arm_syscall cacheflush breakage on VIPT platforms

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: imre.deak@nokia.com (Imre Deak)
To: linux-arm-kernel@lists.infradead.org
Subject: arm_syscall cacheflush breakage on VIPT platforms
Date: Mon, 28 Sep 2009 12:29:19 +0300	[thread overview]
Message-ID: <20090928092919.GA30271@localhost> (raw)

Hi,

the following test app will cause an unhandled kernel paging request
on VIPT platforms. The triggering condition is the mmap_sem held by
thread_func while the main thread performs cache flushing.

Since the likelihood of this to trigger is relatively low, a patch will
follow that makes similar bugs more visible.

--Imre

#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>

#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/mman.h>

static int exit_thread;
static pthread_t tid;

void *thread_func(void *arg)
{
	while (1) {
		int map_size = 4096;
		void *mem;

		if (exit_thread)
			break;
		mem = mmap(NULL, map_size, PROT_NONE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
		if (mem == MAP_FAILED) {
			perror("mmap");
			break;
		}
		munmap(mem, map_size);
	}
}

int start_mmap_thread(void)
{
	if (pthread_create(&tid, NULL, thread_func, NULL) < 0) {
		perror("pthread_create");
		return -1;
	}
}

int stop_mmap_thread(void)
{
	exit_thread = 1;
	pthread_join(tid, NULL);
}

int main(int argc, char *argv[])
{
	void *mem;
	pid_t tid;
	int r;
	size_t size;
	unsigned long end;
	int i;
	int nr_iter = 1000;

	size = 4096;
	if (posix_memalign(&mem, size, 4096) != 0) {
		fprintf(stderr, "malloc\n");
		return -1;
	}

	start_mmap_thread();

	for (i = 0; i < nr_iter; i++) {
		end = (unsigned long)mem + size - 1;
		r = syscall(__ARM_NR_cacheflush, (unsigned long)mem, end, 0);
		if (r < 0) {
			fprintf(stderr, "syscall: %d\n", r);
			goto out;
		}
	}
out:
	free(mem);

	stop_mmap_thread();

	return 0;
}


[   92.347442] Unable to handle kernel paging request at virtual address 00012000
[   92.354797] pgd = cf1d4000
[   92.357574] [00012000] *pgd=8f1dc031, *pte=00000000, *ppte=00000000
[   92.363983] Internal error: Oops: 817 [#1] PREEMPT
[   92.368804] Modules linked in:
[   92.415679] CPU: 0    Not tainted  (2.6.28-omap1-00042-g96a5ca2-dirty #231)
[   92.422729] PC is at v7_coherent_kern_range+0x18/0x44
[   92.427825] LR is@arm_syscall+0x1c4/0x2b0
[   92.432159] pc : [<c0033b88>]    lr : [<c00306ec>]    psr: 80000053
[   92.432159] sp : cf2a3e80  ip : cf1de0b0  fp : cf2a3fa4
[   92.443725] r10: 40024000  r9 : cf2a2000  r8 : 00000000
[   92.449005] r7 : 000f0002  r6 : 00000000  r5 : 00012fff  r4 : 00012000
[   92.455596] r3 : 0000003f  r2 : 00000040  r1 : 00013000  r0 : 00012000
[   92.462188] Flags: Nzcv  IRQs on  FIQs off  Mode SVC_32  ISA ARM  Segment user
[   92.469482] Control: 10c5387d  Table: 8f1d4018  DAC: 00000015
[   92.475280] Process ct (pid: 768, stack limit = 0xcf2a22e0)
[   92.480895] Stack: (0xcf2a3e80 to 0xcf2a4000)
[   92.485290] 3e80: cfdb23c0 c0281880 cf2a3eb4 cf2a3e98 c0285b08 c0285a68 00000000 c004f980
[   92.493743] 3ea0: cf16401c cfdb2700 cf2a3ecc cf2a3eb8 c0285b54 c0285ae0 cf2df900 cfdb2700
[   92.502166] 3ec0: cf2a3efc cf2a3ed0 c02816b8 c00501fc 40000000 cf2a2000 c0381540 00000000
[   92.510589] 3ee0: 00000301 00000000 00000000 00000000 cf2a3f14 cf2a3f00 c0281880 c0281410
[   92.519012] 3f00: cfdb23c0 c0381540 cf2a3f3c cf2a3f18 c0052ff4 c0281848 003d0f00 60000053
[   92.527435] 3f20: cf2a3f3c cfdb23c0 003d0f00 00000000 cf2a3f8c cf2a3f40 c0054f1c c0052f0c
[   92.535858] 3f40: 409734d8 cf215bc0 00000000 c0156750 cf2a3fa4 cf2a3f60 c00a34d4 c0070930
[   92.544281] 3f60: 00100070 409734d8 40973490 4004c000 00000078 c002cac4 cf2a2000 40033888
[   92.552703] 3f80: cf2a3fa4 cf2a3f90 c002f9c0 00000000 bea99ef4 00000001 00000000 cf2a3fa8
[   92.561126] 3fa0: c002c940 c0030534 00000000 bea99ef4 00012000 00012fff 00000000 40023e08
[   92.569549] 3fc0: 00000000 bea99ef4 00000001 000f0002 00000000 00000000 40024000 bea99d9c
[   92.577972] 3fe0: bea99d68 bea99d58 00008788 4010d6f0 60000050 00012000 805b6021 805b6421
[   92.586395] Backtrace:
[   92.588867] [<c0030528>] (arm_syscall+0x0/0x2b0) from [<c002c940>] (ret_fast_syscall+0x0/0x2c)
[   92.597625]  r6:00000001 r5:bea99ef4 r4:00000000
[   92.602294] Code: e3a02010 e1a02312 e2423001 e1c00003 (ee070f3b)
[   92.609893] mtdoops: Ready 26, 219 (no erase)
[   92.878631] ---[ end trace 6854c4877e56a241 ]---

next             reply	other threads:[~2009-09-28  9:29 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-09-28  9:29 Imre Deak [this message]
2009-09-28  9:41 ` arm_syscall cacheflush breakage on VIPT platforms Russell King - ARM Linux
2009-09-28  9:54   ` Imre Deak
2009-09-28  9:59     ` Russell King - ARM Linux
2009-09-28 10:10       ` Imre Deak
2009-09-28 10:28         ` Russell King - ARM Linux
2009-09-28 11:00           ` Imre Deak
2009-09-28 16:54       ` Catalin Marinas
2009-09-28  9:48 ` [PATCH] ARM: add warning for invalid kernel page faults Imre Deak
2009-09-28  9:55   ` Russell King - ARM Linux
2009-09-28 10:00     ` Imre Deak
2009-09-28 10:04       ` Russell King - ARM Linux
2009-09-28 10:16         ` Imre Deak
2009-09-28 10:27           ` Russell King - ARM Linux
2009-09-28 11:01             ` Imre Deak
2009-09-28 11:05               ` [PATCH v2] " Imre Deak
2009-09-28 11:26               ` [PATCH] " Russell King - ARM Linux
2009-09-28 11:33                 ` Imre Deak
2009-09-28 11:34                   ` Russell King - ARM Linux
2009-09-29 10:07                     ` [PATCH v3] ARM: add debug check " Imre Deak
2009-09-28 12:49 ` arm_syscall cacheflush breakage on VIPT platforms Jamie Lokier
2009-09-28 13:16   ` Imre Deak
2009-09-28 13:19     ` Jamie Lokier
2009-09-28 13:25       ` Russell King - ARM Linux
2009-09-28 13:56         ` Jamie Lokier
2009-09-28 13:31       ` Imre Deak
2009-09-28 13:42         ` Russell King - ARM Linux
2009-09-28 13:55           ` Aguirre Rodriguez, Sergio Alberto
2009-09-28 14:07             ` Jamie Lokier
2009-09-28 14:10           ` Laurent Pinchart
2009-09-28 14:15             ` Jamie Lokier
2009-09-28 14:22               ` Laurent Pinchart
2009-09-28 14:50                 ` Jamie Lokier
2009-09-28 16:28                   ` Imre Deak
2009-09-28 19:35                     ` Jamie Lokier
2009-09-29  9:10                       ` Imre Deak
2009-09-28 20:18               ` Steven Walter
2009-09-29  0:50                 ` Jamie Lokier
2009-09-28 14:20             ` Bill Gatliff
2009-09-28 13:23     ` Russell King - ARM Linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20090928092919.GA30271@localhost \
    --to=imre.deak@nokia.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).