NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-acorn32/53076: Kernel panic on boot when first interrupt handler registered



>Number:         53076
>Category:       port-acorn32
>Synopsis:       Kernel panic on boot when first interrupt handler registered
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-acorn32-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 06 20:15:00 +0000 2018
>Originator:     Mike Pumford
>Release:        NetBSD 8.99.12
>Organization:
None
>Environment:
	
	
System: NetBSD black-star.mudcovered.org.uk 8.99.12 NetBSD 8.99.12 (GENERIC) #4: Sun Mar 4 18:01:22 GMT 2018 builder%trigati.mudcovered.org.uk@localhost:/work/netbsd/current/obj.acorn32/sys/arch/acorn32/compile/GENERIC acorn32
Architecture: arm
Machine: acorn32
>Description:
	Kernel panic on boot:
fdc0 at pioc0 offset 0x3f0-0x3f7 irq12 drq 0x00002000

uvmfault(0xf036f42c, 217000, 2) -> e
Fatal kernel mode ata abort: 'Translation Fault (P)'
trapframe: 0xf03ccc40
FSR=183bd007, FAR=002170ef, spsr=20000093
r0 =002170ef, r1 =f02f2a65, r2 =0000000d, r3 =00217047
r4 =08000013, r5 =00000066, r6 =f02f2a65, r7 =f0351190
r8 =f02f2a64, r9 =00000005, r10=f02f2a64, r11=f04cccc0
r12=f03ccccc, ssp=f04ccc94, slr=f0027288, pc =f02d90d8

Stopped in pid 0.1 (system) at netbsd:strlcpy+0x30:strb r5, [r0], #001
db>bt
0xf03cccc8: netbsd:irq_claim+0xc
0xf03cccf0: netbsd:intr_claim+0x58
0xf03ccd28: netbsd:fdcattach+0xc0 
....
This panic is from current but it also does exactly the same thing on 8.0-BETA
>How-To-Repeat:
	Boot GENERIC kernel on RiscPC 
>Fix:
	This is a bug in the interrupt registration code. The table that
where the registration code wants to write the interrupt name to has been
put in the rodata secton of the kernel. The following patch fixes the bug 
and also an issue that causes the irq names to be corrupt in vmstat and
systat vmstat

-----Cut here
Index: sys/arch/arm/iomd/iomd_irq.S
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/iomd/iomd_irq.S,v
retrieving revision 1.16
diff -u -r1.16 iomd_irq.S
--- sys/arch/arm/iomd/iomd_irq.S        2 Dec 2013 18:36:10 -0000       1.16
+++ sys/arch/arm/iomd/iomd_irq.S        4 Mar 2018 17:02:34 -0000
@@ -412,7 +412,7 @@
 #ifdef IRQSTATS
 /* These symbols are used by vmstat */

-       .section .rodata
+       .section .data

        .global _C_LABEL(_intrnames)
 _C_LABEL(_intrnames):
Index: sys/arch/arm/iomd/iomd_irqhandler.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/iomd/iomd_irqhandler.c,v
retrieving revision 1.22
diff -u -r1.22 iomd_irqhandler.c
--- sys/arch/arm/iomd/iomd_irqhandler.c 25 Oct 2014 10:58:12 -0000      1.22
+++ sys/arch/arm/iomd/iomd_irqhandler.c 4 Mar 2018 17:02:34 -0000
@@ -180,7 +180,9 @@
        /* Get the interrupt name from the head of the list */
        char *iptr = _intrnames + (irq * 14);
        if (handler->ih_name) {
-               strlcpy(iptr, handler->ih_name, 14);
+               /* kvm code expects these to be padded to the
+                * field length (13 chars + \0 in our case) */
+               snprintf(iptr, 14, "%-13.13s", handler->ih_name );
        } else {
                snprintf(iptr, 14, "irq %2d     ", irq);
        }
@@ -290,7 +292,9 @@
        /* Get the interrupt name from the head of the list */
        char *iptr = _intrnames + (irq * 14);
        if (irqhandlers[irq] && irqhandlers[irq]->ih_name) {
-               strlcpy(iptr, irqhandlers[irq]->ih_name, 14);
+               /* kvm code expects these to be padded to the
+                * field length (13 chars + \0 in our case) */
+               snprintf(iptr, 14, "%-13.13s", handler->ih_name );
        } else {
                snprintf(iptr, 14, "irq %2d     ", irq);
        }
-----Cut here

>Unformatted:
 	
 	


Home | Main Index | Thread Index | Old Index