Re: Fatal kernel mode data abort: 'Translation Fault (S)'

[Jun Ebihara <jun%soum.co.jp@localhost>]

Many thanx for your report and PR!

[fixed and closed: panic when attaching vcaudio on raspberry pi]
http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=48287

Diff for /src/sys/external/bsd/vchiq/dist/interface/vchiq_arm/vchiq_arm.c 
between version 1.6 and 1.7
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/external/bsd/vchiq/dist/interface/vchiq_arm/vchiq_arm.c.diff?r1=1.6&r2=1.7&only_with_tag=MAIN&f=h

From: Takahiro HAYASHI <t-hash%abox3.so-net.ne.jp@localhost>
Subject: Re: Fatal kernel mode data abort: 'Translation Fault (S)'
Date: Tue, 08 Oct 2013 18:33:52 +0900

> Hi,
> 
> I sent PR about this problem, but that mail has been deferred
> more than 14 hours prolly due to greylisting.
> 
> --- from here
>>Submitter-Id: net
>>Originator:   
>>Organization:
>>Confidential: no
>>Synopsis:     panic when attaching vcaudio on raspberry pi
>>Severity:     non-critical
>>Priority:     low
>>Category:     port-ebvarm
>>Class:                sw-bug
>>Release:      NetBSD 6.99.24
>>Environment:
> System: NetBSD rpi 6.99.24 NetBSD 6.99.24 (MYRPI) #13: Mon Oct  7 16:00:16 
> JST 2013  root@halt:/usr/build2/obj.evbarm/sys/arch/evbarm/compile/MYRPI 
> evbarm
> Architecture: arm
> Machine: evbarm
>>Description:
>       Kernel panics when attaching vcaudio at boot on Raspberry Pi.
> 
>       The vchiq code uses curlwp pointer as client_id instead of pid,
>       then client_id is now expressed as 11 digits in signed decimal
>       (e.g. -1045735424 in my rpi).
>       In function vchiq_use_internal() this client_id is sprintf'ed
>       into slightly short buffer. The buffer is enough large to put
>       5 digits pid number but is not for 11 digits lwp pointer.
>       This may break other variable on stack.
> 
>>How-To-Repeat:
>       install recent (after 2013.09.19.15.13.43) kernel.img and boot
>>Fix:
>       In functions vchiq_use_internal and vchiq_release_internal
>       - enlarge buffer entity[] enough to store whole strings
>       - use snprintf
> --- end
> 
> 
> On Mon, 07 Oct 2013 23:51:15 +0900 (JST)
> Jun Ebihara <jun%soum.co.jp@localhost> wrote:
> 
>> fetch from nyftp, NetBSD-6.99.24-evbarm-arm-201310061640Z.iso
>> rpi.img boot failed.
>> 
>>  :
>> root file system type: ffs
>> vchiq: local ver 6 (min 3), remote ver 6.
>> vcaudio0 at vchiq0: AUDS
>> WARNING: no TOD clock present
>> WARNING: using filesystem time
>> WARNING: CHECK AND RESET THE DATE!
>> 
>> uvm_fault(0xc04b1c24, 0, 1) -> e
>> Fatal kernel mode data abort: 'Translation Fault (S)'
>> trapframe: 0xca66cd68
>> FSR=00000005, FAR=00000010, spsr=80000153
>> r0 =0000000c, r1 =00000003, r2 =03000000, r3 =ca66ce40
>> r4 =00000000, r5 =00000000, r6 =0000000c, r7 =c15d98b4
>> r8 =c15c140c, r9 =00000000, r10=00000018, r11=ca66ce20
>> r12=ca66ce24, ssp=ca66cdb8, slr=c02d74cc, pc =c02d54f8
>> 
>> Stopped in pid 0.36 (system) at netbsd:queue_message+0x2c:      ldr     r2, 
>> [r4,
>>  #0x010]
>> db> bt
>> 0xca66ce20: netbsd:queue_message+0xc
>> 0xca66ce60: netbsd:vchiq_open_service_internal+0x70
>> 0xca66ce84: netbsd:vchiq_open_service+0xa8
>> 0xca66ceb8: netbsd:vchi_service_open+0x78
>> 0xca66cf2c: netbsd:vcaudio_attach+0x1bc
>> 0xca66cf58: netbsd:config_attach_loc+0x19c
>> 0xca66cf70: netbsd:config_found_ia+0x2c
>> 0xca66cf94: netbsd:vchiq_defer+0x64
>> 0xca66cfac: netbsd:config_mountroot_thread+0x48
>> db> 
>> 
>> --
>> Jun Ebihara
> 
>