On 2022-01-25 11:54 a.m., Rolf Eike Beer wrote:
Am Montag, 24. Januar 2022, 18:41:27 CET schrieb John David Anglin:
On 2022-01-24 12:24 p.m., John David Anglin wrote:
Faulting instruction is "ldw 18(r3),r24". Address in $r3 (and $r5) seems
bad. Think the sglist argument
to sba_unmap_sg() is bad. Don't have a clue as to why this might be.
Maybe try interchanging operands of following &&
while (sg_dma_len(sglist) && nents--) {
so nents is checked first.
But nents would be increased then even for the case that sg_dma_len() returns
false, which may or may not be wanted.
You are correct. The decrement of nents needs to be in loop so count in following DBG_RUN_SG is correct:
while (sg_dma_len(sglist) && nents--) {
sba_unmap_page(dev, sg_dma_address(sglist), sg_dma_len(sglist),
direction, 0);
#ifdef SBA_COLLECT_STATS
ioc->usg_pages += ((sg_dma_address(sglist) & ~IOVP_MASK) + sg_dma_len(sglist) + IOVP_SIZE - 1) >> PAGE_SHIFT;
ioc->usingle_calls--; /* kluge since call is unmap_sg() */
#endif
++sglist;
}
DBG_RUN_SG("%s() DONE (nents %d)\n", __func__, nents);
However, nents still needs to be checked first.
What has happened is the sglist pointer has crossed a page boundary causing the TLB miss. The offset of sg_dma_len is 0x18
and checking sg_dma_len(sglist) first causes the fault.
--
John David Anglin dave.anglin@xxxxxxxx
