[0.000000:0] kmem_cache_create:size-64 set RedZone and Calluser [0.000000:0] kmem_cache_create:size-64 set Poiso N
[0.000000:0] kmem_cache_create:size-64 ralign, align 32
[0.000000:0] kmem_cache_create:size-64 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:ac name size-64, Cachep ee000080
[0.000000:0] kmem_cache_create:size-96 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-96 set Poison
[0.000000:0] kmem_cache_create:size-96 ralign, align 32
[0.000000:0] kmem_cache_create:size-96 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:l3 name size-96, Cachep ee000120
[0.000000:0] kmem_cache_create:size-32 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-32 set Poison
[0.000000:0] kmem_cache_create:size-32 ralign, align 32
[0.000000:0] kmem_cache_create:size-32 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-32, size 32
[0.000000:0] Kmem_cache_init:kmalloc name size-64, size 64
[0.000000:0] Kmem_cache_init:kmalloc name size-96, size 96
[0.000000:0] kmem_cache_create:size-128 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-128 set Poison
[0.000000:0] kmem_cache_create:size-128 ralign, align 32
[0.000000:0] kmem_cache_create:size-128 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-128, size 128
[0.000000:0] kmem_cache_create:size-192 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-192 set Poison
[0.000000:0] kmem_cache_create:size-192 ralign, align 32
[0.000000:0] kmem_cache_create:size-192 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-192, size 192
[0.000000:0] kmem_cache_create:size-256 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-256 set Poison
[0.000000:0] kmem_cache_create:size-256 ralign, align 32
[0.000000:0] kmem_cache_create:size-256 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-256, size 256
[0.000000:0] kmem_cache_create:size-512 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-512 set Poison
[0.000000:0] kmem_cache_create:size-512 ralign, align 32
[0.000000:0] kmem_cache_create:size-512 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-512, size 512
[0.000000:0] kmem_cache_create:size-1024 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-1024 set Poison
[0.000000:0] kmem_cache_create:size-1024 ralign, align 32
[0.000000:0] kmem_cache_create:size-1024 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-1024, size 1024
[0.000000:0] kmem_cache_create:size-2048 set RedZone and Calluser
[0.000000:0] kmem_cache_create:size-2048 set Poison
[0.000000:0] kmem_cache_create:size-2048 ralign, align 32
[0.000000:0] kmem_cache_create:size-2048 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-2048, size 2048
[0.000000:0] kmem_cache_create:size-4096 set Poison
[0.000000:0] kmem_cache_create:size-4096 ralign, align 32
[0.000000:0] kmem_cache_create:size-4096 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-4096, size 4096
[0.000000:0] kmem_cache_create:size-8192 set Poison
[0.000000:0] kmem_cache_create:size-8192 ralign, align 32
[0.000000:0] kmem_cache_create:size-8192 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-8192, size 8192
[0.000000:0] kmem_cache_create:size-16384 set Poison
[0.000000:0] kmem_cache_create:size-16384 ralign, align 32
[0.000000:0] kmem_cache_create:size-16384 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-16384, size 16384
[0.000000:0] kmem_cache_create:size-32768 set Poison
[0.000000:0] kmem_cache_create:size-32768 ralign, align 32
[0.000000:0] kmem_cache_create:size-32768 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-32768, size 32768
[0.000000:0] kmem_cache_create:size-65536 set Poison
[0.000000:0] kmem_cache_create:size-65536 ralign, align 32
[0.000000:0] kmem_cache_create:size-65536 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-65536, size 65536
[0.000000:0] kmem_cache_create:size-131072 set Poison
[0.000000:0] kmem_cache_create:size-131072 ralign, align 32
[0.000000:0] kmem_cache_create:size-131072 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-131072, size 131072
[0.000000:0] kmem_cache_create:size-262144 set Poison
[0.000000:0] kmem_cache_create:size-262144 ralign, align 32
[0.000000:0] kmem_cache_create:size-262144 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-262144, size 262144
[0.000000:0] kmem_cache_create:size-524288 set Poison
[0.000000:0] kmem_cache_create:size-524288 ralign, align 32
[0.000000:0] kmem_cache_create:size-524288 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-524288, size 524288
[0.000000:0] kmem_cache_create:size-1048576 set Poison
[0.000000:0] kmem_cache_create:size-1048576 ralign, align 32
[0.000000:0] kmem_cache_create:size-1048576 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-1048576, size 1048576
[0.000000:0] kmem_cache_create:size-2097152 set Poison
[0.000000:0] kmem_cache_create:size-2097152 ralign, align 32
[0.000000:0] kmem_cache_create:size-2097152 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-2097152, size 2097152
[0.000000:0] kmem_cache_create:size-4194304 set Poison
[0.000000:0] kmem_cache_create:size-4194304 ralign, align 32
[0.000000:0] kmem_cache_create:size-4194304 disable RedZone and Usercaller
[0.000000:0] Kmem_cache_init:kmalloc name size-4194304, size 4194304
The problem is in the input parameter align:arch_kmalloc_minalign[32 "Kmem_cache_create:
From the print log look at the problem, which is the input parameter align:arch_kmalloc_minalign[32]
if (Ralign < align) {
Ralign = align;
}
/* Disable debug if necessary current >8 so turn off * *
if (Ralign > __alignof__ (unsigned long long)) {
Flags &= ~ (Slab_red_zone | Slab_store_user);
Pr_err ("Kmem_cache_create:%s disable RedZone and usercaller\n", name);
}
How can you let it have ah. TRACE macro definition Arch_kmalloc_minalign: as follows:
/*
* Arch/arm/include/asm/cache.h
*/
#ifndef __asmarm_cache_h
#define __asmarm_cache_h
#define L1_cache_shift Config_arm_l1_cache_shift
#define L1_cache_bytes (1 << l1_cache_shift)
/*
* Memory returned by Kmalloc () May is used for DMA, so we must make
* Sure that all such allocations are cache aligned. Otherwise,
* Unrelated code may cause parts of the ' buffer to ' is read into the
* Cache before the transfer is done, causing old data to being seen by
* The CPU.
*/
#define Arch_dma_minalign L1_cache_bytes
Include/generated/autocong.h
#define CONFIG_ARM 1
#define CONFIG_ARM_L1_CACHE_SHIFT 5
Include/linux/slab.h
/*
* Some Archs want to perform DMA into kmalloc caches and need a guaranteed
* Alignment larger than the alignment of a 64-bit integer.
* Setting arch_kmalloc_minalign in the ARCH headers allows that.
*/
#ifdef arch_dma_minalign
#define Arch_kmalloc_minalign Arch_dma_minalign
#else
#define Arch_kmalloc_minalign __alignof__ (unsigned long Long)
#endif
Therefore, if the kmalloc distribution of red zone and other information, only do not define arch_dma_minalign can be.
using RedZone and Usercaller to analyze problems
The current problem is that struct dwc_otg_hcd_urb_t is released and then uses memory to cause problems and find out where to release them.
The Kmalloc memory for the crash dump now contains RedZone and Usercaller
From there we can see the function of manipulating memory.
The problem now is
crash> struct DWC_OTG_HCD_URB_T-O
typedef struct DWC_OTG_HCD_URB {
[0] void *priv;
[4] struct DWC_OTG_QTD *qtd;
[8] void *buf;
[[] dwc_dma_t DMA;
[[] void *setup_packet;
[dwc_dma_t] SETUP_DMA;
[uint32_t] length;
[uint32_t] actual_length;
[uint32_t] status;
[uint32_t] Error_count;
[uint32_t] Packet_count;
[uint32_t] flags;
[uint16_t] interval;
[struct] dwc_otg_hcd_pipe_info pipe_info;
[A] struct dwc_otg_hcd_iso_packet_desc iso_descs[];
} dwc_otg_hcd_urb_t;
size:56
You should use the size-64 Kmalloc cache:
And the known address is: r2:e63fdf48
Considering the RedZone, the address that it sees in kmem should be e63fdf40;
crash> Kmem-s size-64 | grep E63FDF
E63fdf40 (CPU 0 cache)
[E63fdf98]
The following is the function that frees this chunk of memory:
Crash> Rd E63fdf40 0x64
e63fdf40:9d74e35b 09f91102 6b6b6b6b 6b6b6b6b [. t.....kkkkkkkk
e63fdf50:6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b kkkkkkkkkkkkkkkk
e63fdf60:6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b kkkkkkkkkkkkkkkk
e63fdf70:6b6b6b6b 6b6b6b6b 6b6b6b6b 6b6b6b6b kkkkkkkkkkkkkkkk
e63fdf80:6b6b6b6b a56b6b6b 9d74e35b 09f91102 kkkkkkk. [. T .....
e63fdf90:00000000 c0311708
Crash> Dis-r c0311708
0xc03116f4 <__dwc_free>: mov R12, SP
0xc03116f8 <__dwc_free+4>: Push {R11, R12, LR, PC}
0XC03116FC <__dwc_free+8>: Sub R11, R12, #4
0xc0311700 <__dwc_free+12>: mov r0, r1
0xc0311704 <__dwc_free+16>: BL 0xc00ad90c <kfree>
0xc0311708 <__dwc_free+20>: LDM sp, {R11, SP, PC}
Here is the function: __dwc_free.
That's what we want to see.
The problem is the following for loop: if () is entered more than once, which means that it is released and then goes in: It is released again.
static void Complete_non_isoc_xfer_ddma (dwc_otg_hcd_t * HCD,
dwc_hc_t * HC,
dwc_otg_hc_regs_t * Hc_regs,
Dwc_otg_halt_status_e halt_status)
{
for (i = 0; i < qtd->n_desc; i++) {
Dma_desc = &qh->desc_list[n_desc];
N_bytes = qh->n_bytes[n_desc];
Failed =
UPDATE_NON_ISOC_URB_STATE_DDMA (HCD, HC, QTD,
Dma_desc,
Halt_status, N_bytes,
&xfer_done);
if (failed
|| (Xfer_done
&& (Urb->status!=-dwc_e_in_progress))) {
Hcd->fops->complete (HCD, Urb->priv, URB,
Urb->status);
Dwc_otg_hcd_qtd_remove_and_free (HCD, Qtd, QH);
}
}
}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
