[uClinux-dev] Fwd: NET+Lx, compiler bug, stability problem

박 찬택 urinara1 at hotmail.com
Thu Nov 15 21:39:47 EST 2001


I'm sorry.
This topic was already posted in 
http://www.uclinux.org/pub/uClinux/archive/0740.html


CT Park,

Best Regards.



>From: "박 찬택" <urinara1 at hotmail.com>
>Reply-To: uclinux-dev at uclinux.org
>To: uclinux-dev at uclinux.org
>Subject: [uClinux-dev] Fwd: NET+Lx, compiler bug, stability problem
>Date: Thu, 15 Nov 2001 22:25:48 +0900
>
>>I'm sorry for resending this mail because all tabs were broken.
>>---------------------------------------------------------------------------------

>
>>Dear uClinux users.
>>
>>I'm using NET+Lx and porting some device driver.
>>I found stack corruption on exception handler.
>>I think it is due to the compiler's bug.
>>I traced the code with arm-elf-gdb and JEENI.
>>The function 'ixj_timeout' is invoked periodically by kernel's 
>>timer
>service.
>>And IRQ occurs by on-chip ethernet module.
>>(I think this is also related to stability problem of NET+Lx,
>>AKA, running 'ps(process status)' command with flood pinging)
>>
>>When the function 'ixj_read_frame' is called, board parameter is
>>copied to r0 (line #4771 of ixj.s).
>>And within 'ixj_read_frame', r0 is copied to stack area (#15800).
>>If IRQ occurs before adjusting (#15807) the stack pointer, ISR will
>>use same stack area which is being used now.
>>Therefore, pre-stored value in the stack is corrupted.
>>So, I think the stack pointer, sp, must be adjusted before copying
>>data to stack.
>>(The last one (ixj.s2) was generated by Aplio's compiler. It seems
>>all right)
>>However, I don't know about the compiler, arm-uclinux-gcc.
>>Please help me.
>>
>>
>>===== ixj.c
>=====================================================================
>>1235      static void ixj_timeout(unsigned long ptr)
>>1236      {
>>1237          int board;
>>...
>>1311                      if (IsRxReady(board)) {
>>1312                          ixj_read_frame(board);
>>1313                      }
>>...
>>1476      }
>>...
>>3135      static void ixj_read_frame(int board)
>>3136      {
>>3137          int cnt, dly;
>>...
>>3140          if (j->read_buffer) {
>>=================================================================================

>
>>
>>===== ixj.s
>=====================================================================
>>4769          .stabn 68,0,1312,.LM739-ixj_timeout
>>4770      .LM739:
>>4771          mov      r0, r7                   <****** 'board' 
>>parameter
>>4772          bl       ixj_read_frame
>>...
>>15787         .align   2
>>15788     .stabs "ixj_read_frame:f(0,19)",36,0,3136,ixj_read_frame
>>15789     .stabs "board:p(0,1)",160,0,3135,-44
>>15790         .type    ixj_read_frame,function
>>15791     ixj_read_frame:
>>15792         .stabn 68,0,3136,.LM2744-ixj_read_frame
>>15793     .LM2744:
>>15794         @ args = 0, pretend = 0, frame = 36
>>15795         @ frame_needed = 1, current_function_anonymous_args = 
>>0
>>15796     .LBB220:
>>15797         mov      ip, sp                   <****** 
>>'sp'=0x1edd74
>>15798         stmdb    sp!, {r4, r5, r6, r7, r8, r9, sl, fp, ip, 
>>lr, pc}
>>              <****** after 'stmdb', 'sp'=0x1edd48
>>15799         sub      fp, ip, #4
>>15800         str      r0, [fp, #-44]           <******
>0x1edd70-44=0x1edd44('board')
>>15801         .stabn 68,0,3138,.LM2745-ixj_read_frame
>>15802     .LM2745:
>>15803         mov      r0, r0, asl #2           <****** STACK HAS 
>>BEEN
>CORRUPTED
>>15804         ldr      r1, [fp, #-44]           <****** STACK HAS 
>>BEEN
>CORRUPTED
>>                                                        if IRQ 
>>occurred
>>15805         .stabn 68,0,3136,.LM2746-ixj_read_frame
>>15806     .LM2746:
>>15807         sub      sp, sp, #36               <****** WRONG 
>>POSITION
>>...
>>15838         str      r3, [fp, #-60]
>>15839         mov      ip, r1
>>15840         str      r4, [fp, #-52]
>>15841         str      lr, [fp, #-56]
>>=================================================================================

>
>>
>>===== entry-armv.S
>==============================================================
>>271       #define S_FRAME_SIZE             72
>>...
>>276       #define S_SP               52
>>...
>>376       vector_IRQ:     @
>>377                       @ save mode specific registers
>>378                       @
>>379                       ldr       r13, LCirq
>>380                       sub       lr, lr, #4
>>381                       str       lr, [r13]     @ save lr_IRQ
>>382                       mrs       lr, spsr
>>383                       str       lr, [r13, #4] @ save spsr_IRQ
>>384                       @
>>385                       @ now branch to the relevent MODE 
>>handling
>routine
>>386                       @
>>387                       mrs       sp, cpsr       @ switch to SVC 
>>mode
>>388                       bic       sp, sp, #31
>>389                       orr       sp, sp, #0x13
>>390                       msr       spsr, sp
>>391                       and       lr, lr, #15
>>392                       cmp       lr, #4
>>393                       addlts    pc, pc, lr, lsl #2              
>>@
>Changes mode and branches
>>                          <****** AFTER 'addlts', 'sp'=0x1edd48, 
>>WHY?
>>394                       b         __irq_invalid    @  4 - 15
>>395                       b         __irq_usr        @  0  (USR_26 
>>/
>USR_32)
>>396                       b         __irq_invalid    @  1  (FIQ_26 
>>/
>FIQ_32)
>>397                       b         __irq_invalid    @  2  (IRQ_26 
>>/
>IRQ_32)
>>398                       b         __irq_svc        @  3  (SVC_26 
>>/
>SVC_32)
>>...
>>877      __irq_svc:       sub       sp, sp, #S_FRAME_SIZE
>>878                       stmia     sp, {r0 - r12}   @ save r0 - 
>>r12
>>879                       mov       r6, lr
>>880                       mov       fp, #0
>>881                       ldr       r7, [pc, #LCirq - . - 8]
>>882                       ldmia     r7, {r7 - r9}
>>883                       add       r5, sp, #S_FRAME_SIZE
>>884                       add       r4, sp, #S_SP
>>885                       stmia     r4, {r5, r6, r7, r8, r9}
>@ save sp_SVC, lr_SVC, pc, cpsr, old_ro
>>                          <****** AFTER 'stmia', 0x1edd44('board') 
>>HAS
>BEEN OVERLAPPED BY 'r9'
>>=================================================================================

>
>>
>>
>>===== ixj.s2
>====================================================================
>>              .align     2
>>.stabs "ixj_read_frame:f(0,20)",36,0,3136,ixj_read_frame
>>.stabs "board:p(0,1)",160,0,3135,28
>>              .type      ixj_read_frame,function
>>ixj_read_frame:
>>              .stabn 68,0,3136,.LM2531-ixj_read_frame
>>.LM2531:
>>              @ args = 0, pretend = 0, frame = 32
>>              @ frame_needed = 0, current_function_anonymous_args = 
>>0
>>.LBB205:
>>              stmfd      sp!, {r4, r5, r6, r7, r8, r9, sl, fp, lr}
>>              .stabn 68,0,3138,.LM2532-ixj_read_frame
>>.LM2532:
>>              mov        r1, r0, asl #2
>>              add        r3, r1, r0
>>              add        r3, r3, r3, asl #5
>>              .stabn 68,0,3136,.LM2533-ixj_read_frame
>>.LM2533:
>>              sub        sp, sp, #32                 <****** RIGHT
>POSITION
>>              .stabn 68,0,3138,.LM2534-ixj_read_frame
>>.LM2534:
>>              add        r3, r0, r3, asl #1
>>              ldr        r2, .L1345
>>              .stabn 68,0,3136,.LM2535-ixj_read_frame
>>.LM2535:
>>              str        r0, [sp, #28]               <****** 
>>pushing data
>to stack
>>=================================================================================

>
>>
>>
>>
>>
>>CT Park,
>>
>>Best regards
>>
>
>
>_________________________________________________________________
>MSN Explorer가 있으면 Hotmail 사용이 훨씬 편리해 집니다. 지금
>http://explorer.msn.co.kr/ 에서 무료로 다운로드하세요.
>
>This message resent by the uclinux-dev at uclinux.org list server 
>http://www.uClinux.org/


_________________________________________________________________
MSN Explorer가 있으면 Hotmail 사용이 훨씬 편리해 집니다. 지금 
http://explorer.msn.co.kr/ 에서 무료로 다운로드하세요.

This message resent by the uclinux-dev at uclinux.org list server http://www.uClinux.org/



More information about the uClinux-dev mailing list