:39 Recent patch for videobuf causing a crash to my driver Prabhakar Lad
2012-06-22 7:50 ` Hans Verkuil [this message]
2012-06-22 8:50 ` Laurent Pinchart
2012-06-22 8:59 ` Hans Verkuil
2012-06-22 9:11 ` Prabhakar Lad
2012-06-22 9:28 ` Hans Verkuil
2012-06-22 9:45 ` Prabhakar Lad
2012-06-22 14:51 ` Mauro Carvalho Chehab
2012-06-22 9:09 ` Prabhakar Lad
2012-06-22 9:25 ` Hans Verkuil
2012-06-22 13:09 ` Federico Vaga
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FE423D4.9010609@xs4all.nl \
--to=hverkuil@xs4all.nl \
--cc=federico.vaga@gmail.com \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@redhat.com \
--cc=prabhakar.csengg@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.