* flexcan gcc optimization bug
@ 2013-06-26 9:43 Michael Thalmeier
2013-06-26 10:16 ` Marc Kleine-Budde
0 siblings, 1 reply; 2+ messages in thread
From: Michael Thalmeier @ 2013-06-26 9:43 UTC (permalink / raw)
To: linux-can; +Cc: Wolfgang Grandegger, Hui Wang
Hi !
I have a weird problem with the flexcan driver on our i.MX28 board.
As soon as i configure the interface with "canconfig can0 bitrate 125000 start"
(or the equivalent ip command) I get the following segmentation fault in the driver:
[ 17.830000] Unhandled fault: external abort on non-linefetch (0x008) at 0xf5032048
[ 17.830000] Internal error: : 8 [#1] ARM
[ 17.830000] Modules linked in:
[ 17.830000] CPU: 0 Not tainted (3.6.0-00059-g867073b #226)
[ 17.830000] PC is at flexcan_chip_start+0x16c/0x204
[ 17.830000] LR is at flexcan_chip_start+0xd0/0x204
[ 17.830000] pc : [<c01de168>] lr : [<c01de0cc>] psr: 60000013
[ 17.830000] sp : cf76dae8 ip : 00000478 fp : 00000000
[ 17.830000] r10: c030f394 r9 : c0318430 r8 : 04000000
[ 17.830000] r7 : 00000000 r6 : f5032470 r5 : cf580000 r4 : f5032000
[ 17.830000] r3 : 00000004 r2 : 00000000 r1 : 00000047 r0 : f50323f0
[ 17.830000] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 17.830000] Control: 0005317f Table: 4f78c000 DAC: 00000015
[ 17.830000] Process canconfig (pid: 216, stack limit = 0xcf76c270)
[ 17.830000] Stack: (0xcf76dae8 to 0xcf76e000)
...
[ 17.830000] [<c01de168>] (flexcan_chip_start+0x16c/0x204) from [<c01de2ac>] (flexcan_open+0xac/0x140)
[ 17.830000] [<c01de2ac>] (flexcan_open+0xac/0x140) from [<c0270978>] (__dev_open+0xac/0x110)
[ 17.830000] [<c0270978>] (__dev_open+0xac/0x110) from [<c0270bac>] (__dev_change_flags+0x78/0x13c)
[ 17.830000] [<c0270bac>] (__dev_change_flags+0x78/0x13c) from [<c0270cdc>] (dev_change_flags+0x10/0x48)
[ 17.830000] [<c0270cdc>] (dev_change_flags+0x10/0x48) from [<c027ca08>] (do_setlink+0x338/0x858)
[ 17.830000] [<c027ca08>] (do_setlink+0x338/0x858) from [<c027ddbc>] (rtnl_newlink+0x2bc/0x46c)
[ 17.830000] [<c027ddbc>] (rtnl_newlink+0x2bc/0x46c) from [<c027d760>] (rtnetlink_rcv_msg+0x150/0x294)
[ 17.830000] [<c027d760>] (rtnetlink_rcv_msg+0x150/0x294) from [<c028a3f8>] (netlink_rcv_skb+0xbc/0xd8)
[ 17.830000] [<c028a3f8>] (netlink_rcv_skb+0xbc/0xd8) from [<c027c5f4>] (rtnetlink_rcv+0x18/0x24)
[ 17.830000] [<c027c5f4>] (rtnetlink_rcv+0x18/0x24) from [<c0289e20>] (netlink_unicast+0x1a4/0x208)
[ 17.830000] [<c0289e20>] (netlink_unicast+0x1a4/0x208) from [<c028a1dc>] (netlink_sendmsg+0x2b4/0x318)
[ 17.830000] [<c028a1dc>] (netlink_sendmsg+0x2b4/0x318) from [<c025ca74>] (sock_sendmsg+0x80/0xa0)
[ 17.830000] [<c025ca74>] (sock_sendmsg+0x80/0xa0) from [<c025d074>] (__sys_sendmsg+0x2a8/0x2c0)
[ 17.830000] [<c025d074>] (__sys_sendmsg+0x2a8/0x2c0) from [<c025e9b4>] (sys_sendmsg+0x3c/0x68)
[ 17.830000] [<c025e9b4>] (sys_sendmsg+0x3c/0x68) from [<c000e7e0>] (ret_fast_syscall+0x0/0x2c)
[ 17.830000] Code: e5847018 e595346c e5933000 e3130002 (05947048)
[ 17.830000] ---[ end trace 12de4c1559c67321 ]---
I have debugged this down to the following line in the flexcan driver in flexcan_chip_start:
if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
flexcan_write(0x0, ®s->rxfgmask);
As we have an i.MX28 board this line should not be executed, but it is as can be seen in the
objdump output:
gcc 4.7.2:
if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
50c: e598346c ldr r3, [r8, #1132] ; 0x46c
510: e5933000 ldr r3, [r3]
514: e3130002 tst r3, #2
return readl(addr);
}
static inline void flexcan_write(u32 val, void __iomem *addr)
{
writel(val, addr);
518: 15846048 strne r6, [r4, #72] ; 0x48
gcc 4.6.4:
if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
518: e595346c ldr r3, [r5, #1132] ; 0x46c
51c: e5933000 ldr r3, [r3]
520: e3130002 tst r3, #2
return readl(addr);
}
static inline void flexcan_write(u32 val, void __iomem *addr)
{
writel(val, addr);
524: 05947048 ldreq r7, [r4, #72] ; 0x48
528: e5847048 str r7, [r4, #72] ; 0x48
As you can see gcc 4.6.4 obviously produces wrong code that always writes this register.
What can I do best to prevent the compiler from thinking it is
safe to access that memory region.
Regards,
Michael
--
Scanned by MailScanner.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: flexcan gcc optimization bug
2013-06-26 9:43 flexcan gcc optimization bug Michael Thalmeier
@ 2013-06-26 10:16 ` Marc Kleine-Budde
0 siblings, 0 replies; 2+ messages in thread
From: Marc Kleine-Budde @ 2013-06-26 10:16 UTC (permalink / raw)
To: Michael Thalmeier; +Cc: linux-can, Wolfgang Grandegger, Hui Wang
[-- Attachment #1: Type: text/plain, Size: 4885 bytes --]
On 06/26/2013 11:43 AM, Michael Thalmeier wrote:
> Hi !
>
> I have a weird problem with the flexcan driver on our i.MX28 board.
> As soon as i configure the interface with "canconfig can0 bitrate 125000 start"
> (or the equivalent ip command) I get the following segmentation fault in the driver:
>
> [ 17.830000] Unhandled fault: external abort on non-linefetch (0x008) at 0xf5032048
> [ 17.830000] Internal error: : 8 [#1] ARM
> [ 17.830000] Modules linked in:
> [ 17.830000] CPU: 0 Not tainted (3.6.0-00059-g867073b #226)
> [ 17.830000] PC is at flexcan_chip_start+0x16c/0x204
> [ 17.830000] LR is at flexcan_chip_start+0xd0/0x204
> [ 17.830000] pc : [<c01de168>] lr : [<c01de0cc>] psr: 60000013
> [ 17.830000] sp : cf76dae8 ip : 00000478 fp : 00000000
> [ 17.830000] r10: c030f394 r9 : c0318430 r8 : 04000000
> [ 17.830000] r7 : 00000000 r6 : f5032470 r5 : cf580000 r4 : f5032000
> [ 17.830000] r3 : 00000004 r2 : 00000000 r1 : 00000047 r0 : f50323f0
> [ 17.830000] Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
> [ 17.830000] Control: 0005317f Table: 4f78c000 DAC: 00000015
> [ 17.830000] Process canconfig (pid: 216, stack limit = 0xcf76c270)
> [ 17.830000] Stack: (0xcf76dae8 to 0xcf76e000)
> ...
> [ 17.830000] [<c01de168>] (flexcan_chip_start+0x16c/0x204) from [<c01de2ac>] (flexcan_open+0xac/0x140)
> [ 17.830000] [<c01de2ac>] (flexcan_open+0xac/0x140) from [<c0270978>] (__dev_open+0xac/0x110)
> [ 17.830000] [<c0270978>] (__dev_open+0xac/0x110) from [<c0270bac>] (__dev_change_flags+0x78/0x13c)
> [ 17.830000] [<c0270bac>] (__dev_change_flags+0x78/0x13c) from [<c0270cdc>] (dev_change_flags+0x10/0x48)
> [ 17.830000] [<c0270cdc>] (dev_change_flags+0x10/0x48) from [<c027ca08>] (do_setlink+0x338/0x858)
> [ 17.830000] [<c027ca08>] (do_setlink+0x338/0x858) from [<c027ddbc>] (rtnl_newlink+0x2bc/0x46c)
> [ 17.830000] [<c027ddbc>] (rtnl_newlink+0x2bc/0x46c) from [<c027d760>] (rtnetlink_rcv_msg+0x150/0x294)
> [ 17.830000] [<c027d760>] (rtnetlink_rcv_msg+0x150/0x294) from [<c028a3f8>] (netlink_rcv_skb+0xbc/0xd8)
> [ 17.830000] [<c028a3f8>] (netlink_rcv_skb+0xbc/0xd8) from [<c027c5f4>] (rtnetlink_rcv+0x18/0x24)
> [ 17.830000] [<c027c5f4>] (rtnetlink_rcv+0x18/0x24) from [<c0289e20>] (netlink_unicast+0x1a4/0x208)
> [ 17.830000] [<c0289e20>] (netlink_unicast+0x1a4/0x208) from [<c028a1dc>] (netlink_sendmsg+0x2b4/0x318)
> [ 17.830000] [<c028a1dc>] (netlink_sendmsg+0x2b4/0x318) from [<c025ca74>] (sock_sendmsg+0x80/0xa0)
> [ 17.830000] [<c025ca74>] (sock_sendmsg+0x80/0xa0) from [<c025d074>] (__sys_sendmsg+0x2a8/0x2c0)
> [ 17.830000] [<c025d074>] (__sys_sendmsg+0x2a8/0x2c0) from [<c025e9b4>] (sys_sendmsg+0x3c/0x68)
> [ 17.830000] [<c025e9b4>] (sys_sendmsg+0x3c/0x68) from [<c000e7e0>] (ret_fast_syscall+0x0/0x2c)
> [ 17.830000] Code: e5847018 e595346c e5933000 e3130002 (05947048)
> [ 17.830000] ---[ end trace 12de4c1559c67321 ]---
>
> I have debugged this down to the following line in the flexcan driver in flexcan_chip_start:
>
> if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
> flexcan_write(0x0, ®s->rxfgmask);
>
> As we have an i.MX28 board this line should not be executed, but it is as can be seen in the
> objdump output:
>
> gcc 4.7.2:
>
> if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
> 50c: e598346c ldr r3, [r8, #1132] ; 0x46c
> 510: e5933000 ldr r3, [r3]
> 514: e3130002 tst r3, #2
> return readl(addr);
> }
>
> static inline void flexcan_write(u32 val, void __iomem *addr)
> {
> writel(val, addr);
> 518: 15846048 strne r6, [r4, #72] ; 0x48
>
>
> gcc 4.6.4:
>
> if (priv->devtype_data->features & FLEXCAN_HAS_V10_FEATURES)
> 518: e595346c ldr r3, [r5, #1132] ; 0x46c
> 51c: e5933000 ldr r3, [r3]
> 520: e3130002 tst r3, #2
> return readl(addr);
> }
>
> static inline void flexcan_write(u32 val, void __iomem *addr)
> {
> writel(val, addr);
> 524: 05947048 ldreq r7, [r4, #72] ; 0x48
> 528: e5847048 str r7, [r4, #72] ; 0x48
>
>
> As you can see gcc 4.6.4 obviously produces wrong code that always writes this register.
>
> What can I do best to prevent the compiler from thinking it is
> safe to access that memory region.
Update your compiler.
See: http://www.spinics.net/lists/arm-kernel/msg193914.html
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52445
Marc
--
Pengutronix e.K. | Marc Kleine-Budde |
Industrial Linux Solutions | Phone: +49-231-2826-924 |
Vertretung West/Dortmund | Fax: +49-5121-206917-5555 |
Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 259 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-06-26 10:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-26 9:43 flexcan gcc optimization bug Michael Thalmeier
2013-06-26 10:16 ` Marc Kleine-Budde
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).