We are using FPGA cards with PCI express drivers to move data around with DMA engines. This all works fine for a single card in a machine, however with two cards it fails. As an initial investigation, I have narrowed an error down to the add_timer function that is used to set up the polling mechanism. When insmod adds the driver modules, a stack trace is produced as the poll_timer routine is the same for both instances. The code has been reduced to
static int dat_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
struct timer_list * timer = &poll_timer;
int i;
/* Start polling routine */
log_normal(KERN_INFO "DEBUG ADD TIMER: Starting poll routine with %x\n", pdev);
init_timer(timer);
// random number added so that expires value is different for both instances of timer
get_random_bytes(&i, 1);
timer->expires=jiffies+HZ+i;
timer->data=(unsigned long) pdev;
timer->function = poll_routine;
log_verbose("DEBUG ADD TIMER: Timer expires %x\n", timer->expires);
log_verbose("DEBUG ADD TIMER: Timer data %x\n", timer->data);
log_verbose("DEBUG ADD TIMER: Timer function %x\n", timer->function);
// ***** THIS IS WHERE STACK TRACE OCCURS (WHEN CALLED FOR SECOND TIME)
add_timer(timer);
log_verbose("DEBUG ADD TIMER: Value of HZ is %d\n", HZ);
log_verbose("DEBUG ADD TIMER: End of probe\n");
return 0;
}
the stack trace produces
list_add corruption. prev->next should be next (ffffffff81f76228), but was (null). (prev=ffffffffa050a3c0).
and
list_add double add: new=ffffffffa050a3c0, prev=ffffffffa050a3c0, next=ffffffff81f76228.
Looking at the printk statements, it is clear that the add_timer is trying to add the same routine to the linked list. Is this correct?
DEBUG ADD TIMER: Timer expires fffd9cd3
DEBUG ADD TIMER: Timer data 6c0ac000
DEBUG ADD TIMER: Timer function **a0508150**
DEBUG ADD TIMER: Value of HZ is 1000
DEBUG ADD TIMER: End of probe
DEBUG ADD TIMER: Starting poll routine with 6c0ad000
DEBUG ADD TIMER: Timer expires fffd9c7d
DEBUG ADD TIMER: Timer data 6c0ad000
DEBUG ADD TIMER: Timer function **a0508150**
So my question(s) is(are), how should I configure the timer for multiple instantations of the same driver? (Assuming that is what is happening when multiple boards are inserted into the machine).
full stack trace
DEBUG ADD TIMER: Inserting driver into kernel.
DEBUG ADD TIMER: Starting poll routine with 6c0ac000
DEBUG ADD TIMER: Timer expires fffd9cd3
DEBUG ADD TIMER: Timer data 6c0ac000
DEBUG ADD TIMER: Timer function a0508150
DEBUG ADD TIMER: Value of HZ is 1000
DEBUG ADD TIMER: End of probe
DEBUG ADD TIMER: Starting poll routine with 6c0ad000
DEBUG ADD TIMER: Timer expires fffd9c7d
DEBUG ADD TIMER: Timer data 6c0ad000
DEBUG ADD TIMER: Timer function a0508150
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2201 at lib/list_debug.c:33 __list_add+0xa0/0xd0()
list_add corruption. prev->next should be next (ffffffff81f76228), but was (null). (prev=ffffffffa050a3c0).
Modules linked in: xdma_v7(POE+) xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_controller crc32c_intel eeepc_wmi ghash_clmulni_intel asus_wmi ftdi_sio iTCO_wdt snd_hda_codec sparse_keymap raid0 iTCO_vendor_support
snd_hda_core rfkill sb_edac ipmi_ssif video mxm_wmi edac_core snd_hwdep mei_me snd_seq snd_seq_device ipmi_msghandler snd_pcm mei acpi_pad tpm_infineon lpc_ich mfd_core snd_timer tpm_tis shpchp tpm snd soundcore i2c_i801 wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc ast drm_kms_helper ttm drm igb serio_raw ptp pps_core dca i2c_algo_bit
CPU: 0 PID: 2201 Comm: insmod Tainted: P OE 4.1.8-100.fc21.x86_64 #1
Hardware name: ASUSTeK COMPUTER INC. Z10PE-D8 WS/Z10PE-D8 WS, BIOS 1001 03/17/2015
0000000000000000 00000000ec73155d ffff880457123928 ffffffff81792065
0000000000000000 ffff880457123980 ffff880457123968 ffffffff810a163a
0000000000000246 ffffffffa050a3c0 ffffffff81f76228 ffffffffa050a3c0
Call Trace:
[<ffffffff81792065>] dump_stack+0x45/0x57
[<ffffffff810a163a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff810a16c5>] warn_slowpath_fmt+0x55/0x70
[<ffffffff810f8250>] ? vprintk_emit+0x3b0/0x560
[<ffffffff813c7c30>] __list_add+0xa0/0xd0
[<ffffffff81108412>] __internal_add_timer+0xb2/0x130
[<ffffffff811084bf>] internal_add_timer+0x2f/0xb0
[<ffffffff8110a1ca>] mod_timer+0x12a/0x210
[<ffffffff8110a2c8>] add_timer+0x18/0x30
[<ffffffffa050810f>] dat_probe+0xbf/0x100 [xdma_v7]
[<ffffffff813f6da5>] local_pci_probe+0x45/0xa0
[<ffffffff812a8da2>] ? sysfs_do_create_link_sd.isra.2+0x72/0xc0
[<ffffffff813f8109>] pci_device_probe+0xf9/0x150
[<ffffffff814e7e59>] driver_probe_device+0x209/0x4b0
[<ffffffff814e81db>] __driver_attach+0x9b/0xa0
[<ffffffff814e8140>] ? __device_attach+0x40/0x40
[<ffffffff814e5973>] bus_for_each_dev+0x73/0xc0
[<ffffffff814e772e>] driver_attach+0x1e/0x20
[<ffffffff814e72e0>] bus_add_driver+0x180/0x250
[<ffffffffa000a000>] ? 0xffffffffa000a000
[<ffffffff814e89d4>] driver_register+0x64/0xf0
[<ffffffff813f662c>] __pci_register_driver+0x4c/0x50
[<ffffffffa000a02c>] dat_init+0x2c/0x1000 [xdma_v7]
[<ffffffff81002148>] do_one_initcall+0xd8/0x210
[<ffffffff812094f9>] ? kmem_cache_alloc_trace+0x1a9/0x230
[<ffffffff817911bc>] ? do_init_module+0x28/0x1cc
[<ffffffff817911f5>] do_init_module+0x61/0x1cc
[<ffffffff811270bb>] load_module+0x20db/0x2550
[<ffffffff81122990>] ? store_uevent+0x70/0x70
[<ffffffff8122e860>] ? kernel_read+0x50/0x80
[<ffffffff81127766>] SyS_finit_module+0xa6/0xe0
[<ffffffff8179892e>] system_call_fastpath+0x12/0x71
---[ end trace 340e5d7ba2d89081 ]---
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2201 at lib/list_debug.c:36 __list_add+0xcb/0xd0()
list_add double add: new=ffffffffa050a3c0, prev=ffffffffa050a3c0, next=ffffffff81f76228.
Modules linked in: xdma_v7(POE+) xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netbios_ns nf_conntrack_broadcast ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_controller crc32c_intel eeepc_wmi ghash_clmulni_intel asus_wmi ftdi_sio iTCO_wdt snd_hda_codec sparse_keymap raid0 iTCO_vendor_support
snd_hda_core rfkill sb_edac ipmi_ssif video mxm_wmi edac_core snd_hwdep mei_me snd_seq snd_seq_device ipmi_msghandler snd_pcm mei acpi_pad tpm_infineon lpc_ich mfd_core snd_timer tpm_tis shpchp tpm snd soundcore i2c_i801 wmi nfsd auth_rpcgss nfs_acl lockd grace sunrpc ast drm_kms_helper ttm drm igb serio_raw ptp pps_core dca i2c_algo_bit
CPU: 0 PID: 2201 Comm: insmod Tainted: P W OE 4.1.8-100.fc21.x86_64 #1
Hardware name: ASUSTeK COMPUTER INC. Z10PE-D8 WS/Z10PE-D8 WS, BIOS 1001 03/17/2015
0000000000000000 00000000ec73155d ffff880457123928 ffffffff81792065
0000000000000000 ffff880457123980 ffff880457123968 ffffffff810a163a
0000000000000246 ffffffffa050a3c0 ffffffff81f76228 ffffffffa050a3c0
Call Trace:
[<ffffffff81792065>] dump_stack+0x45/0x57
[<ffffffff810a163a>] warn_slowpath_common+0x8a/0xc0
[<ffffffff810a16c5>] warn_slowpath_fmt+0x55/0x70
[<ffffffff810f8250>] ? vprintk_emit+0x3b0/0x560
[<ffffffff813c7c5b>] __list_add+0xcb/0xd0
[<ffffffff81108412>] __internal_add_timer+0xb2/0x130
[<ffffffff811084bf>] internal_add_timer+0x2f/0xb0
[<ffffffff8110a1ca>] mod_timer+0x12a/0x210
[<ffffffff8110a2c8>] add_timer+0x18/0x30
[<ffffffffa050810f>] dat_probe+0xbf/0x100 [xdma_v7]
[<ffffffff813f6da5>] local_pci_probe+0x45/0xa0
[<ffffffff812a8da2>] ? sysfs_do_create_link_sd.isra.2+0x72/0xc0
[<ffffffff813f8109>] pci_device_probe+0xf9/0x150
[<ffffffff814e7e59>] driver_probe_device+0x209/0x4b0
[<ffffffff814e81db>] __driver_attach+0x9b/0xa0
[<ffffffff814e8140>] ? __device_attach+0x40/0x40
[<ffffffff814e5973>] bus_for_each_dev+0x73/0xc0
[<ffffffff814e772e>] driver_attach+0x1e/0x20
[<ffffffff814e72e0>] bus_add_driver+0x180/0x250
[<ffffffffa000a000>] ? 0xffffffffa000a000
[<ffffffff814e89d4>] driver_register+0x64/0xf0
[<ffffffff813f662c>] __pci_register_driver+0x4c/0x50
[<ffffffffa000a02c>] dat_init+0x2c/0x1000 [xdma_v7]
[<ffffffff81002148>] do_one_initcall+0xd8/0x210
[<ffffffff812094f9>] ? kmem_cache_alloc_trace+0x1a9/0x230
[<ffffffff817911bc>] ? do_init_module+0x28/0x1cc
[<ffffffff817911f5>] do_init_module+0x61/0x1cc
[<ffffffff811270bb>] load_module+0x20db/0x2550
[<ffffffff81122990>] ? store_uevent+0x70/0x70
[<ffffffff8122e860>] ? kernel_read+0x50/0x80
[<ffffffff81127766>] SyS_finit_module+0xa6/0xe0
[<ffffffff8179892e>] system_call_fastpath+0x12/0x71
---[ end trace 340e5d7ba2d89082 ]---
DEBUG ADD TIMER: Value of HZ is 1000
DEBUG ADD TIMER: End of probe
The problem is that the second call to dat_probe is clobbering the poll_timer variable that was initialized and queued by the first call to dat_probe. You are clobbering the pointers in the kernel's timer list.
You need to get rid of the poll_timer variable and give each device its own dynamically allocated private data structure containing its own struct timer_list member. Call pci_set_drvdata to set the private data pointer for the PCI device. The other PCI driver functions can call pci_get_drvdata to retrieve that pointer.
Related
I use uio generic driver with HW composed of PCIe device (FPGA) connected to Intel ATOM cpu.
But, on testing, although interrupt is seen in the driver, it is not delivered to userspace.
These are the steps I'm doing:
echo "10ee 0007" > /sys/bus/pci/drivers/uio_pci_generic/new_id
I use userspace application which wait for interrupt, just as described in code example here.
I than trigger an interrupt from FPGA, but no print from the userspace application is given and there is an exception:
irq 23: nobody cared (try booting with the "irqpoll" option)
[ 91.030760] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.18.16 #6
[ 91.037037] Hardware name: /conga-MA5, BIOS MA50R000 10/30/2019
[ 91.043302] Call Trace:
[ 91.045881] <IRQ>
[ 91.048002] dump_stack+0x5c/0x80
[ 91.051464] __report_bad_irq+0x35/0xaf
[ 91.055465] note_interrupt.cold.9+0xa/0x63
[ 91.059823] handle_irq_event_percpu+0x68/0x70
[ 91.064470] handle_irq_event+0x37/0x57
[ 91.068481] handle_fasteoi_irq+0x97/0x150
...
[ 91.176043] handlers:
[ 91.178419] [<00000000ec05b056>] uio_interrupt
[ 91.183054] Disabling IRQ #23
I started debugging the uio driver, and I see that interrupt handler is called, but not handled:
static irqreturn_t irqhandler(int irq, struct uio_info *info)
{
struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);
printk("here 1\n"); <<--- we get here interrupt is catched here
if (!pci_check_and_mask_intx(gdev->pdev))
return IRQ_NONE;
printk("here 2\n"); <<--- But we never get here
/* UIO core will signal the user process. */
return IRQ_HANDLED;
}
It seems that pci_check_and_mask_intx() does not detect it as an interrupt from our device!
The device appear as following:
02:00.0 RAM memory: Xilinx Corporation Default PCIe endpoint ID
Subsystem: Xilinx Corporation Default PCIe endpoint ID
Control: I/O- Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Interrupt: pin A routed to IRQ 23
Region 0: Memory at 91200000 (32-bit, non-prefetchable) [size=1M]
Capabilities: [40] Power Management version 3
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst+ PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
Address: 0000000000000000 Data: 0000
Capabilities: [58] Express (v1) Endpoint, MSI 00
DevCap: MaxPayload 256 bytes, PhantFunc 1, Latency L0s <64ns, L1 <1us
ExtTag+ AttnBtn- AttnInd- PwrInd- RBE+ FLReset- SlotPowerLimit 10.000W
DevCtl: Report errors: Correctable- Non-Fatal- Fatal- Unsupported-
RlxdOrd+ ExtTag+ PhantFunc- AuxPwr- NoSnoop+
MaxPayload 256 bytes, MaxReadReq 512 bytes
DevSta: CorrErr- UncorrErr- FatalErr- UnsuppReq- AuxPwr- TransPend-
LnkCap: Port #0, Speed 2.5GT/s, Width x1, ASPM L0s, Exit Latency L0s unlimited
ClockPM- Surprise- LLActRep- BwNot- ASPMOptComp-
LnkCtl: ASPM Disabled; RCB 64 bytes Disabled- CommClk+
ExtSynch- ClockPM- AutWidDis- BWInt- AutBWInt-
LnkSta: Speed 2.5GT/s, Width x1, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
Capabilities: [100 v1] Device Serial Number 00-00-00-00-00-00-00-00
Kernel driver in use: uio_pci_generic
Is it an issue of FPGA device ? or does UIO generic PCI does not support interrupts ?
Eventually after commenting the following lines for irqhandler,
I am able to receive interrupts from FPGA
static irqreturn_t irqhandler(int irq, struct uio_info *info)
{
struct uio_pci_generic_dev *gdev = to_uio_pci_generic_dev(info);
- if (!pci_check_and_mask_intx(gdev->pdev))
- return IRQ_NONE;
/* UIO core will signal the user process. */
return IRQ_HANDLED;
}
Yet, obviously it is still a workaround, and we need later to investigate why FPGA does not deliver bit status change in status register in configuration space of PCIe together with the irq.
I seem to be having a strange issue. Using Sim808 modem, I am periodically sending SMS out.
With my AT+CMGS command, I get an OK and that the SMS was sent to the operator, but it never reaches the destination. Using the same SIM card in a phone, I am able to send SMS just fine.
This is my sms command response
>AT+CMGS="+919577634145",145
> Keedaaaa
0
0
(16/1/18 10:27:2)
60% 3884mv
4184
24.31C
(16/1/18 10:25:20)
64% 3917mv
4189
24.48C
+CMGS: 186
OK
And these are my modem initialization steps
[0:1:19] External_sim808 - Connecting to network...
RDY
+CFUN: 1
+CPIN: READY
*PSUTTZ: 2018,1,16,4,54,49,"+22",0
DST: 0
+CIEV: 10,"40445","airtel","AIRTEL", 0, 0
>AT+IPR=9600
OK
uart flag = 0x1
>ATE0
OK
uart flag = 0x1
>AT
OK
uart flag = 0x1
>AT+CLTS?
+CLTS: 1
OK
uart flag = 0x1
>AT+CMEE=1
OK
uart flag = 0x1
>AT+CMGF=1
OK
uart flag = 0x1
Call Ready
SMS Ready
>AT+CPMS="ME","ME","ME"
+CPMS: 0,50,0,50,0,50
OK
uart flag = 0x1
>AT+CMGDA="DEL ALL"
OK
uart flag = 0x1
>AT+CSQ
+CSQ: 28,0
OK
uart flag = 0x1
>AT+COPS=0
OK
uart flag = 0x1
>AT+CREG?
+CREG: 0,5
OK
uart flag = 0x1
[0:1:58] External_sim808 - network registration ok
Weird thing is, this only seem to happen on some service provider networks. On some others, the SMS go out just fine.
I have checked and ensured that the module has the right SMSC number.
Is there any other setting that I need to do? Or execute any other command to atleast help me in figuring out what could be happening here?
Is there some mechanism in Linux which is poisoning addresses by zeroing upper 16 bits?
I am debugging a kernel crash on an Intel x86-64 machine. The instruction which is causing the crash tries to access an address of 0x880139f3da00:
crash> bt
R10: 0000000000000001 R11: 0000000000000001 R12: 0000880139f3da00
~~~~~~~~~~~~~~~~~~~~~
crash> p arp_tbl.nht->hash_buckets[255]
$66 = (struct neighbour *) 0x880139f3da00
crash> p *arp_tbl.nht->hash_buckets[255]
Cannot access memory at address 0x880139f3da00
The hash_buckets table is valid:
crash> p arp_tbl.nht->hash_buckets[253]
$70 = (struct neighbour *) 0xffff88007325ae00
$71 = {
next = 0x0,
tbl = 0xffffffff81abbf20 <arp_tbl>,
Setting upper word to 0xffff makes the address valid and returns a valid data structure:
crash> p *((struct neighbour *)0xffff880139f3da00)
$73 = {
next = 0xffff88006de69a00,
tbl = 0xffffffff81abbf20 <arp_tbl>,
... rest looks reasonable too ...
Structure is updated by RCU operations (e.g. very likely by these in neigh_flush_dev()). So, what could be the reason that the address becomes invalid in such a way?
I can exclude hardware defects (seen on two machines and with different addresses). Systems are running CentOS 7 with kernel 3.10.0-514.6.1.el7.centos.plus.x86_64 till 3.10.0-514.21.2.el7.centos.plus.x86_64.
Update
From another crash dump, I see an skb of an IPv6 packet with
crash> p *((struct sk_buff *)0xffff880070e25e00)
$57 = {
transport_header = 54,
network_header = 14,
mac_header = 0,
...
head = 0xffff880138e28000 "",
data = 0xffff880138e2800e "`",
...
}
This crashes when writing the first 0x8 bytes in
#define HH_DATA_MOD 16
static inline int neigh_hh_output(const struct hh_cache *hh, struct sk_buff *skb)
{
if (likely(hh_len <= HH_DATA_MOD)) {
memcpy(skb->data - HH_DATA_MOD, hh->hh_data, HH_DATA_MOD); <<<<<
This would explain why two bytes are overridden (16 - 14).
can you inspect the memory location this address was read from? typically such a "partial zero" read is a result of memset being run on the area. after this cpu triggered a crash there was possibly enough time for whoever else was modifying the area to finish zeroing and possibly even fill it with other data.
so far there is no reason to suspect rcu plays any role here
this is most definitely not "poisoning" done by the kernel (it would be quite weird to do it in this way). however, if the crash is reproducible (you say it occurred on at least 2 different machines?) then running a debug kernel may be of help, especially with slab debug enabled.
I have two programs, one is custom bootloader which will be located in BANK A and the other one is the main program which will be located in external spifi flash.
Both programs I load and debug from eclipse.
Currently I can jump from the bootloader to the main program, I can start debug with jtag from the reset handler in the main program but sometimes is continues to main and sometimes it breaks after the first step.
From the bootloader I do the following for jumping to main program:
halInit(); // init my hal functions
chSysInit(); // init my OS
chThdSleepMilliseconds(1000);
flashInit(); // init the spifi driver
uint32_t NewAddressOfNewVectorTable = 0x14000000;
__disable_irq();
/** Load new Vector Table **/
SCB->VTOR = AddressOfNewVectorTable;
__set_MSP(*(uint32_t*)(AddressOfNewVectorTable));
LPC_CREG->M4MEMMAP = AddressOfNewVectorTable;
/**
* Jump to Reset Vector of new Vector Table
* -> thats the second word (hence fourth byte).
*/
((user_code_pointer_t)(*((uint32_t*)(AddressOfNewVectorTable + 4))))();
This seems to work alright and it jumps to the 0x14000000 address.
Then when I start to debug with JTAG the app, it will come first in the reset handler.
I firstly had to disable __early_init() for the main app which configures the clocks, this would make all crash.
Is this correct?
Then sometimes I can step through all into the main() function.
But also regularly it crashes after doing the first step with JTAG with the following output:
SEGGER J-Link GDB Server V5.02l Command Line Version
JLinkARM.dll V5.02l (DLL compiled Nov 24 2015 09:36:30)
-----GDB Server start settings-----
GDBInit file: none
GDB Server Listening port: 2331
SWO raw output listening port: 2332
Terminal I/O port: 2333
Accept remote connection: localhost only
Generate logfile: off
Verify download: on
Init regs on start: on
Silent mode: off
Single run mode: on
Target connection timeout: 0 ms
------J-Link related settings------
J-Link Host interface: USB
J-Link script: none
J-Link settings file: none
------Target related settings------
Target device: LPC4357_M4
Target interface: SWD
Target interface speed: 1000kHz
Target endian: little
Connecting to J-Link...
J-Link is connected.
Firmware: J-Link V9 compiled Oct 9 2015 20:34:47
Hardware: V9.30
S/N: 269301849
OEM: SEGGER-EDU
Feature(s): FlashBP, GDB
Checking target voltage...
Target voltage: 3.31 V
Listening on TCP/IP port 2331
Connecting to target...Connected to target
Waiting for GDB connection...Connected to 127.0.0.1
Reading all registers
WARNING: Failed to read memory # address 0x00000000
Target interface speed set to 1000 kHz
Resetting target
Halting target CPU...
...Target halted (PC = 0x1A000140)
R0 = 1A000000, R1 = 1A000000, R2 = 400F1FC0, R3 = 12345678
R4 = 40045000, R5 = 1008000C, R6 = 00000000, R7 = 00000000
R8 = 00000000, R9 = 00000000, R10= 00000000, R11= 00000000
R12= 00000000, R13= 10000200, MSP= 10000200, PSP= 00000000
R14(LR) = 10405B25, R15(PC) = 1A000140
XPSR 41000000, APSR 40000000, EPSR 01000000, IPSR 00000000
CFBP 00000000, CONTROL 00, FAULTMASK 00, BASEPRI 00, PRIMASK 00
Reading all registers
Select auto target interface speed (2000 kHz)
Flash breakpoints enabled
Semi-hosting enabled (Handle on BKPT)
Semihosting I/O set to TELNET Client
SWO disabled succesfully.
SWO enabled succesfully.
Downloading 276 bytes # address 0x14000000 - Verified OK
Downloading 16192 bytes # address 0x14000120 - Verified OK
Downloading 16080 bytes # address 0x14004060 - Verified OK
Downloading 16176 bytes # address 0x14007F30 - Verified OK
Downloading 16064 bytes # address 0x1400BE60 - Verified OK
Downloading 16096 bytes # address 0x1400FD20 - Verified OK
Downloading 16096 bytes # address 0x14013C00 - Verified OK
Downloading 16112 bytes # address 0x14017AE0 - Verified OK
Downloading 8492 bytes # address 0x1401B9D0 - Verified OK
Downloading 8 bytes # address 0x1401DAFC - Verified OK
Downloading 2308 bytes # address 0x1401DB08 - Verified OK
Comparing flash [....................] Done.
Verifying flash [....................] Done.
Writing register (PC = 0x14000120)
Read 4 bytes # address 0x14000120 (Data = 0x4100F081)
Read 2 bytes # address 0x14015764 (Data = 0x2300)
Read 2 bytes # address 0x140157C8 (Data = 0x2300)
Read 2 bytes # address 0x140166D8 (Data = 0x2300)
Read 2 bytes # address 0x140166DC (Data = 0x4818)
Read 2 bytes # address 0x14001370 (Data = 0xB672)
Read 2 bytes # address 0x140013E8 (Data = 0xF015)
Read 2 bytes # address 0x140166D8 (Data = 0x2300)
Read 2 bytes # address 0x1401670E (Data = 0xAB03)
Read 2 bytes # address 0x14001370 (Data = 0xB672)
Read 2 bytes # address 0x14001370 (Data = 0xB672)
Read 2 bytes # address 0x14016764 (Data = 0xF7EC)
Read 2 bytes # address 0x14016764 (Data = 0xF7EC)
Read 2 bytes # address 0x14001370 (Data = 0xB672)
Read 2 bytes # address 0x140013D4 (Data = 0xF7FF)
Read 2 bytes # address 0x14015764 (Data = 0x2300)
Read 2 bytes # address 0x140157BA (Data = 0x4850)
Read 2 bytes # address 0x1400ACB8 (Data = 0x4806)
Read 2 bytes # address 0x1400ACBA (Data = 0x4907)
Read 2 bytes # address 0x1400ACC4 (Data = 0x4B05)
Resetting target
Halting target CPU...
...Target halted (PC = 0x1A000140)
Read 2 bytes # address 0x14016764 (Data = 0xF7EC)
Read 2 bytes # address 0x14016764 (Data = 0xF7EC)
Read 2 bytes # address 0x14016764 (Data = 0xF7EC)
R0 = 1A000000, R1 = 1A000000, R2 = 400F1FC0, R3 = 12345678
R4 = 40045000, R5 = 1008000C, R6 = 00000000, R7 = 00000000
R8 = 00000000, R9 = 00000000, R10= 00000000, R11= 00000000
R12= 00000000, R13= 10000200, MSP= 10000200, PSP= 00000000
R14(LR) = 10405B25, R15(PC) = 1A000140
XPSR 41000000, APSR 40000000, EPSR 01000000, IPSR 00000000
CFBP 00000000, CONTROL 00, FAULTMASK 00, BASEPRI 00, PRIMASK 00
Reading all registers
Read 4 bytes # address 0x1A000140 (Data = 0x4C24B672)
Setting breakpoint # address 0x14001370, Size = 2, BPHandle = 0x0001
Setting breakpoint # address 0x140013D4, Size = 2, BPHandle = 0x0002
Setting breakpoint # address 0x140013E8, Size = 2, BPHandle = 0x0003
Setting breakpoint # address 0x1400ACC4, Size = 2, BPHandle = 0x0004
Setting breakpoint # address 0x140166DC, Size = 2, BPHandle = 0x0005
Setting breakpoint # address 0x1401670E, Size = 2, BPHandle = 0x0006
Setting breakpoint # address 0x14016764, Size = 2, BPHandle = 0x0007
Starting target CPU...
Erasing flash [....................] Done.
Programming flash [....................] Done.
Verifying flash [....................] Done.
...Breakpoint reached # address 0x14001370
Reading all registers
Removing breakpoint # address 0x14001370, Size = 2
Removing breakpoint # address 0x140013D4, Size = 2
Removing breakpoint # address 0x140013E8, Size = 2
Removing breakpoint # address 0x1400ACC4, Size = 2
Removing breakpoint # address 0x140166DC, Size = 2
Removing breakpoint # address 0x1401670E, Size = 2
Removing breakpoint # address 0x14016764, Size = 2
Read 4 bytes # address 0x14001370 (Data = 0x4C23B672)
Read 4 bytes # address 0x1A0025B4 (Data = 0xF8D39B03)
Read 4 bytes # address 0x1A0025B4 (Data = 0xF8D39B03)
Performing single step...
...Target halted (PC = 0xFFFFFFFE)
Reading all registers
WARNING: Failed to read memory # address 0xFFFFFFFE
Read 4 bytes # address 0x1000041C (Data = 0x00000000)
Reading 64 bytes # address 0x10000400
Read 4 bytes # address 0x00000000 (Data = 0x10000400)
Read 4 bytes # address 0x00000000 (Data = 0x10000400)
Am I missing something that is needed after the jump to external flash?
Or can anyone give me a pointer why this is not functioning properly all the time?
I have encountered a problem with a USB UDC linux driver. I'd like to connect our PXA320 based board to PC using g_ether and USB UDC.
Our board uses PXA320 with Linux-2.6.32 kernel.
I have enabled pxa27x UDC and g_ether on menuconfig and built kernel successfully.
But after I run "ifup usb0" and plug in the USB cable, PC detects the USB device (since D+ pull-up resistor is enabled) and sends "GET DESCRIPTOR" to the device. But the USB device(our board) does NOT respond.
I dumped some register values and found that the UDCCR is 0x1 which means UDC is enabled but is inactive.
The following are the debug messages I got:
ifup usb0
+++ ether - init
++++ usb_composite_register
+++ usb_gadget_register_driver
+++ dplus_pullup, on = 1
++++ composite_bind
+++ pxa_ep_alloc_request
--- pxa_ep_alloc_request
+++ eth_bind
g_ether gadget: using random self ethernet address
g_ether gadget: using random host ethernet address
usb0: MAC d6:81:e9:fa:0c:66
usb0: HOST MAC 7a:58:58:9a:bb:be
+++ eth_bind - CDC Subset/SAFE
+++ eth_bind - RNDIS plus ECM-or-Subset
+++ eth_bind - manufacturer = Linux 2.6.32.9 with pxa27x_udc
adding config #2 'RNDIS'/bf0059c0
adding 'rndis'/c7fcdf00 to config 'RNDIS'/bf0059c0
++++ composite_uevent
+++ usb_interface_id
--- usb_interface_id - id = 0
+++ usb_interface_id
--- usb_interface_id - id = 1
+++ pxa_ep_alloc_request
--- pxa_ep_alloc_request
adding config #1 'CDC Subset/SAFE'/bf00594c
+++ eth_do_config
adding 'cdc_subset'/c7fcdd80 to config 'CDC Subset/SAFE'/bf00594c
++++ composite_uevent
+++ usb_interface_id
--- usb_interface_id - id = 0
g_ether gadget: Ethernet Gadget, version: Memorial Day 2008
Memorial Day 2008, version:
g_ether gadget: g_ether ready
registered gadget driver 'g_ether'
+++ should_enable_udc
--- should_enable_udc, put_on = 1
+++ udc_enable
+++ udc_clear_mask_UDCCR - udccr = 0x0, mask = 0x1
--- udc_clear_mask_UDCCR - udccr = 0x0
clk_pxa3xx_cken_enable - clk->cken = 0x14
+++ ep0_idle
+++ set_ep0state
state=WAIT_FOR_SETUP->WAIT_FOR_SETUP, udccsr0=0x000, udcbcr=0
+++ udc_set_mask_UDCCR
+++ ep_write_UDCCSR
+++ pio_irq_enable, index = 0
--- udc_enable
UDCCR(0x0) = 0x1
UDCICR0(0x4) = 0x3
UDCICR1(0x8) = 0xb8000000
UDCISR0(0xc) = 0x0
UDCISR1(0x10) = 0x0
UDCFNR(0x14) = 0x0
UDCOTGICR(0x18) = 0x0
UP2OCR(0x20) = 0xa0
UP3OCR(0x24) = 0x0
(0x100) = 0x200
(0x200) = 0x0
(0x300) = 0x43881454
(0x400) = 0x0
ICPR = 0x0
ICPR2 = 0x0
ICIP = 0x0
ICIP2 = 0x0
ICFP = 0x0
ICFP2 = 0x0
ICMR = 0x6b24c08
ICMR2 = 0x2000
ICLR = 0x0
ICLR2 = 0x0
ICCR = 0x1
ACCR = 0x0000321f
ACSR = 0x3003321f
AICSR = 0x0
CKEN_A = 0xffbfffff
CKEN_B = 0xffffffff
From the debug message, I can see that UDC clock is enabled (CKEN_A bit20), UDC interrupt is enabled (ICMR bit11) nad UDC is enabled (UDCCR bit0). But UDC is inactive(UDCCR bit1).
I have verified hardware by running Windows CE OS on the board and I could connect to PC via activesync.
I compared UDC registers between CE OS and Linux OS. CE version shows UDCCR is 0x3 which means UDC is active.
I don't understand why UDC is inactive in Linux. That bit in UDCCR is read only.
Could anyone give me some hints on how to solve this issue?
Thanks in advance