[U-Boot] crash in usb_stor_get_info using pre-relocation address for ss->transport

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Albert ARIBAUD <albert.u.boot@aribaud.net>
To: u-boot@lists.denx.de
Subject: [U-Boot] crash in usb_stor_get_info using pre-relocation address for ss->transport
Date: Thu, 13 Jun 2013 13:24:08 +0200	[thread overview]
Message-ID: <20130613132408.2dc61ac5@lilith> (raw)
In-Reply-To: <51B99CCA.9090608@gmail.com>

Hi Chris,

On Thu, 13 Jun 2013 22:19:54 +1200, Chris Packham
<judge.packham@gmail.com> wrote:

> Hi Albert,
> 
> On 13/06/13 17:43, Albert ARIBAUD wrote:
> > Hi Chris,
> > 
> > On Thu, 13 Jun 2013 13:16:17 +1200, Chris Packham
> > <judge.packham@gmail.com> wrote:
> > 
> >> On Thu, Jun 13, 2013 at 12:02 PM, Chris Packham <judge.packham@gmail.com> wrote:
> >>> Hi,
> >>>
> >>> I've just found a crash in usb_stor_get_info (actually usb_inquiry
> >>> which gets auto-inlined). The cause seems to be that ss->transport is
> >>> set to the pre-relocation address of usb_stor_BBB_transport. Yet
> >>> ss->transport_reset is set to the correct relocated address of.
> >>>
> >>> The difference between the two is that usb_stor_BBB_reset is declared
> >>> static and usb_stor_BBB_transport is not. Changing
> >>> usb_stor_BBB_transport to a static makes things work but I notice that
> >>> none of the other transport functions are static either so I'm
> >>> thinking I haven't actually fixed the problem rather just masked it.
> >>
> >> Actually I see commit 199adb60 (common/misc: sparse fixes) does change
> >> the transport functions to static. Which is the change I was looking
> >> at. I still don't know if it is fixing a problem or masking a
> >> different one but this is probably why no-one else is complaining that
> >> their usb mass storage devices are causing crashes. I'll cherry-pick
> >> this to fix my problem.
> >>
> >>>
> >>> I did  some poking with a lauterbach and from the disassembly it looks
> >>> like there is a translation table being used when the function
> >>> pointers are setup by usb_storage_probe and when declared normally
> >>> usb_stor_BBB_transport ends up at the end. Everything else has the
> >>> correct relocated address so I wonder if there is an off-by-one error
> >>> in whatever creates that table.
> > 
> > Can you elaborate? The only relocation-related table that I know of is
> > the one used in relocate_code(), and no other relocation-fix table
> > exists or is used anywhere else.
> > 
> >>> Does this sound familiar to anyone.
> > 
> > Familiar, no, but it does set in my mind, if not a blaring alarm with
> > flashing beacons, at least a blinking red light with a beep, so let's
> > analyize this.
> > 
> > Amicalement,
> > 
> 
> I'm at home right now so I don't have the board in front of me. Here's
> some disassembly that gdb gives me
> 
> int usb_stor_BBB_transport(); (without 199adb60)
> 
> 1272            case US_PR_BULK:
> 1273                    USB_STOR_PRINTF("Bulk/Bulk/Bulk\n");
> 1274                    ss->transport = usb_stor_BBB_transport;
>    0xfffa9780 <+208>:   lwz     r0,-4(r30)
>    0xfffa9784 <+212>:   stw     r0,48(r31)
> 
> 1275                    ss->transport_reset = usb_stor_BBB_reset;
>    0xfffa9788 <+216>:   lwz     r0,-4268(r30)
>    0xfffa978c <+220>:   b       0xfffa9770 <usb_storage_probe+192>
> 
> 1276                    break;
> 
> static int usb_stor_BBB_transport(); (with 199adb60)
> 
> 1261            case US_PR_CB:
> 1262                    USB_STOR_PRINTF("Control/Bulk\n");
> 1263                    ss->transport = usb_stor_CB_transport;
>    0xfffa9608 <+180>:   lwz     r0,-4240(r30)
>    0xfffa960c <+184>:   stw     r0,48(r31)
> 
> 1264                    ss->transport_reset = usb_stor_CB_reset;
>    0xfffa9610 <+188>:   lwz     r0,-4248(r30)
>    0xfffa9614 <+192>:   stw     r0,44(r31)
> 
> 1265                    break;
> 
> So r30 is the table thing I was talking about. I'm assuming it's
> something maintained by the compiler/linker. From memory -4(r30) was
> 0xfffaabcd everything else (including -4268(r30)) seemed to be the
> relocated address for various symbols, hence my comment about a possible
> off-by-one in whatever maintains that table.
> 
> Because it's probably relevant here are my compiler details
>   $ powerpc-e500-linux-gnu-gcc --version
>   powerpc-e500-linux-gnu-gcc (Gentoo 4.6.3-r1 p1.9, pie-0.5.2) 4.6.3
> 
> When I get back to work tomorrow I can post a dump of r30 from a running
> system.

So that's PPC. Maybe PPC does manual fixing -- I was being ARM-centric
there.

Amicalement,
-- 
Albert.

next prev parent reply	other threads:[~2013-06-13 11:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-13  0:02 [U-Boot] crash in usb_stor_get_info using pre-relocation address for ss->transport Chris Packham
2013-06-13  1:16 ` Chris Packham
2013-06-13  5:43   ` Albert ARIBAUD
2013-06-13 10:19     ` Chris Packham
2013-06-13 11:24       ` Albert ARIBAUD [this message]
2013-06-13 22:48         ` Chris Packham
2013-06-14  2:21           ` Chris Packham

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130613132408.2dc61ac5@lilith \
    --to=albert.u.boot@aribaud.net \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox