MMFMWK-9038: dmaengine: imx-sdma: kernel dump met in boot
The issue can be triggered with the sdma pm_runtime true.
The dma clinet pcm calls snd_dmaengine_pcm_trigger->device_prep_dma_cyclic ->sdma_prep_dma_cyclic->pm_runtime_get_sync->sdma_transfer_init ->sdma_load_context to get descriptor. The sdma_buffer_descriptor bd0 is allocated by sdma_runtime_resume. The sdma_runtime_resume function will not be called because the runtime_status is RPM_ACTIVE. The sdma_load_context accessing bd0 will cause dump.
The fail log as follow:
[ 13.613406] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 13.622200] Mem abort info:
[ 13.625010] ESR = 0x96000044
[ 13.628078] EC = 0x25: DABT (current EL), IL = 32 bits
[ 13.633402] SET = 0, FnV = 0
[ 13.636469] EA = 0, S1PTW = 0
[ 13.639620] Data abort info:
[ 13.642515] ISV = 0, ISS = 0x00000044
[ 13.646364] CM = 0, WnR = 1
[ 13.649347] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000105ac5000
[ 13.655800] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
[ 13.662605] Internal error: Oops: 96000044 [#1] PREEMPT SMP
[ 13.668186] Modules linked in:
[ 13.671259] CPU: 3 PID: 695 Comm: alsa-sink-30c20 Not tainted 5.10.72-00003-g5f44cf7c854d-dirty #14
[ 13.680315] Hardware name: NXP i.MX8MPlus EVK board (DT)
[ 13.685646] pstate: 80000085 (Nzcv daIf -PAN -UAO -TCO BTYPE=--)
[ 13.691671] pc : sdma_transfer_init+0x21c/0x26c
[ 13.696223] lr : sdma_transfer_init+0x1bc/0x26c
[ 13.700767] sp : ffff800012d9bb80
[ 13.704095] x29: ffff800012d9bb80 x28: 0000000000000003
[ 13.709425] x27: ffff0000c19c46a8 x26: 0000000000000000
[ 13.714754] x25: 0000000000000080 x24: ffff0000c19c0080
[ 13.720083] x23: 00000000000003c2 x22: 0000000000000020
[ 13.725412] x21: ffff800011f4d200 x20: ffff0000d499a900
[ 13.730741] x19: ffff0000c19c0298 x18: ffffffffffffffff
[ 13.736069] x17: 0000000000000000 x16: 0000000000000000
[ 13.741398] x15: ffff800092d9b7e7 x14: 3030303165303320
[ 13.746726] x13: ffff800011b517b0 x12: 0000000000001000
[ 13.752055] x11: 000000000000037f x10: ffff800011b517b0
[ 13.757384] x9 : 0000000000000000 x8 : ffff800011f4d280
[ 13.762712] x7 : 0000000000000000 x6 : 000000000000003f
[ 13.768041] x5 : 0000000000000040 x4 : 0000000000000000
[ 13.773369] x3 : 0000000000000004 x2 : 0000000000000000
[ 13.778697] x1 : 0000000000000000 x0 : 0000000001830020
[ 13.784025] Call trace:
[ 13.786493] sdma_transfer_init+0x21c/0x26c
[ 13.790696] sdma_prep_dma_cyclic+0x88/0x2e4
[ 13.794984] snd_dmaengine_pcm_trigger+0xec/0x1c0
[ 13.799706] dmaengine_pcm_trigger+0x18/0x24
[ 13.803995] snd_soc_pcm_component_trigger+0x48/0xf0
[ 13.808977] soc_pcm_trigger+0xa8/0xd0
[ 13.812744] snd_pcm_do_start+0x38/0x44
[ 13.816597] snd_pcm_action_single+0x48/0xac
[ 13.820885] snd_pcm_action+0x7c/0x9c
[ 13.824566] snd_pcm_action_lock_irq+0x8c/0xbc
[ 13.829026] snd_pcm_common_ioctl+0xfa4/0x11c0
[ 13.833487] snd_pcm_ioctl+0x34/0x50
[ 13.837083] __arm64_sys_ioctl+0xa8/0xf0
[ 13.841024] el0_svc_common.constprop.0+0x78/0x1c4
[ 13.845829] do_el0_svc+0x28/0x9c
[ 13.849163] el0_svc+0x14/0x20
[ 13.852235] el0_sync_handler+0xa4/0x130
[ 13.856174] el0_sync+0x180/0x1c0
[ 13.859507] Code: b90026a0 52800400 531b6ad6 72a03060 (b9000340)
[ 13.865605] ---[ end trace 0f90c4454359a810 ]---
[ 13.870233] note: alsa-sink-30c20[695] exited with preempt_count 2
This patch removes pm_runtime_set_active in sdma_probe. The clk is disable and the power is on when sdma probe, but the genpd_dev_pm_sync will sync power. So we think the runtime_status is RPM_SUSPENDED. The default runtime_status is RPM_SUSPENDED. This patch adds pm_runtime_set_suspended in order to improve code readability. The sdma_runtime_resume will be called.
This issue is very hard to reproduce with yocto rootfs. If it uses auto login with ubuntu rootfs which is more easy to reproduce on kernel 5.10, but not easy on kernel 5.15.
Reviewed-by: Dong Aisheng aisheng.dong@nxp.com Signed-off-by: Joy Zou joy.zou@nxp.com