Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OOPS when powering off after 4 seconds. #1

Closed
Miouyouyou opened this issue Jan 21, 2017 · 1 comment
Closed

OOPS when powering off after 4 seconds. #1

Miouyouyou opened this issue Jan 21, 2017 · 1 comment
Assignees
@Miouyouyou
Labels
bug
Milestone
1.0

Comments

@Miouyouyou
Copy link
Owner

When trying the IOCTL tests, the VPU will power off after 4 seconds, through a kernel thread, and generate a OOPS. Subsequent tests will result in zombies processes.

The dmesg trace:

[13221.834323] Unable to handle kernel NULL pointer dereference at virtual address 00000010
[13221.834327] pgd = c0004000
[13221.834329] [00000010] *pgd=00000000
[13221.834335] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[13221.839638] Modules linked in: rk_vcodec(O) snd_soc_hdmi_codec dw_hdmi_i2s_audio
[13221.847028] CPU: 0 PID: 532 Comm: kworker/0:2 Tainted: G           O    4.10.0-rc4RockMyyX-rc+ #2
[13221.855881] Hardware name: Rockchip (Device Tree)
[13221.860583] Workqueue: events vpu_power_off_work [rk_vcodec]
[13221.866231] task: ed97b600 task.stack: edf9c000
[13221.870756] PC is at __iommu_detach_device+0x1c/0xf4
[13221.875710] LR is at iommu_group_do_detach_device+0x24/0x2c
[13221.881270] pc : [<c06f795c>]    lr : [<c06f7a58>]    psr: 20050013
               sp : edf9de28  ip : edf9de40  fp : edf9de3c
[13221.892725] r10: 00000000  r9 : c12dceb4  r8 : eefa6f00
[13221.897938] r7 : c06f7a34  r6 : eda7254c  r5 : eea7d410  r4 : eeb62640
[13221.904451] r3 : 00000000  r2 : c06f7a34  r1 : eea7d410  r0 : eda7254c
[13221.910966] Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[13221.918087] Control: 10c5387d  Table: 2d7e406a  DAC: 00000051
[13221.923820] Process kworker/0:2 (pid: 532, stack limit = 0xedf9c218)
[13221.930160] Stack: (0xedf9de28 to 0xedf9e000)
[13221.934509] de20:                   eeb62640 eeb5f6e8 edf9de4c edf9de40 c06f7a58 c06f794c
[13221.942671] de40: edf9de6c edf9de50 c06f67dc c06f7a40 eeb5f6c0 00000000 eda7254c eea7d410
[13221.950833] de60: edf9de84 edf9de70 c06f7b30 c06f67b0 eeb5f6c0 eeb5f6f0 edf9dea4 edf9de88
[13221.958995] de80: c06f7e78 c06f7b08 ed9f46a8 ed5fd080 eda7254c eea7d410 edf9dec4 edf9dea8
[13221.967157] dea0: bf014400 c06f7dfc eda45418 eeba4118 eda455ac eda45608 edf9ded4 edf9dec8
[13221.975319] dec0: bf0142e4 bf0143c8 edf9def4 edf9ded8 bf011e64 bf0142c0 eda45418 eda45468
[13221.983481] dee0: eefa3b40 00000000 edf9df0c edf9def8 bf012768 bf011d88 eda72580 eda45418
[13221.991643] df00: edf9df4c edf9df10 c0139ad4 bf012740 eefa3b40 eefa3b40 c1203900 eefa3b64
[13221.999805] df20: eda72598 eefa3b40 eefa3b40 c1203900 eefa3b64 eda72598 00000008 eda72580
[13222.007968] df40: edf9df7c edf9df50 c013a914 c013988c ed97b600 eda72c80 eebb1bc0 00000000
[13222.016130] df60: ee95fe9c eda72580 c013a648 eda72ca8 edf9dfac edf9df80 c013f75c c013a654
[13222.024292] df80: edf9c000 eebb1bc0 c013f634 00000000 00000000 00000000 00000000 00000000
[13222.032454] dfa0: 00000000 edf9dfb0 c0107a38 c013f640 00000000 00000000 00000000 00000000
[13222.040615] dfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[13222.048777] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000

[13222.056943] [<c06f795c>] (__iommu_detach_device) from [<c06f7a58>] (iommu_group_do_detach_device+0x24/0x2c)
[13222.066667] [<c06f7a58>] (iommu_group_do_detach_device) from [<c06f67dc>] (__iommu_group_for_each_dev+0x38/0x50)
[13222.076824] [<c06f67dc>] (__iommu_group_for_each_dev) from [<c06f7b30>] (__iommu_detach_group+0x34/0x88)
[13222.086287] [<c06f7b30>] (__iommu_detach_group) from [<c06f7e78>] (iommu_detach_device+0x88/0xa0)
[13222.095147] [<c06f7e78>] (iommu_detach_device) from [<bf014400>] (vcodec_drm_detach+0x44/0x58 [rk_vcodec])
[13222.104791] [<bf014400>] (vcodec_drm_detach [rk_vcodec]) from [<bf0142e4>] (vcodec_iommu_detach+0x30/0x34 [rk_vcodec])
[13222.115473] [<bf0142e4>] (vcodec_iommu_detach [rk_vcodec]) from [<bf011e64>] (vpu_service_power_off+0xe8/0x1cc [rk_vcodec])
[13222.126589] [<bf011e64>] (vpu_service_power_off [rk_vcodec]) from [<bf012768>] (vpu_power_off_work+0x34/0x60 [rk_vcodec])
[13222.137530] [<bf012768>] (vpu_power_off_work [rk_vcodec]) from [<c0139ad4>] (process_one_work+0x254/0x488)
[13222.147167] [<c0139ad4>] (process_one_work) from [<c013a914>] (worker_thread+0x2cc/0x408)
[13222.155331] [<c013a914>] (worker_thread) from [<c013f75c>] (kthread+0x128/0x144)
[13222.162716] [<c013f75c>] (kthread) from [<c0107a38>] (ret_from_fork+0x14/0x3c)
[13222.169925] Code: e52de004 e8bd4000 e5903004 e1a05001 (e5933010) 
[13222.188424] ---[ end trace 6609dfc3e76a1f2f ]---
@Miouyouyou Miouyouyou self-assigned this Jan 21, 2017
@Miouyouyou Miouyouyou added the bug label Jan 21, 2017
@Miouyouyou Miouyouyou added this to the 1.0 milestone Jan 21, 2017
@Miouyouyou Miouyouyou mentioned this issue Jan 21, 2017
Open
@Miouyouyou
Copy link
Owner Author

The driver can be unloaded just fine with the latest version, so I'll close this for now.

Miouyouyou added a commit that referenced this issue Sep 10, 2017
@Miouyouyou
We might be able to pull it through using the IOMMU DMA API...
b4184c9 
Not entirely sure though...

Still, the current issue with the IOMMU DMA API is due to an off-by-32
error... Basically the iova domain pointer is offseted by 32 bits...

Strange...

[   82.253308] [init_iova_domain]
                 iovad : eb00e004
                 iovad->rb_root       =   (null)
                 iovad->cached32_node =   (null)
                 iovad->granule       = 4096
                 iovad->start_pfn     = 65536
                 iovad->dma_32bit_pfn = 589823
[   82.283533] iommu_dma_init_domain -> 0
[   82.287728] rk-vcodec ff9a0000.vpu-service: allocator is drm
[   82.294087] rk-vcodec ff9a0000.vpu-service: checking hw id 4831
[   82.301062] rk-vcodec ff9a0000.vpu-service: init success
[  104.157451] rk-vcodec ff9a0000.vpu-service: dev opened
[  104.208467] rk-vcodec ff9a0000.vpu-service: ( Myy ) reg->reg[tbl[0]] → 21 (15)
[  104.216743] ( Myy ) kzalloc(76, GFP_KERNEL) → ebe46480
[  104.222688] ( Myy ) Still alive ♪
[  104.226592] rk-vcodec ff9a0000.vpu-service: kzalloc(64, GFP_KERNEL) → eb146380
[  104.235595] rk-vcodec ff9a0000.vpu-service: kzalloc(12, GFP_KERNEL) → eb146200
[  104.243865] __alloc_and_insert_iova_range called !
[  104.249233] [__alloc_and_insert_iova_range]
                 iovad : eb00e000
                 iovad->rb_root       = ffffffff
                 iovad->cached32_node =   (null)
                 iovad->granule       = 0
                 iovad->start_pfn     = 4096
                 iovad->dma_32bit_pfn = 65536

You can clearly see how everything gets offseted.
Since rb_root gets overwritten by a non NULL value, all the rb_*
functions flip the fuck out and the kernel crashes with

[  104.478038] Unable to handle kernel NULL pointer dereference at virtual address 00000003
[  104.487066] pgd = eb12c000
[  104.490081] [00000003] *pgd=2bfc4835, *pte=00000000, *ppte=00000000
[  104.497084] Internal error: Oops: 17 [#1] PREEMPT SMP ARM
[  104.503110] Modules linked in: rk_vcodec(O) mali_kbase rk_crypto dw_hdmi_i2s_audio
[  104.511574] CPU: 2 PID: 1726 Comm: mpp_dec_parser Tainted: G           O    4.13.0-RockMyy-XIII #19
[  104.521669] Hardware name: Rockchip (Device Tree)
[  104.526918] task: ebdbe400 task.stack: ebf0c000
[  104.531975] PC is at rb_last+0x10/0x24
[  104.536148] LR is at alloc_iova+0xa0/0x1f4
[  104.540718] pc : [<c0c202f4>]    lr : [<c06c3cdc>]    psr: a00f0093
[  104.547715] sp : ebf0dcf0  ip : 00000007  fp : 00000001
[  104.553547] r10: 00000000  r9 : 00000000  r8 : ffffffff
[  104.559379] r7 : 00000000  r6 : ebd10c40  r5 : 00000000  r4 : eb00e000
[  104.566667] r3 : 00010000  r2 : 00000000  r1 : 00000007  r0 : ffffffff
[  104.573957] Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  104.582023] Control: 10c5387d  Table: 2b12c06a  DAC: 00000051
[  104.588438] Process mpp_dec_parser (pid: 1726, stack limit = 0xebf0c218)
[  104.595921] Stack: (0xebf0dcf0 to 0xebf0e000)
[  104.600782] dce0:                                     ffffffff 00000000 000000cc 600f0013
[  104.609918] dd00: eb146200 ebe46480 ec927800 00000000 00000000 eb146380 eb146c00 ebe46480
[  104.619045] dd20: 00000000 ffffffff eb00e000 00000000 00000000 bf0b5190 00000015 00000000
[  104.628180] dd40: 00000000 bf0b97c0 eb146980 eb146280 00000003 ebe46490 eea89210 ebec6bcc
[  104.637315] dd60: ebec6028 ebe58c40 00000000 bf0b4198 bf0b7e23 ecb3f400 ebd91718 ec99d600
[  104.646450] dd80: bf0b6927 00000051 00000000 bf0b97c0 bf0b6928 bf0b0fa0 00000015 00000000
[  104.655577] dda0: 00000000 00000000 00000194 00000000 ed919a18 ed919a18 00000015 00000000
[  104.664712] ddc0: bf0b9464 00000000 0010fff0 ecb3f418 ecb3f420 ecb3f42c c12e1c48 00000000
[  104.673846] dde0: 014bd3c0 00000002 00000010 00000014 c0f42847 bf0b6927 c12e14c0 00000002
[  104.682981] de00: c12e14c0 c11a824d c11a8220 c01f8868 200f0013 ebea6400 ebea6434 ebea6400
[  104.692116] de20: af300000 c0c2e6b8 c0f42847 c0f34b21 2de19000 00000002 c12e14c0 c11a8296
[  104.701251] de40: c11a8288 c01f7b88 efd2da40 00000707 af300000 c0c2e6b8 69a52e37 c0204994
[  104.710387] de60: eb13e580 ed823fb0 ee36133c eb13e580 ee361348 ed3db48c ed3db478 c0206e30
[  104.719514] de80: 00000000 eb13e580 eb13e580 00000707 140440fb c0208070 eb13e580 140440fb
[  104.728640] dea0: ebdf1000 b10acb64 ec99d600 ed919a18 bf0b97c0 ebd91718 00000051 00000000
[  104.737775] dec0: 00000000 bf0b3074 c12fc5d8 00000000 00000000 ed3db478 ed3db48c 014bd3c0
[  104.746910] dee0: 00000194 af16b000 000000fb ebdf1000 00195000 eb074be8 b10acb64 ed9ba000
[  104.756045] df00: b10acb64 40046c03 00000011 00000000 00000000 c02345e0 00002000 c0234e40
[  104.765180] df20: ebea6444 00000003 00000001 00195000 00000000 ebdf1000 00000000 c01f7254
[  104.774307] df40: 00000001 00000000 000111db ebf0df5c ebf0df60 00000001 00000001 00000000
[  104.783442] df60: ed9ba000 00000000 ed9ba000 ed9ba001 b10acb64 40046c03 00000011 00000000
[  104.792569] df80: 00000000 c0234f98 b10acb64 b6976000 beaa40b8 beaa4052 00000036 c0107064
[  104.801705] dfa0: ebf0c000 c0106ea0 b6976000 beaa40b8 00000011 40046c03 b10acb64 b10acb64
[  104.810831] dfc0: b6976000 beaa40b8 beaa4052 00000036 00000000 beaa40b8 b58d6120 00000000
[  104.819966] dfe0: b697640c b10acb3c b6932485 b6409a86 000f0030 00000011 00000000 00000000
[  104.829102] [<c0c202f4>] (rb_last) from [<c06c3cdc>] (alloc_iova+0xa0/0x1f4)
[  104.836980] [<c06c3cdc>] (alloc_iova) from [<bf0b5190>] (vcodec_drm_import+0x32c/0x73c [rk_vcodec])
[  104.847093] [<bf0b5190>] (vcodec_drm_import [rk_vcodec]) from [<bf0b0fa0>] (reg_init+0x490/0xa2c [rk_vcodec])
[  104.858176] [<bf0b0fa0>] (reg_init [rk_vcodec]) from [<bf0b3074>] (vpu_service_ioctl+0x408/0x720 [rk_vcodec])
[  104.869258] [<bf0b3074>] (vpu_service_ioctl [rk_vcodec]) from [<c02345e0>] (vfs_ioctl+0x20/0x34)
[  104.879074] [<c02345e0>] (vfs_ioctl) from [<c0234e40>] (do_vfs_ioctl+0x72c/0x838)
[  104.887433] [<c0234e40>] (do_vfs_ioctl) from [<c0234f98>] (SyS_ioctl+0x4c/0x74)
[  104.895598] [<c0234f98>] (SyS_ioctl) from [<c0106ea0>] (ret_fast_syscall+0x0/0x3c)
[  104.904045] Code: e5900000 e3500000 1a000000 e12fff1e (e5903004)
[  104.910849] ---[ end trace 8d80f6ca54c89263 ]---

So... Let's see why this get offseted. May be we'll enjoy a
nice movie tonight !

Signed-off-by: Myy <myy@miouyouyou.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Miouyouyou Miouyouyou

Labels
bug
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
1 participant
@Miouyouyou