From: Jun Sun <jsun@mvista.com>
To: Craig Mautner <craig.mautner@alumni.ucsd.edu>
Cc: linux-mips@linux-mips.org, jsun@mvista.com
Subject: Re: schedule() BUG
Date: Wed, 1 Oct 2003 16:50:23 -0700 [thread overview]
Message-ID: <20031001165023.A26517@mvista.com> (raw)
In-Reply-To: <JKEMLDJFFLGLICKLLEFJMEEOCOAA.craig.mautner@alumni.ucsd.edu>; from craig.mautner@alumni.ucsd.edu on Fri, Sep 12, 2003 at 11:04:16AM -0700
On Fri, Sep 12, 2003 at 11:04:16AM -0700, Craig Mautner wrote:
> We are using mips-linux 2.4.17, gcc 3.2.1 (MontaVista) and crashing in
> schedule():
>
> Unable to handle kernel paging request at virtual address 00000000, epc ==
> 800153c0, ra == 800153c0
> $0 : 00000000 9001f800 0000001b 00000000 0000001a 83f56000 8298f4a0 0000001f
> $8 : 00000001 ffffe2e0 000022e0 00000000 fffffff9 ffffffff 0000000a 00000002
> $16: 00000000 00000000 82af0000 8298f4a0 83f56000 00000000 80008000 00000000
> $24: 82af1dc2 00000002 82af0000 82af1ef8 82af1ef8 800153c0
> epc : 800153c0 Not tainted
>
> The code is:
>
> {
> struct mm_struct *mm = next->mm;
> struct mm_struct *oldmm = prev->active_mm;
> if (!mm) {
> if (next->active_mm) BUG(); <- this is where we crash
> next->active_mm = oldmm;
> atomic_inc(&oldmm->mm_count);
> enter_lazy_tlb(oldmm, next, this_cpu);
> }
> .
> .
> .
>
> This seems to happen in our case when 'next' points to 'kswapd' although we
> think it could happen when switching to any kernel task (i.e. those tasks
> with mm==NULL).
>
> We think the culprit is that we are taking an interrupt and rescheduling
> while at a vulnerable point in 'schedule()'. Interrupts are enabled in line
> 743. If we get an interrupt any time after line 785:
>
> next->active_mm = oldmm;
>
> but before line 806
>
> __schedule_tail()
>
> completes the swap, the interrupt can force 'schedule()' to be reentered via
> 'ret_from_intr()'.
>
> If so, 'kswapd's 'active_mm' field will be left non-zero, but 'current' will
> not have been set to point to 'kswapd'. The next time 'schedule()' tries to
> switch to 'kswapd', 'next' points to 'kswapd', and
>
> next->mm == NULL
> next->active_mm != NULL
>
> which is detected as an invalid state, so we hit the BUG.
>
> Some questions:
> Are we looking at this correctly?
> Has anyone ever seen this before?
> Is there a published fix?
>
> Thanks,
>
> -Craig
>
This is an known problem. Please try the attached patch.
On R5432 CPU, there is also an hardware bug which can cause the same
problem. Please double-check vec3_generic to see if workaround is
at the beginning of the handler.
BTW, 2.4.17 is an old kernel. You really need to upgrade.
Jun
next prev parent reply other threads:[~2003-10-01 23:50 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-12 18:04 schedule() BUG Craig Mautner
2003-09-12 18:04 ` Craig Mautner
2003-09-13 16:30 ` Craig Mautner
2003-09-13 16:30 ` Craig Mautner
2003-09-15 18:59 ` Craig Mautner
2003-09-15 18:59 ` Craig Mautner
2003-10-01 23:50 ` Jun Sun [this message]
2003-10-02 0:09 ` Ralf Baechle
2003-10-02 0:39 ` Jun Sun
2003-10-02 4:28 ` Daniel Jacobowitz
[not found] <FJEIIOCBFAIOIDNKLPFJCECODAAA.koji.kawachi@pioneer-pdt.com>
2003-10-07 2:05 ` Steve Scott
2003-10-07 2:05 ` Steve Scott
2003-10-08 16:29 ` Ralf Baechle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031001165023.A26517@mvista.com \
--to=jsun@mvista.com \
--cc=craig.mautner@alumni.ucsd.edu \
--cc=linux-mips@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox