partitioning bug

Abraham vd Merwe abraham at 2d3d.co.za
Fri Jun 8 06:04:38 EDT 2001 

Hi!

Damn, this is embarrassing. I just can't nail this one.

I've written a chip driver which works great until I use partitioning
support. If I do that, and I do a MEMGETINFO ioctl() on the first partition
(/dev/mtd0) I get the following fault as soon as I try and access the
returned mtd_info_user structure:

------------< snip <------< snip <------< snip <------------
root at tinystor:~# ./debug info
MTD_open
MTD_ioctl
MTD_ioctl
mtd.type = MTMTD_close
D_NORFLASInternal error: branch through zero: 0
CPU: 0
pc : [<00000004>]    lr : [<020011c8>]
sp : bffffdfc  ip : c9673f44  fp : c9673f40
r10: 400fed50  r9 : 00000006  r8 : c95700e0
r7 : 00000000  r6 : c06a90e0  r5 : c011bd40  r4 : c807c960
r3 : ca008378  r2 : 00000001  r1 : c00d4838  r0 : ca008378
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  Segment user
Control: C966D17F  Table: C966D17F  DAC: 00000015
Process debug (pid: 109, stackpage=c9673000)
Code: bad PC value.
Stack:
c9673f20:          020011c8 00000004 a0000013  ca008378 c9673f54 c9673f44
ca0022e8
c9673f40: ca005398 c9762600 c9673f78 c9673f58  c0040894 ca0022c0 c9762600
00000000
c9673f60: c07e71e0 00000000 c0012804 c9673f94  c9673f7c c003f748 c0040820
c07e71e0
c9673f80: c9762600 20000010 c9673fac c9673f98  c003f7e0 c003f6d4 00000002
bffffe5c
c9673fa0: 00000000 c9673fb0 c0012680 c003f760  00000002 c0012ec0 00000003
020015fd
c9673fc0: 00000000 00000000 00000002 bffffe5c  00000003 00000000 00000001
400fe248
c9673fe0: 400fed50 bffffe1c 400aba80 bffffdfc  020011c8 400aba84 20000010
00000003
Backtrace:
Function entered at [<ca00538c>] from [<ca0022e8>]
Function entered at [<ca0022b4>] from [<c0040894>]
 r4 = C9762600
Function entered at [<c0040814>] from [<c003f748>]
 r8 = C0012804  r7 = 00000000  r6 = C07E71E0  r5 = 00000000
 r4 = C9762600
Function entered at [<c003f6c8>] from [<c003f7e0>]
 r6 = 20000010  r5 = C9762600  r4 = C07E71E0
Function entered at [<c003f754>] from [<c0012680>]
 r5 = BFFFFE5C  r4 = 00000002
H
mtd.flags = MTD_CAP_NORFLASH
mtd.size = 131072 (128K)
mtd.erasesize = 16384 (16K)
mtd.oobblock = 0
mtd.oobsize = 0
mtd.ecctype = MTD_ECC_NONE
Segmentation fault
root at tinystor:~#
------------< snip <------< snip <------< snip <------------

I'm attaching the source for the program that caused this.

My debugging info during initialization shows the partitions is initialized
fine:

------------< snip <------< snip <------< snip <------------
Creating 3 MTD partitions on "lart":
0x00000000-0x00020000 : "blob"
slave->mtd.size = 0x00020000 (128K)
slave->mtd.erasesize = 0x00004000 (16K)
slave->mtd.numeraseregions = 0
mtd: Giving out device 0 to blob
0x00020000-0x00100000 : "kernel"
slave->mtd.size = 0x000e0000 (896K)
slave->mtd.erasesize = 0x00020000 (128K)
slave->mtd.numeraseregions = 0
mtd: Giving out device 1 to kernel
0x00100000-0x00400000 : "initial ramdisk"
slave->mtd.size = 0x00300000 (3072K)
slave->mtd.erasesize = 0x00020000 (128K)
slave->mtd.numeraseregions = 0
mtd: Giving out device 2 to initial ramdisk
------------< snip <------< snip <------< snip <------------

So what I don't get is why it crashes. I mean, all that happens during that
ioctl() is the mtd_info structure gets sent to the user process - no magic
there that can cause the process to crash.

any ideas?

-- 

Regards
 Abraham

Fraud is the homage that force pays to reason.
		-- Charles Curtis, "A Commonplace Book"

__________________________________________________________
 Abraham vd Merwe - 2d3D, Inc.

 Device Driver Development, Outsourcing, Embedded Systems

  Cell: +27 82 565 4451         Snailmail:
   Tel: +27 21 761 7549            Block C, Antree Park
   Fax: +27 21 761 7648            Doncaster Road
 Email: abraham at 2d3d.co.za         Kenilworth, 7700
  Http: http://www.2d3d.com        South Africa

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mtd_debug.tar.gz
Type: application/octet-stream
Size: 8927 bytes
Desc: not available
Url : http://lists.infradead.org/pipermail/linux-mtd/attachments/20010608/14ab9a8c/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.infradead.org/pipermail/linux-mtd/attachments/20010608/14ab9a8c/attachment.bin

More information about the linux-mtd mailing list