Cesar Eduardo Barros escreveu:
Cesar Eduardo Barros escreveu:
[21474554.520000] Unable to handle kernel NULL pointer dereference at
virtual address 00000004
[...]
Finally fixed this:
[EMAIL PROTECTED]:~# mount
rootfs on / type rootfs (rw)
/dev/root on / type jffs2 (rw,noatime)
proc on /proc type proc (rw)
tmpfs on /mnt/.exquisite type tmpfs (rw,size=40k)
sysfs on /sys type sysfs (rw)
/dev/root on /dev/.static/dev type jffs2 (rw)
udev on /dev type tmpfs (rw,size=2048k,mode=755)
/dev/mmcblk0p1 on /media/card type vfat
(rw,fmask=0022,dmask=0022,codepage=cp437,iocharset=iso8859-1)
tmpfs on /var/volatile type tmpfs (rw,mode=755)
tmpfs on /dev/shm type tmpfs (rw,mode=777)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
[EMAIL PROTECTED]:~# uname -a
Linux om-gta01 2.6.26-mokodev #9 PREEMPT Sat Aug 9 19:34:28 BRT 2008
armv4tl unknown
This was not a bug, it was a series of bugs.
Looking at the assembly code, the oops happens at the first
mmc_set_ios(host) within mmc_power_up(). For some reason, host->ops is
NULL.
The only possible call path I can imagine for that is s3cmci_irq_cd
getting called before host->ops is set, thus calling mmc_detect_change()
which will schedule host->detect which is mmc_rescan.
The first bug was this one, which was obvious on the oops output. But
why didn't it happen before, since the code was always there? The answer
would be that, as one would suspect, usually that code isn't preempted
until well after everything is set up. The real reason it was happening
became obvious once that initialization ordering bug was fixed (first
two patches of this series): the oops disappeared, but still nothing
happened. The driver had been failing its initialization the whole time!
What happened was that, due to a change on the return value of
s3c2410_dma_request (see commit
3886ff5f63f33c801ed3af265ac0df20d3a8dcf5, cherry picked as the third
patch of this series), s3cmci_probe was erroneously considering a
successful return as a failure, and going through the error path.
However, by this time host->detect has already been scheduled. Another
mistake (fixed by commit 2de5f79d4dfcb1be16f0b873bc77d6ec74b0426d,
cherry picked as the fourth commit of this series) made the delay before
it finally executes longer, making it happen in the long pause just
before "VFS: Mounted root (jffs2 filesystem)." (the real bug was before
that pause, as can be seen by the attached dmesg). When it finally
executed, it was not only following a NULL pointer, it was following a
NULL pointer in a structure which had already been freed!
The patch has been very lightly tested (it boots, 2007.2 automounts the
card, and a ls -la /media/card shows expected values). I haven't tried
writing or stress-testing it yet.
Given all that, I wonder whether it would be better to keep the current
driver or to backport the 2.6.27 driver (applying whatever extra patches
are needed; the first two patches of this series, for instance, should
still be needed in some form).
--
Cesar Eduardo Barros
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[ 0.000000] Linux version 2.6.26-mokodev ([EMAIL PROTECTED]) (gcc version
4.1.2) #9 PREEMPT Sat Aug 9 19:34:28 BRT 2008
[ 0.000000] CPU: ARM920T [41129200] revision 0 (ARMv4T), cr=c0007177
[ 0.000000] Machine: GTA01
[ 0.000000] Memory policy: ECC disabled, Data cache writeback
[ 0.000000] On node 0 totalpages: 32768
[ 0.000000] DMA zone: 256 pages used for memmap
[ 0.000000] DMA zone: 0 pages reserved
[ 0.000000] DMA zone: 32512 pages, LIFO batch:7
[ 0.000000] Normal zone: 0 pages used for memmap
[ 0.000000] Movable zone: 0 pages used for memmap
[ 0.000000] CPU S3C2410A (id 0x32410002)
[ 0.000000] S3C2410: core 266.000 MHz, memory 133.000 MHz, peripheral 66.500
MHz
[ 0.000000] S3C24XX Clocks, (c) 2004 Simtec Electronics
[ 0.000000] CLOCK: Slow mode (1.500 MHz), fast, MPLL on, UPLL on
[ 0.000000] CPU0: D VIVT write-back cache
[ 0.000000] CPU0: I cache: 16384 bytes, associativity 64, 32 byte lines, 8
sets
[ 0.000000] CPU0: D cache: 16384 bytes, associativity 64, 32 byte lines, 8
sets
[21474536.480000] Built 1 zonelists in Zone order, mobility grouping on. Total
pages: 32512
[21474536.480000] Kernel command line: rootfstype=jffs2 root=/dev/mtdblock4
console=ttySAC0,115200 console=tty0 loglevel=8
mtdparts=neo1973-nand:0x00040000(u-boot),0x00004000(u-boot_env),0x00200000(kernel),0x000a0000(splash),0x03d1c000(rootfs)
[21474536.480000] irq: clearing pending ext status 000002e0
[21474536.480000] irq: clearing pending ext status 000002a0
[21474536.480000] irq: clearing subpending status 00000002
[21474536.480000] PID hash table entries: 512 (order: 9, 2048 bytes)
[21474536.480000] pclk = 66500000
[21474536.480000] timer_usec_ticks = 5913
[21474536.480000] timer tcon=00500000, tcnt d877, tcfg 00000200,00000000, usec
00001719
[21474536.485000] Console: colour dummy device 80x30
[21474536.485000] console [tty0] enabled
[21474536.495000] console [ttySAC0] enabled
[21474536.500000] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc.,
Ingo Molnar
[21474536.505000] ... MAX_LOCKDEP_SUBCLASSES: 8
[21474536.510000] ... MAX_LOCK_DEPTH: 48
[21474536.515000] ... MAX_LOCKDEP_KEYS: 2048
[21474536.520000] ... CLASSHASH_SIZE: 1024
[21474536.525000] ... MAX_LOCKDEP_ENTRIES: 8192
[21474536.530000] ... MAX_LOCKDEP_CHAINS: 16384
[21474536.535000] ... CHAINHASH_SIZE: 8192
[21474536.540000] memory used by lock dependency info: 1024 kB
[21474536.545000] per task-struct memory footprint: 3072 bytes
[21474536.550000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[21474536.555000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[21474536.585000] Memory: 128MB = 128MB total
[21474536.585000] Memory: 123392KB available (3716K code, 2603K data, 140K init)
[21474536.595000] Calibrating delay loop... 131.89 BogoMIPS (lpj=329728)
[21474536.705000] Mount-cache hash table entries: 512
[21474536.715000] CPU: Testing write buffer coherency: ok
[21474536.730000] khelper used greatest stack depth: 6564 bytes left
[21474536.740000] net_namespace: 704 bytes
[21474536.755000] NET: Registered protocol family 16
[21474536.810000] S3C2410 Power Management, (c) 2004 Simtec Electronics
[21474536.815000] GSM wakeup interrupt (IRQ 17)
[21474536.820000] wake enabled for irq 17
[21474536.825000] Enabled GSM wakeup IRQ 17 (rc=0)
[21474536.830000] S3C2410: Initialising architecture
[21474536.835000] S3C24XX DMA Driver, (c) 2003-2004,2006 Simtec Electronics
[21474536.840000] DMA channel 0 at c8800000, irq 33
[21474536.845000] DMA channel 1 at c8800040, irq 34
[21474536.850000] DMA channel 2 at c8800080, irq 35
[21474536.855000] DMA channel 3 at c88000c0, irq 36
[21474536.950000] Linux Plug and Play Support v0.97 (c) Adam Belay
[21474536.965000] SCSI subsystem initialized
[21474536.980000] usbcore: registered new interface driver usbfs
[21474536.990000] usbcore: registered new interface driver hub
[21474537.000000] usbcore: registered new device driver usb
[21474537.030000] khelper used greatest stack depth: 6252 bytes left
[21474537.060000] Bluetooth: Core ver 2.11
[21474537.070000] NET: Registered protocol family 31
[21474537.070000] Bluetooth: HCI device and connection manager initialized
[21474537.075000] Bluetooth: HCI socket layer initialized
[21474537.080000] pnp: the driver 'system' has been registered
[21474537.110000] NET: Registered protocol family 2
[21474537.165000] IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
[21474537.180000] TCP established hash table entries: 4096 (order: 3, 32768
bytes)
[21474537.185000] TCP bind hash table entries: 4096 (order: 5, 147456 bytes)
[21474537.190000] TCP: Hash tables configured (established 4096 bind 4096)
[21474537.195000] TCP reno registered
[21474537.215000] NET: Registered protocol family 1
[21474537.230000] NetWinder Floating Point Emulator V0.97 (double precision)
[21474537.275000] JFFS2 version 2.2. (NAND) (SUMMARY) © 2001-2006 Red Hat,
Inc.
[21474537.285000] msgmni has been set to 241
[21474537.290000] io scheduler noop registered
[21474537.290000] io scheduler deadline registered (default)
[21474537.355000] Console: switching to colour frame buffer device 80x58
[21474537.380000] fb0: s3c2410fb frame buffer device
[21474537.425000] s3c2410-uart.0: s3c2410_serial0 at MMIO 0x50000000 (irq = 70)
is a S3C2410
[21474537.435000] s3c2410-uart.1: s3c2410_serial1 at MMIO 0x50004000 (irq = 73)
is a S3C2410
[21474537.535000] brd: module loaded
[21474537.550000] Driver 'sd' needs updating - please use bus_type methods
[21474537.555000] Driver 'sr' needs updating - please use bus_type methods
[21474537.575000] S3C24XX NAND Driver, (c) 2004 Simtec Electronics
[21474537.585000] s3c2410-nand s3c2410-nand: Tacls=3, 22ns Twrph0=8 60ns,
Twrph1=3 22ns
[21474537.590000] NAND device: Manufacturer ID: 0xec, Chip ID: 0x76 (Samsung
NAND 64MiB 3,3V 8-bit)
[21474537.595000] s3c2410_nand_update_chip: chip c7fddcbc: 9
[21474537.605000] Bad block table found at page 131040, version 0x01
[21474537.610000] Bad block table found at page 131008, version 0x01
[21474537.615000] 5 cmdlinepart partitions found on MTD device neo1973-nand
[21474537.620000] Creating 5 MTD partitions on "neo1973-nand":
[21474537.625000] 0x00000000-0x00040000 : "u-boot"
[21474537.640000] 0x00040000-0x00044000 : "u-boot_env"
[21474537.655000] 0x00044000-0x00244000 : "kernel"
[21474537.670000] 0x00244000-0x002e4000 : "splash"
[21474537.685000] 0x002e4000-0x04000000 : "rootfs"
[21474537.705000] spi_s3c24xx_gpio spi_s3c24xx_gpio.1: registering c03d2e90:
jbt6k74
[21474537.735000] ohci_hcd: 2006 August 04 USB 1.1 'Open' Host Controller
(OHCI) Driver
[21474537.740000] s3c2410-ohci s3c2410-ohci: S3C24XX OHCI
[21474537.750000] s3c2410-ohci s3c2410-ohci: new USB bus registered, assigned
bus number 1
[21474537.755000] s3c2410-ohci s3c2410-ohci: irq 42, io mem 0x49000000
[21474537.820000] usb usb1: configuration #1 chosen from 1 choice
[21474537.830000] hub 1-0:1.0: USB hub found
[21474537.835000] hub 1-0:1.0: 2 ports detected
[21474537.955000] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
[21474537.960000] usb usb1: New USB device strings: Mfr=3, Product=2,
SerialNumber=1
[21474537.965000] usb usb1: Product: S3C24XX OHCI
[21474537.970000] usb usb1: Manufacturer: Linux 2.6.26-mokodev ohci_hcd
[21474537.975000] usb usb1: SerialNumber: s3c24xx
[21474537.985000] usbcore: registered new interface driver cdc_acm
[21474537.990000] cdc_acm: v0.26:USB Abstract Control Model driver for USB
modems and ISDN adapters
[21474537.995000] Initializing USB Mass Storage driver...
[21474538.000000] usbcore: registered new interface driver usb-storage
[21474538.005000] USB Mass Storage support registered.
[21474538.010000] usbcore: registered new interface driver libusual
[21474538.020000] usbcore: registered new interface driver usbserial
[21474538.025000] usbserial: USB Serial support registered for generic
[21474538.035000] usbcore: registered new interface driver usbserial_generic
[21474538.040000] usbserial: USB Serial Driver core
[21474538.050000] usbserial: USB Serial support registered for GSM modem
(1-port)
[21474538.060000] usbcore: registered new interface driver option
[21474538.065000] option: USB Driver for GSM modems: v0.7.2
[21474538.080000] gta01_udc_command(2)
[21474538.095000] ether gadget: using random self ethernet address
[21474538.100000] ether gadget: using random host ethernet address
[21474538.115000] usb0: Ethernet Gadget, version: May Day 2005
[21474538.120000] usb0: using s3c2410_udc, OUT ep2-bulk IN ep1-bulk STATUS
ep3-bulk
[21474538.125000] usb0: MAC 1a:d7:53:d4:f7:36
[21474538.130000] usb0: HOST MAC 16:f2:8e:9f:76:f4
[21474538.135000] usb0: RNDIS ready
[21474538.140000] gta01_udc_command(1)
[21474538.150000] mice: PS/2 mouse device common for all mice
[21474538.160000] input: Neo1973 Buttons as /class/input/input0
[21474538.195000] wake enabled for irq 50
[21474538.200000] wake enabled for irq 48
[21474538.215000] s3c2410-ts s3c2410-ts: successfully loaded
[21474538.225000] input: s3c2410 TouchScreen as /class/input/input1
[21474538.255000] i2c /dev entries driver
[21474538.265000] s3c2410-i2c s3c2410-i2c: slave address 0x10
[21474538.270000] s3c2410-i2c s3c2410-i2c: bus frequency set to 377 KHz
[21474538.285000] s3c2410-i2c s3c2410-i2c: i2c-0: S3C I2C adapter
[21474538.315000] input: FIC Neo1973 PMU events as /class/input/input2
[21474538.385000] wake enabled for irq 53
[21474538.395000] pcf50606: dev (254:0)
[21474538.400000] pcf50606 0-0008: rtc core: registered pcf50606 as rtc0
[21474538.410000] neo1973-pm-bt neo1973-pm-bt.0: FIC Neo1973 Bluetooth Power
Management: starting
[21474538.545000] pcf50633_attach_adapter: entering, calling i2c_probe
[21474538.560000] APM Battery Driver
[21474538.570000] Bluetooth: HCI USB driver ver 2.9
[21474538.580000] usbcore: registered new interface driver hci_usb
[21474538.590000] mmc_set_power(power_mode=0, vdd=0)
[21474538.595000] s3c2410-sdi s3c2410-sdi: powered down.
[21474538.600000] s3c2410-sdi s3c2410-sdi: initialisation done.
[21474538.620000] pnp: the driver 'sdio_wlan' has been registered
[21474538.635000] Registered led device: neo1973:vibrator
[21474538.650000] usbcore: registered new interface driver usbhid
[21474538.655000] usbhid: v2.6:USB HID core driver
[21474538.660000] Advanced Linux Sound Architecture Driver Version 1.0.16.
[21474538.670000] ASoC version 0.13.2
[21474538.675000] Entered neo1973_init
[21474538.685000] wm8753: WM8753 Audio Codec 0.16
[21474538.715000] asoc: WM8753 HiFi <-> s3c24xx-i2s mapping ok
[21474538.725000] asoc: WM8753 Voice <-> Bluetooth mapping ok
[21474538.960000] Only GTA02 hardware supported by ASoc driver
[21474538.965000] ALSA device list:
[21474538.970000] #0: neo1973 (WM8753)
[21474538.990000] TCP cubic registered
[21474538.995000] NET: Registered protocol family 17
[21474539.000000] Bridge firewalling registered
[21474539.005000] Bluetooth: L2CAP ver 2.9
[21474539.010000] Bluetooth: L2CAP socket layer initialized
[21474539.015000] Bluetooth: SCO (Voice Link) ver 0.5
[21474539.020000] Bluetooth: SCO socket layer initialized
[21474539.025000] Bluetooth: RFCOMM socket layer initialized
[21474539.030000] Bluetooth: RFCOMM TTY layer initialized
[21474539.035000] Bluetooth: RFCOMM ver 1.8
[21474539.040000] Bluetooth: BNEP (Ethernet Emulation) ver 1.2
[21474539.045000] Bluetooth: BNEP filters: protocol multicast
[21474539.050000] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[21474539.085000] mmc_set_power(power_mode=1, vdd=20)
[21474539.090000] s3c2410-sdi s3c2410-sdi: running at 0kHz (requested: 0kHz).
[21474539.100000] mmc_set_power(power_mode=2, vdd=20)
[21474539.105000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.115000] mmc_set_power(power_mode=2, vdd=20)
[21474539.120000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.125000] mmc_set_power(power_mode=2, vdd=20)
[21474539.130000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.145000] mmc_set_power(power_mode=2, vdd=20)
[21474539.155000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.160000] mmc_set_power(power_mode=2, vdd=20)
[21474539.165000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.175000] mmc_set_power(power_mode=2, vdd=20)
[21474539.180000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474539.185000] pcf50606 0-0008: setting system clock to 2008-08-02 03:32:00
UTC (1217647920)
[21474556.025000] VFS: Mounted root (jffs2 filesystem).
[21474556.030000] Freeing init memory: 140K
[21474556.065000] khelper used greatest stack depth: 5456 bytes left
[21474556.095000] mmc_set_power(power_mode=2, vdd=20)
[21474556.100000] s3c2410-sdi s3c2410-sdi: running at 130kHz (requested:
129kHz).
[21474556.115000] mmc_set_power(power_mode=2, vdd=20)
[21474556.120000] s3c2410-sdi s3c2410-sdi: running at 16625kHz (requested:
25000kHz).
[21474556.125000] mmc_set_power(power_mode=2, vdd=20)
[21474556.135000] s3c2410-sdi s3c2410-sdi: running at 16625kHz (requested:
25000kHz).
[21474556.140000] mmc0: new SD card at address e624
[21474556.150000] mmcblk0: mmc0:e624 SU512 495488KiB
[21474556.155000] mmcblk0: p1
[21474557.115000] PM: Removing info for No Bus:vcs1
[21474557.125000] PM: Removing info for No Bus:vcsa1
[21474557.145000] PM: Removing info for No Bus:vcs1
[21474557.160000] PM: Removing info for No Bus:vcsa1
[21474557.370000] PM: Removing info for No Bus:vcs1
[21474557.385000] PM: Removing info for No Bus:vcsa1
[21474557.405000] PM: Removing info for No Bus:vcs1
[21474557.420000] PM: Removing info for No Bus:vcsa1
[21474557.455000] PM: Removing info for No Bus:vcs1
[21474557.465000] PM: Removing info for No Bus:vcsa1
[21474558.145000] mount used greatest stack depth: 5384 bytes left
[21474562.980000] exquisite-write used greatest stack depth: 5336 bytes left
[21474566.195000] udevd used greatest stack depth: 5296 bytes left
[21474570.675000] udevtrigger used greatest stack depth: 5216 bytes left
[21474585.705000] FAT: bogus number of reserved sectors
[21474585.705000] VFS: Can't find a valid FAT filesystem on dev mmcblk0.
[21474585.715000] FAT: bogus number of reserved sectors
[21474585.720000] VFS: Can't find a valid FAT filesystem on dev mmcblk0.
[21474607.950000] rc used greatest stack depth: 5072 bytes left
[21474623.045000] GSM wakeup interrupt (IRQ 17)
[21474627.425000] SysRq : HELP : loglevel0-8 reBoot Crashdump show-all-locks(D)
tErm Full kIll saK showMem Nice powerOff showPc show-all-timers(Q) unRaw Sync
showTasks Unmount shoW-blocked-tasks
[21474634.420000] mapped channel 10 to 2
[21474637.280000] PM: Removing info for No Bus:vcs2
[21474637.280000] PM: Removing info for No Bus:vcsa2
[21474643.065000] settings-daemon used greatest stack depth: 4928 bytes left
[21474657.675000] Alignment trap: phone-kit (1406) PC=0x00011d9c
Instr=0xe5970008 Address=0xbe96e537 FSR 0x013
[21474690.640000] usb0: full speed config #1: 500 mA, Ethernet Gadget, using
CDC Ethernet
[21474690.645000] udc: enabling fast charge
