On Fri, 16 Oct 2020, Alex Bennée wrote:
Basically, there is a dt_for_each_device_node loop which is iterating for each device node:
for ( dn = dt_host; dn != NULL; dn = dn->allnext )
For the node following /ap806/config-space@f0000000/system-controller@6f4000/pinctrl Xen crashes trying to access dn->full_name.
dn->full_name is set by unflatten_dt_node when unflattening the FDT.
I am guessing Grub is modifying the FDT incorrectly or doesn't update the FDT size correctly.
Well it looks like I can confirm that upstream grub fixes whatever the Debian stable and testing grubs have broken.
Very good! :-)
[ 0.636668] armada-cp110-pinctrl f4440000.system-controller:pinctrl: registered pinctrl driver (XEN) d0v2: vGICD: unhandled word write 0x00000000000001 to ICPENDR8 (XEN) traps.c:1983:d0v2 HSR=0x93810047 pc=0xffff800010545b84 gva=0xffff800010020288 gpa=0x000000f0210288 [ 0.638071] Unhandled fault at 0xffff800010020288 [ 0.638092] Mem abort info: [ 0.638103] ESR = 0x96000000 [ 0.638118] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.638136] SET = 0, FnV = 0 [ 0.638150] EA = 0, S1PTW = 0 [ 0.638164] Data abort info: [ 0.638178] ISV = 0, ISS = 0x00000000 [ 0.638192] CM = 0, WnR = 0 [ 0.638208] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000040e0b000 [ 0.638229] [ffff800010020288] pgd=000000007bfff003, pud=000000007bffe003, pmd=000000007bffd003, pte=00680000f0210707 [ 0.638268] Internal error: ttbr address size fault: 96000000 [#1] SMP [ 0.638291] Modules linked in: [ 0.638310] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.6.0-0.bpo.2-arm64 #1 Debian 5.6.14-2~bpo10+1 [ 0.638339] Hardware name: Marvell 8040 MACCHIATOBin (DT) [ 0.638359] pstate: 60000085 (nZCv daIf -PAN -UAO) [ 0.638387] pc : gic_irq_set_irqchip_state+0x54/0x90 [ 0.638408] lr : irq_set_irqchip_state+0x74/0xc0
I know this one, let me explain.
It is difficult to implement ICPENDR/ISPENDR (and also ISACTIVER/ICACTIVER) in Xen. Currently we don't implement them at all. In the case of writing to ICPENDR, we return error causing the "Unhandled fault" strack trace you are seeing.
Looking at Linux mvebu_icu_irq_domain_alloc:
/* Make sure there is no interrupt left pending by the firmware */ err = irq_set_irqchip_state(virq, IRQCHIP_STATE_PENDING, false); if (err) goto free_msi;
In this case it would seem reasonably safe to ignore the ICPENDR request and continue. So, please try with the appended patch for Xen. We started ignoring writes to ICACTIVER for similar reasons. But a generic solution requires a proper implementation of these operations.
diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c index 64b141fea5..e30be2b5c5 100644 --- a/xen/arch/arm/vgic-v2.c +++ b/xen/arch/arm/vgic-v2.c @@ -482,7 +482,7 @@ static int vgic_v2_distr_mmio_write(struct vcpu *v, mmio_info_t *info, printk(XENLOG_G_ERR "%pv: vGICD: unhandled word write %#"PRIregister" to ICPENDR%d\n", v, r, gicd_reg - GICD_ICPENDR); - return 0; + goto write_ignore_32;
case VRANGE32(GICD_ISACTIVER, GICD_ISACTIVERN): if ( dabt.size != DABT_WORD ) goto bad_width; diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index fd8cfc156d..6ae291aa38 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -818,7 +818,7 @@ static int __vgic_v3_distr_common_mmio_write(const char *name, struct vcpu *v, printk(XENLOG_G_ERR "%pv: %s: unhandled word write %#"PRIregister" to ICPENDR%d\n", v, name, r, reg - GICD_ICPENDR); - return 0; + goto write_ignore_32;
case VRANGE32(GICD_ISACTIVER, GICD_ISACTIVERN): if ( dabt.size != DABT_WORD ) goto bad_width;