FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MX6UL: imprecise external abort (0xc06) at 0x0003497c

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX6UL: imprecise external abort (0xc06) at 0x0003497c

‎10-30-2016 09:45 PM
3,181 Views
laizhefeng
Contributor II

Hi, guys,

We are going to develop a BOOT for our product(no UBOOT), then we encounter the problem below when kernel startup.

[    4.276223] Unhandled fault: imprecise external abort (0x1c06) at 0x0003497c
[    4.283284] pgd = 88510000
[    4.286001] [0003497c] *pgd=88519831, *pte=80aec75f, *ppte=80aecc7f
[    4.292791] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000007
[    4.292791]
[    4.301962] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000007
[    4.301962]

Out hardware platform is MX6UL, evk board 14x14, nandflash boot. Software is MX6UL-L4.1.15 with kernel 4.1.15, uboot 2015.04.

We try to boot the same kernel with the same ramdisk, dtb and command line by UBOOT, everything is fine, we can reach the console. Then we caculate the ramdisk image(boot with our BOOT) CRC in kernel, it shows that the ramdisk data is correct.

At the last, we found that add the code below into the UBOOT, the same error happened.

unsigned int *p = (unsigned int *)0x00F00000;

*p = 0xa5a5aa55;

Address 0x00F00000 is a reserved memory in MX6UL, but it did not report a data abort about the code above.

kernel report(the DFSR is 0xc06, different with the above one(0x1c06):

[    3.635183] Unhandled fault: imprecise external abort (0xc06) at 0x0003497c
[    3.642157] pgd = 88510000
[    3.644877] [0003497c] *pgd=88519831, *pte=80aec75f, *ppte=80aecc7f
[    3.651669] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000007
[    3.651669]
[    3.660842] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000007
[    3.660842]

It looks like the data abort in UBOOT was hold until the 'init' process start to run.

We try to run the above code in our BOOT, it did not report data abort neither.

So we now focus on our BOOT, to see if it writes to some reserved memory, but we did not find out yet!

The questions I want to ask is:

1. Why no data abort when access to the reserved memory?

2. The data abort will hold to the kernel, does it exist in any situation? Or it just is my mis-understanding?

Any help will be appreciate, this problem already takes me 48 more working hours!

This the kernel command line:

console=ttymxc0,115200 printk.time=1 mem=512M mtdparts=gpmi-nand:2m(boot),512k(nvram_fac),768k(boot_res),4m(boot_logo),12m(kernel),12m(ramdisk),12m(base),-(data)

Original Attachment has been moved to: kernel-2.7.1.unknownT.img.zip

Original Attachment has been moved to: zImage-imx6ul-evk.dtb.zip

Original Attachment has been moved to: ramdisk-2.7.1.unknownT.img.zip

Reply
2 Replies

‎03-30-2017 07:22 PM
1,751 Views
laizhefeng
Contributor II

Though 5 months have been pass, but your answer gets me out of the mists, thank you very much, YB Zhao.

I will test your patch when I have the time.

At last we found the code that cause this problem(We used the binary-comment method to found this, it takes dozens of time...).

    writel(0,EPIT1_BASE_ADDR);
    writel(0x1fffffff,EPIT1_BASE_ADDR+0x08);//load reg
    writel(0x1fffffff,EPIT1_BASE_ADDR+0x10);//cnt reg
    writel(0x0fffffff,EPIT1_BASE_ADDR+0x0c);//comp reg
    writel((0x01<<24)|(1<<3)|1,EPIT1_BASE_ADDR);

I have no idea why my workmate add these code, it's useless, so I delete them and every thing goes fine.

But I still feel confused that starting the EPIT should not crash the kernel.

Thanks a lot again!

0 Kudos
Reply

‎03-29-2017 09:38 PM
1,751 Views
ybzhao
Contributor I

Write to protected area will cause external abort,

But Asynchronize abort(CPSR.A) is masked in u-boot by default.

So any external abort is postponed to when CPSR.A is unmasked,

In your case: when the init process runs.

Note, if not in HYP mode, CPSR.A can only be modified when SCR.NS is 0 or (SCR.AW is 1 and SCR.NS is 1).

Refer to arm's TRM for  details.

diff --git a/arch/arm/cpu/armv7/start.S b/arch/arm/cpu/armv7/start.S
old mode 100644
new mode 100755
index b180944..380574d
--- a/arch/arm/cpu/armv7/start.S
+++ b/arch/arm/cpu/armv7/start.S
@@ -39,13 +39,21 @@ save_boot_params_ret:
         * disable interrupts (FIQ and IRQ), also set the cpu to SVC32 mode,
         * except if in HYP mode already
         */
+       /*
+        * mrc  p15, 0, r0, c1, c1, 0   @ Read SCR into Rt
+        * bic  r0, r0, #0x8    @ External abort into dabt mode
+        * orr  r0, r0, #0x20   @ CPSR.A can be modified in any security state
+        * mcr  p15, 0, r0, c1, c1, 0   @ Write Rt to SCR
+        */
+
        mrs     r0, cpsr
        and     r1, r0, #0x1f           @ mask mode bits
        teq     r1, #0x1a               @ test for HYP mode
        bicne   r0, r0, #0x1f           @ clear all mode bits
        orrne   r0, r0, #0x13           @ set SVC mode
        orr     r0, r0, #0xc0           @ disable FIQ and IRQ
-       msr     cpsr,r0
+       bic     r0, r0, #0x100          @ enable async abort for external abort debug
+       msr     cpsr_cx,r0

Reply