netbsd-bugs: port-macppc/29559: G4 400 (PCI) fails PSL

Subject: port-macppc/29559: G4 400 (PCI) fails PSL_EE assertion on boot
To: None <port-macppc-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: None <nathanw@mit.edu>
List: netbsd-bugs
Date: 02/28/2005 19:24:00
>Number:         29559
>Category:       port-macppc
>Synopsis:       G4/400 (PCI) fails PSL_EE assertion on boot
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-macppc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 28 19:24:00 +0000 2005
>Originator:     Nathan J. Williams
>Release:        NetBSD 2.99.16
>Organization:
	Massachvsetts Institvte of Technology
>Environment:
	
	
System: NetBSD 2.99.16 (GENERIC) #1: Mon Feb 28 12:58:30 EST 2005 nathanw@marvin-the-martian.nathanw.com:/nbsd/src/sys/arch/macppc/compile/GENERIC
Architecture: powerpc
Machine: macppc
>Description:
	My G4/400 (PCI) doesn't like the recently-added KASSERT(emsr & PSL_EE) in extintr.c:do_pending_int(). It panics on boot, as seen here:

0 > boot enet:0 
CLIENT: 0050e499d619 10.1.0.15
SERVER: 000f3df19d24 10.1.0.1 
Transfer FILE: ofwboot.xcf |
TFTP-actual=cbb8 TFTP-adler32=7c31370c load-size=cbb8 adler32=7c31370c 

loading XCOFF

tsize=c850 dsize=288 bsize=25c0 entry=e00000 
SECTIONS:
.text    00e00000 00e00000 0000c850 000000e0
.data    00e0d000 00e0d000 00000288 0000c930
.bss     00e0d288 00e0d288 000025c0 00000000
loading .text, done..
loading .data, done..
clearing .bss, done..

>> NetBSD/macppc OpenFirmware Boot, Revision 1.9
>> (autobuild@tgm.netbsd.org, Sat May 29 13:37:04 UTC 2004)

CLIENT: 0050e499d619 10.1.0.15
SERVER: 000f3df19d24 10.1.0.1 net_open: client addr: 10.1.0.15
net_open: subnet mask: 255.255.255.0
net_open: net gateway: 10.1.0.1
net_open: server addr: 10.1.0.1
net_open: server path: /u1/diskless/mac-g4
net_open: file name: ofwboot.xcf
Using IP address: 10.1.0.15
root addr=10.1.0.1 path=/u1/diskless/mac-g4
5006836+211264 [254848+232806]=0x571398
 start=0x100000
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
    The NetBSD Foundation, Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.

NetBSD 2.99.16 (GENERIC) #1: Mon Feb 28 12:58:30 EST 2005
        nathanw@marvin-the-martian.nathanw.com:/nbsd/src/sys/arch/macppc/compile/GENERIC
total memory = 192 MB
avail memory = 177 MB
mainbus0 (root)
cpu0 at mainbus0: 7400 (Revision 2.6), ID 0 (primary)
cpu0: HID0 8094c0a4<EMCP,DOZE,DPM,EIEC,ICE,DCE,SGE,BTIC,BHT>
cpu0: 400.00 MHz, no-parity 1MB WB L2 cache (PB SRAM) at 2:1 ratio
grackle0 at mainbus0
pci0 at grackle0 bus 0
pci0: i/o space, memory space enabled
pchb0 at pci0 dev 0 function 0
pchb0: Motorola MPC106 "Grackle" Host Bridge (rev. 0x40)
ppb0 at pci0 dev 13 function 0: Digital Equipment DC21154 PCI-PCI Bridge (rev. 0x02)
pci1 at ppb0 bus 1
pci1: i/o space, memory space enabled
Texas Instruments TSB12LV21 IEEE 1394 Host Controller (Firewire serial bus, revision 0x04) at pci1 dev 0 function 0 not configured
cmdide0 at pci1 dev 1 function 0
cmdide0: CMD Technology PCI0646 (rev. 0x07)
cmdide0: bus-master DMA support present
cmdide0: primary channel configured to native-PCI mode
cmdide0: using irq 26 for native-PCI interrupt
atabus0 at cmdide0 channel 0
cmdide0: secondary channel configured to native-PCI mode
cmdide0: secondary channel ignored (disabled)
obio0 at pci1 dev 5 function 0: addr 0x80800000
mesh0 at obio0 offset 0x10000 irq 12: 50MHz, SCSI ID 7
scsibus0 at mesh0: 8 targets, 8 luns per target
zsc0 at obio0 offset 0x13000: irq 15,16
zstty0 at zsc0 channel 0 (console)
zstty1 at zsc0 channel 1
davbus at obio0 offset 0x14000 not configured
fdc at obio0 offset 0x15000 not configured
adb0 at obio0 offset 0x16000 irq 18: 0 targets
aed0 at adb0 addr 0: ADB Event device
wdc0 at obio0 offset 0x20000 irq 13: DMA transfer
atabus1 at wdc0 channel 0
bm0 at obio0 offset 0x11000 irq 42,33: address 00:50:e4:99:d6:19
lxtphy0 at bm0 phy 0: LXT970 10/100 media interface, rev. 3
lxtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
nvram0 at obio0 offset 0x60000
ohci0 at pci1 dev 6 function 0: Opti 82C861 (rev. 0x10)
ohci0: interrupting at irq 28
ohci0: OHCI version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Opti OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
panic: kernel diagnostic assertion "emsr & PSL_EE" failed: file "../../../../arch/macppc/macppc/extintr.c", line 829
Stopped in pid 0.1 (swapper) at netbsd:cpu_Debugger+0x10:       lwz     r0, r1, 0
x14
db> t
0x0067b5f0: at panic+0x19c
0x0067b680: at __assert+0x28
0x0067b690: at do_pending_int+0x280
0x0067b6d0: at splx+0x40
0x0067b6e0: at grackle_conf_read+0x90
0x0067b700: at pci_conf_read+0x14
0x0067b710: at pci_enumerate_bus+0xf8
0x0067b760: at pcirescan+0x58
0x0067b780: at pciattach+0x194
0x0067b7c0: at config_attach_loc+0x2d4
0x0067b820: at config_found_sm_loc+0x64
0x0067b840: at ppbattach+0x130
0x0067b9a0: at config_attach_loc+0x2d4
0x0067ba00: at config_found_sm_loc+0x64
0x0067ba20: at pci_probe_device+0x2b4
0x0067bac0: at pci_enumerate_bus+0x204
0x0067bb10: at pcirescan+0x58
0x0067bb30: at pciattach+0x194
0x0067bb70: at config_attach_loc+0x2d4
0x0067bbd0: at config_found_sm_loc+0x64
0x0067bbf0: at grackle_attach+0x178
0x0067bce0: at config_attach_loc+0x2d4
0x0067bd40: at config_found_sm_loc+0x64
0x0067bd60: at mainbus_attach+0x184
0x0067be30: at config_attach_loc+0x2d4
0x0067be90: at config_rootfound+0x48
0x0067beb0: at cpu_configure+0x24
0x0067bec0: at configure+0x58
0x0067bee0: at main+0x324
0x0067bf30: at 0x10009c

For splx() to have invoked do_pending_int(), something managed to set
ci->ci_ipending during boot; this means that PSL_EE was set somewhere
to let a call through to ext_intr() (confirmed by setting a breakpoint
there).

A likely suspect is powerpc/powerpc/trap_subr.S:857 (trapagain), which
enables PSL_EE before calling trap(). Unfortunately, it does so
unconditionally, at a moment when the rest of the kernel is running
with PSL_EE disabled.

>How-To-Repeat:
	Boot a kernel (GENERIC or otherwise) on a G4/400.
>Fix:

Set trap-permitting bits in the MSR during a trap based on whether
they were set in the trapping frame? This patch seems to do the job.

*** trap_subr.S.~1.56.~	Wed Jun 23 13:38:26 2004
--- trap_subr.S	Mon Feb 28 14:16:31 2005
***************
*** 854,860 ****
  trapagain:
  /* Now we can recover interrupts again: */
  	mfmsr	%r7
! 	ori	%r7,%r7,(PSL_EE|PSL_ME|PSL_RI)@l
  	mtmsr	%r7
  	isync
  /* Call C trap code: */
--- 854,862 ----
  trapagain:
  /* Now we can recover interrupts again: */
  	mfmsr	%r7
! 	ldreg	%r6, (FRAME_SRR1+(2*SZREG))(%r1)
! 	andi.	%r6,%r6,(PSL_EE|PSL_ME|PSL_RI)@l
! 	or	%r7,%r7,%r6
  	mtmsr	%r7
  	isync
  /* Call C trap code: */

>Unformatted: