Date: Sat, 16 May 2015 21:54:43 -0600 From: Warner Losh <imp@bsdimp.com> To: Keith White <kwhite@site.uottawa.ca> Cc: Daisuke Aoyama <aoyama@peach.ne.jp>, freebsd-arm@freebsd.org, Ian Lepore <ian@freebsd.org> Subject: Re: Translation Fault panic when trying to use an mfs_root on BBB [solved?] [patch] Message-ID: <B4D05B26-E699-4BC5-8B13-2FDCF6BDF75B@bsdimp.com> In-Reply-To: <alpine.BSF.2.20.1505162216230.46783@localhost.my.domain> References: <alpine.BSF.2.20.1505131848310.98564@localhost.my.domain> <CAFHCsPXfj0Q9gYn-auK_7zQiA_HaijhzFddm1r2TJ1K7ftAebA@mail.gmail.com> <alpine.BSF.2.20.1505142004010.13692@localhost.my.domain> <CAFHCsPVF4dQryUb%2B3PmeZvpsQ8u2Xch2JirQ3uFcUhXn5fFkuQ@mail.gmail.com> <1431822588.91685.48.camel@freebsd.org> <F54C6DD3CE664644A5FA6CA32E989279@ad.peach.ne.jp> <alpine.BSF.2.20.1505162216230.46783@localhost.my.domain>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_D09AAF2F-C7F9-44FF-86A3-6F7CF1FB98C7 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On May 16, 2015, at 8:40 PM, Keith White <kwhite@site.uottawa.ca> = wrote: >=20 > On Sun, 17 May 2015, Daisuke Aoyama wrote: >=20 >> -------------------------------------------------- >> From: "Ian Lepore" <ian@freebsd.org> >> Sent: Sunday, May 17, 2015 9:29 AM >> To: "Svatopluk Kraus" <onwahe@gmail.com> >> Cc: "Keith White" <kwhite@site.uottawa.ca>; <freebsd-arm@freebsd.org> >> Subject: Re: Translation Fault panic when trying to use an mfs_root = on BBB [solved?] [patch] >>=20 >>> On Fri, 2015-05-15 at 10:18 +0200, Svatopluk Kraus wrote: >>>> On Fri, May 15, 2015 at 2:13 AM, Keith White = <kwhite@site.uottawa.ca> wrote: >>>> > On Thu, 14 May 2015, Svatopluk Kraus wrote: >>>> > >>>> >> On Thu, May 14, 2015 at 2:03 AM, Keith White = <kwhite@site.uottawa.ca> >>>> >> wrote: >>>> >>> >>>> >>> I get the following panic when trying to load an mfs_root on a >>>> >>> reasonably current BBB image: >>>> >>> >>>> >>> Fatal kernel mode data abort: 'Translation Fault (L1)' on read >>>> >>> trapframe: 0xdd43fd50 >>>> >>> FSR=3D00000005, FAR=3D01211ef0, spsr=3D20000113 >>>> >>> r0 =3Dc35f4200, r1 =3D01211f00, r2 =3D000001e0, r3 =3D3dc1dd00 >>>> >>> r4 =3Dc3638930, r5 =3Dc362d838, r6 =3Dc362d810, r7 =3Dc06037b8 >>>> >>> r8 =3D0000002d, r9 =3D00000000, r10=3Dc3638930, r11=3Ddd43fdf0 >>>> >>> r12=3D00000000, ssp=3Ddd43fde0, slr=3Dc0249918, pc =3Dc05c6a68 >>>> >>> >>>> >>> [ thread pid 4 tid 100054 ] >>>> >>> Stopped at memmove+0x29c: ldmdb r1!, {r3-r4, r12, r14} >>>> >>> db> >>>> >>> >>>> >>> Hints, suggestions? >>>> >>> >>>> >>> ...keith >>>> >>> >>>> >>> --------------------------------- >>>> >>> More (trimmed) details from boot: >>>> >>> >>>> >>> ... >>>> >>> U-Boot 2014.10 (Mar 19 2015 - 18:29:51) >>>> >>> ... >>>> >>> FreeBSD/armv6hf U-Boot loader, Revision 1.2 >>>> >>> (kwhite@freebsd11, Tue Mar 17 22:23:25 EDT 2015) >>>> >>> ... >>>> >>> Found U-Boot device: disk >>>> >>> Checking unit=3D1 slice=3D<auto> partition=3D<auto>... good. >>>> >>> /boot/kernel/kernel data=3D0x505c2c+0x923d4 = syms=3D[0x4+0x606a0+0x4+0x65ed4] >>>> >>> /boot/kernel/snd_uaudio.ko text=3D0xed3c data=3D0x620+0x10 >>>> >>> syms=3D[0x4+0x1ec0+0x4+0x1a2f] >>>> >>> ... >>>> >>> Type '?' for a list of commands, 'help' for more detailed help. >>>> >>> loader> load -t mfs_root /rootfs >>>> >>> /rootfs size=3D0x858000 >>>> >>> loader> boot -asv >>>> >>> Booting... >>>> >>> /boot/dtb/beaglebone-black.dtb size=3D0x24b4 >>>> >>> Loaded DTB from file 'beaglebone-black.dtb'. >>>> >>> Kernel entry at 0x80200100... >>>> >>> Kernel args: -asv >>>> >>> KDB: debugger backends: ddb >>>> >>> KDB: current backend: ddb >>>> >>> Copyright (c) 1992-2015 The FreeBSD Project. >>>> >>> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, = 1993, 1994 >>>> >>> The Regents of the University of California. All rights = reserved. >>>> >>> FreeBSD is a registered trademark of The FreeBSD Foundation. >>>> >>> FreeBSD 11.0-CURRENT #1 r282672M: Tue May 12 06:57:24 EDT 2015 >>>> >>> >>>> >>> = kwhite@freebsd11:/usr/obj/arm.armv6hf/tank/RPI/head/sys/BEAGLEBONE-LOCAL >>>> >>> arm >>>> >>> FreeBSD clang version 3.6.0 (tags/RELEASE_360/final 230434) = 20150225 >>>> >>> WARNING: WITNESS option enabled, expect reduced performance. >>>> >>> Preloaded elf kernel "/boot/kernel/kernel" at 0xc1219000. >>>> >>> ... >>>> >>> mmc0: Probing bus >>>> >>> usbus0: 480Mbps High Speed USB v2.0 >>>> >>> usbus1: 480Mbps High Speed USB v2.0 >>>> >>> md0: Preloaded image </rootfs> 8749056 bytes at 0x9b9f00 >>>> >>> ugen1.1: <Mentor Graphics> at usbus1 >>>> >>> uhub0: <Mentor Graphics OTG Root HUB, class 9/0, rev 2.00/1.00, = addr 1> >>>> >>> on >>>> >>> usbus1 >>>> >>> ugen0.1: <Mentor Graphics> at usbus0 >>>> >>> uhub1: <Mentor Graphics OTG Root HUB, class 9/0, rev 2.00/1.00, = addr 1> >>>> >>> on >>>> >>> usbus0 >>>> >>> Fatal kernel mode data abort: 'Translation Fault (L1)' on read >>>> >>> trapframe: 0xdd43fd50 >>>> >>> FSR=3D00000005, FAR=3D01211ef0, spsr=3D20000113 >>>> >>> r0 =3Dc35f4200, r1 =3D01211f00, r2 =3D000001e0, r3 =3D3dc1dd00 >>>> >>> r4 =3Dc3638930, r5 =3Dc362d838, r6 =3Dc362d810, r7 =3Dc06037b8 >>>> >>> r8 =3D0000002d, r9 =3D00000000, r10=3Dc3638930, r11=3Ddd43fdf0 >>>> >>> r12=3D00000000, ssp=3Ddd43fde0, slr=3Dc0249918, pc =3Dc05c6a68 >>>> >>> >>>> >>> [ thread pid 4 tid 100054 ] >>>> >>> Stopped at memmove+0x29c: ldmdb r1!, {r3-r4, r12, r14} >>>> >> >>>> >> >>>> >> >>>> >> Well, FAR (fault address) points to user address space. System = is >>>> >> still in boot process and no user address should be used. The = first >>>> >> thing is to find out if arguments pushed to bcopy() in >>>> >> mdstart_preload() are correct. Can you print them out? >>>> >> ... >>>> > >>>> > >>>> > Thanks for the hint! After a little digging with ddb, it appears >>>> > that the fault address is missing an offset of KERNBASE = (0xc0000000). >>>> > The mfs_root being found at 0x9b9f00 ("md0: preloaded image at") = + >>>> > KERNBASE (0xc0000000). The following patch fixes the symptom, = and >>>> > allows a boot to successfully complete. The resulting md is also >>>> > usable as /. >>>> > >>>> > I'm sure there's a more correct patch? >>>> > >>>> > Index: sys/dev/md/md.c >>>> > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>>> > --- sys/dev/md/md.c (revision 282672) >>>> > +++ sys/dev/md/md.c (working copy) >>>> > @@ -1590,7 +1590,11 @@ >>>> > len =3D preload_fetch_size(mod); >>>> > if (ptr !=3D NULL && len !=3D 0) { >>>> > sx_xlock(&md_sx); >>>> > +#ifdef __arm__ >>>> > + md_preloaded(KERNBASE + ptr, len, name); >>>> > +#else >>>> > md_preloaded(ptr, len, name); >>>> > +#endif >>>> > sx_xunlock(&md_sx); >>>> > } >>>> > } >>>> Thanks for debugging it. The preload_fetch_addr() already uses >>>> preload_addr_relocate to adjust returned address. IMO, a patch = should >>>> either deal with preload_addr_relocate and init it correctly or fix >>>> MODINFO_ADDR info in kernel modules. Now, preload_addr_relocate is = set >>>> only when FREEBSD_BOOT_LOADER is defined. In this moment, I know >>>> nothing about how MODINFO_ADDR info is generated. >>>> BTW, physical address space starts at 0x80000000 on BBB and = KERNBASE >>>> is 0xC0000000, so I would be expecting that preload_addr_relocate >>>> should be set to 0x40000000. The FAR is 0x01211ef0, so it's not >>>> physical address. And as your patch helps, it's an offset to either >>>> physical or virtual address space. So it looks more like = MODINFO_ADDR >>>> info problem. >>> I think the problem here is likely to be in ubldr. Today I tried to >>> recreate this and all I could get was complete system lockup right = after >>> the kernel copyright displayed. Eventually I noticed that your root >>> image is less than 10MB, so I created a little image about the same = size >>> as yours and put init(8) in it, and with that I get the same panic = you >>> do (different physical address, I'm doing it on a wandboard). >>> I think there are at least two separate problems here. ubldr isn't >>> setting the right metadata for the load address, and then separately >>> from that, trying to load really big files corrupts memory somehow = in a >>> way that locks up the kernel. >>> I'll keep poking at it. >>=20 >> I posted about ubldr/mfsroot last year. no one interest it... >> = http://lists.freebsd.org/pipermail/freebsd-arm/2014-December/009839.html >> I think ubldr should be fixed. >> -- >> Daisuke Aoyama >>=20 >>=20 >=20 > Thanks Ian for looking at this! >=20 > Based upon the comments by Daisuke Aoyama, the patch above using > KERNBASE becomes this using preload_addr_relocate: >=20 > ----------------- > --- sys/dev/md/md.c (revision 282672) > +++ sys/dev/md/md.c (working copy) > @@ -1590,7 +1590,11 @@ > len =3D preload_fetch_size(mod); > if (ptr !=3D NULL && len !=3D 0) { > sx_xlock(&md_sx); > +#ifdef __arm__ > + md_preloaded(ptr - preload_addr_relocate, len, = name); > +#else > md_preloaded(ptr, len, name); > +#endif > sx_xunlock(&md_sx); > } > } This is almost certainly the wrong place to fix this. The right place to = fix it is in ubldr. It says that all the ptrs are AFU only on arm, and = this one is likely the first of many. Warner --Apple-Mail=_D09AAF2F-C7F9-44FF-86A3-6F7CF1FB98C7 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVWBEDAAoJEGwc0Sh9sBEAMXoQAIwhN8B+QhgxHZU/DrFAHM9w PLD6gSs5uiKB+3Ib4wYT7SF9Psk6wXTwL6968VDfdh4AnsMvm9nnxCfNQSgftzRA L3wPEDUDgkd8Dv4Kw0yMFQT87hD4L0NCCX5TLEgGAB5z8brT08NneVyDhfM+PEbi VltxC08xcllOA7oa6oqTpi5YxZAz+DlRPG7M3HtZHOObLZQhOxpLlFYQ47zgfawm flXAG1r7iXU7zR0QQP7BOAUy0Gy+jVICAc89VSdgmNQFF5oNmRwW3OUQeycBwcIf V74GwLuGIU8jVMG+8fY2RArMIxaQwnVEtTUj/cSIhOqyUfqIE3Mw3nJzEnVpEckc oQoYx3tuPUNdiM41uj6okbIBdmG6P++QCZ/7TJ27LLwIHCyHAcUg/S7JhqEejbdf V9Umgn6byBPOu4dK89mMrvxq096OPL+/698ah684Jp6pP4TWr5rcUCU0XHOAQJqQ ra1mi1Kl1M4I6MNYKlnrQj/dQlk8xKMuuTuLUBLcUozIXExPU5q/dROtaWd16Zmr 4od6Q8MdSYITkoeqZkamDvhgrhXRpKEYItVJ4FpVidwa7zrPcpd6QKZIDvwuluGp 4eOoQKFQb8Y3hPDbmIBZT2fmDGmUYd/L0eQSZ+HSeQajTxKq/Vtj9OaiL/1MbLTr hy7HRUdMsRAUHAOJEt1I =PUKV -----END PGP SIGNATURE----- --Apple-Mail=_D09AAF2F-C7F9-44FF-86A3-6F7CF1FB98C7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B4D05B26-E699-4BC5-8B13-2FDCF6BDF75B>