@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ ON WINDOWS PC with QNX 640 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ BEGINNING of file trigger.c @@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ /* * Test to trigger Kernel crash when accessing some non-existent * physical memory on * QNX Neutrino 6.4.0 on the Freescale MPC8641D Argo Navis Board * * trigger 0 : maps/unmaps invalid address range. * trigger 1 : causes kernel crash accessing 32 bit phys addr. * trigger 2 : causes kernel crash accessing 33 bit phys addr. */ #include #include #include #include /* BOTH addresses below are in non-existent physical memory */ static const unsigned long long gSomeAddr0 = 0xF0000000LL ; // 32 bits static const unsigned long long gSomeAddr1 = 0x1FF800000LL ; // 33 bits static const unsigned AREA_SIZE = 0x10000 ; // 64 K void TestFunc( unsigned long long physAddr, int writeToIt ) { printf( "Before mmap() of address 0x%llx\n", physAddr ); fflush( stdout ); sleep(2); volatile unsigned short * pPage; pPage = (unsigned short *) mmap_device_memory( NULL, AREA_SIZE, PROT_READ | PROT_WRITE /* | PROT_NOCACHE */ , 0, physAddr ); if (writeToIt) { printf( "After mmap(). Before *pPage = 0 {pPage=0x%p}\n", pPage ); fflush( stdout ); sleep(2); *pPage = 0; printf( "After: *pPage = 0\n" ); fflush( stdout ); sleep(2); } munmap_device_memory( (void *) pPage, AREA_SIZE ); printf( "After munmap_device_memory() of phys addr 0x%llx\n", physAddr ); fflush( stdout ); printf( "Before mmap() of address 0x%llx\n", physAddr ); fflush( stdout ); sleep(2); } int main( int argc, char *argv[] ) { printf( "Test compiled on: %s %s\n", __DATE__, __TIME__ ); if (argc > 1) { if (0 ==strcmp(argv[1], "0")) { TestFunc( gSomeAddr0, 0 ); TestFunc( gSomeAddr1, 0 ); } else if (0 ==strcmp(argv[1], "1")) { TestFunc( gSomeAddr0, 1 ); } else if (0 ==strcmp(argv[1], "2")) { TestFunc( gSomeAddr1, 1 ); } } else { printf( "Usage:\n" " %s 0 : just mmaps/unmaps two areas of memory.\n" " %s 1 : Kernel crash accessing 32 bit " "non-existent memory\n" " %s 1 : Kernel crash accessing 33 bit " "non-existent memory\n\n", argv[0], argv[0], argv[0] ); } return 0; } @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ END of file trigger.c @@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ C:\myprogs> qcc -V4.2.4,gcc_ntoppc -lang-c trigger.c -g -DVARIANT_g -O -EB -DQNX -DQNX_ppc -Wc,-Wall -Wc,-Wno-parentheses -Wc,-mno-fp-moves -fexceptions -fsigned-char -DVARIANT_be -Y_acpp -DFD_SETSIZE=512 -DVARIANT_a -o trigger -I. -L. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ Output from Freescale MPC 8641d Eval board @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ FU-Boot 1.2.0 (Jan 18 2007 - 12:21:11) Freescale PowerPC CPU: Core: E600, Version: 0.2, (0x80040202) System: 8641D, Version: 2.0, (0x80900120) Clocks: CPU:1320 MHz, MPX: 528 MHz, DDR: 264 MHz, LBC: 66 MHz L2: Enabled Board: MPC8641HPCN I2C: ready DRAM: Non-interleaved DDR: 1024 MB FLASH: ## Unknown FLASH on Bank 1 - Size = 0x00000000 = 0 MB 8 MB PCI-EXPRESS 1: Configured as Host Scanning PCIE bus....PCIE1 scan & enumeration done In: serial Out: serial Err: serial SCSI: AHCI 0001.0000 32 slots 4 ports 3 Gbps 0xf impl IDE mode flags: ncq ilck pm led clo pmp pio slum part scanning bus for devices... Device 0: (1:0) Vendor: ATA Prod.: ST380811AS Rev: 3.AA Type: Hard Disk Capacity: 76319.0 MB = 74.5 GB (156301488 x 512) Net: eTSEC1, eTSEC2, eTSEC3, eTSEC4 Hit any key to stop autoboot: 0 => => => boot Speed: 1000, full duplex Using eTSEC1 device TFTP from server 10.100.72.183; our IP address is 10.100.82.60; sending through gateway 10.100.82.1 Filename 'ifs-mpc8641-qnx.raw'. Load address: 0x1f0000 Loading: ################################################################## ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################## ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ################################################################# ############################################################### done Bytes transferred = 8640732 (83d8dc hex) ## Starting application at 0x001F0000 ... Header size=0x0000009c, Total Size=0x00000780, #Cpu=1, Type=1 Section:system_private offset:0x000001d8 size:0x00000068 syspage ptr user:0000b000 kernel:0000b000 cpupage ptr user:0000c000 kernel:0000c000 spacing:4096 kdebug info:00000000 callback:00000000 boot pgms: idx=0 0) base paddr:00203000 start addr:00234550 ramsize:00000000 pagesize:00001000 Section:qtime offset:0x00000158 size:0x00000060 boot:00000000 CPS:0000000007de2900 rate/scale:757575757/-17 intr:2147483648 Section:callout offset:0x000000a0 size:0x00000048 reboot:0000bb74 power:00000000 timer_load:0000bba0 reload:0000bbbc value:0000bc08 0) display:0000bc18 poll:0000bc60 break:0000bcb4 1) display:00000000 poll:00000000 break:00000000 Section:cpuinfo offset:0x000001b8 size:0x00000020 0) cpu:80040202 flags:c0003066 speed:00000528 cache i/d:1/0 name:46 Section:cacheattr offset:0x00000740 size:0x00000040 0) flags:2a size:0020 #lines:0400 control:0000b788 next:255 1) flags:01 size:0020 #lines:0400 control:0000b7d8 next:255 Section:meminfo offset:0x00000780 size:0x00000000 Section:asinfo offset:0x00000540 size:0x00000140 0000) 0000000000000000-0000000fffffffff o:ffff a:0010 p:100 c:00000000 n:21 0020) 00000000f8000000-00000000f80fffff o:0000 a:0013 p:100 c:00000000 n:28 0040) 00000000f8000000-00000000f7ffffff o:0020 a:0003 p:100 c:00000000 n:33 0060) 0000000000000000-000000001fffffff o:0000 a:0017 p:100 c:00000000 n:42 0080) 0000000000200208-0000000000a2d8db o:0000 a:0005 p:100 c:00000000 n:128 00a0) 00000000001f0100-0000000000200207 o:0000 a:0007 p:100 c:00000000 n:136 00c0) 0000000000200208-0000000000a2d8db o:0000 a:0007 p:100 c:00000000 n:144 00e0) 0000000000003000-000000000000afff o:0060 a:0007 p:100 c:00000000 n:152 0100) 0000000000a2d8dc-000000001fffffff o:0060 a:0007 p:100 c:00000000 n:152 0120) 000000000000d000-00000000001f00ff o:0060 a:0007 p:100 c:00000000 n:152 Section:hwinfo offset:0x00000308 size:0x00000238 0) size:3 tag:3 isize:3, iname:0, owner:65535, kids:1 12) size:3 tag:17 isize:3, iname:9, owner:0, kids:2 24) size:3 tag:3 isize:3, iname:51, owner:12, kids:2 36) size:4 tag:63 isize:15, iname:58, owner:24, kids:0 00 00 00 00 52) size:3 tag:70 00 00 00 00 00 00 00 10 64) size:2 tag:79 00 00 00 1a 72) size:6 tag:83 00 00 00 08 00 00 00 00 f8 00 45 00 00 00 ff ff 00 00 00 00 96) size:4 tag:63 isize:16, iname:58, owner:24, kids:0 00 00 00 00 112) size:3 tag:70 00 00 00 00 00 00 00 10 124) size:2 tag:79 00 00 00 0c 132) size:1 tag:92 136) size:6 tag:83 00 00 00 08 00 00 00 00 f8 00 46 00 00 00 ff ff 00 00 00 00 160) size:3 tag:3 isize:3, iname:96, owner:12, kids:4 172) size:4 tag:63 isize:23, iname:104, owner:160, kids:0 00 00 00 00 188) size:1 tag:92 192) size:6 tag:83 00 00 00 08 00 00 00 00 f8 02 40 00 00 00 ff ff 00 00 00 00 216) size:2 tag:79 00 00 00 0d 224) size:2 tag:79 00 00 00 0e 232) size:2 tag:79 00 00 00 12 240) size:4 tag:109 00 00 00 06 00 f0 0d 11 00 fe 00 00 256) size:2 tag:117 00 00 00 00 264) size:4 tag:63 isize:22, iname:104, owner:160, kids:0 00 00 00 00 280) size:6 tag:83 00 00 00 08 00 00 00 00 f8 02 50 00 00 00 ff ff 00 00 00 00 304) size:2 tag:79 00 00 00 13 312) size:2 tag:79 00 00 00 14 320) size:2 tag:79 00 00 00 18 328) size:4 tag:109 00 00 00 06 00 f0 0d 11 01 fe 00 00 344) size:2 tag:117 00 00 00 01 352) size:4 tag:63 isize:22, iname:104, owner:160, kids:0 00 00 00 00 368) size:6 tag:83 00 00 00 08 00 00 00 00 f8 02 60 00 00 00 ff ff 00 00 00 00 392) size:2 tag:79 00 00 00 0f 400) size:2 tag:79 00 00 00 10 408) size:2 tag:79 00 00 00 11 416) size:4 tag:109 00 00 00 06 00 f0 0d 11 02 fe 00 00 432) size:2 tag:117 00 00 00 02 440) size:4 tag:63 isize:22, iname:104, owner:160, kids:0 00 00 00 00 456) size:6 tag:83 00 00 00 08 00 00 00 00 f8 02 70 00 00 00 ff ff 00 00 00 00 480) size:2 tag:79 00 00 00 15 488) size:2 tag:79 00 00 00 16 496) size:2 tag:79 00 00 00 17 504) size:4 tag:109 00 00 00 06 00 f0 0d 11 03 fe 00 00 520) size:2 tag:117 00 00 00 03 Section:typed_strings offset:0x00000240 size:0x00000028 off:0 type:5 string:'MPC8641D' off:16 type:2 string:'localhost' Section:strings offset:0x00000268 size:0x000000a0 [0]'hw' [3]'Group' [9]'unknown' [17]'Bus' [21]'memory' [28]'immr' [33]'immr_cpm' [42]'ram' [46]'7448' [51]'serial' [58]'8250' [63]'Device' [70]'inputclk' [79]'irq' [83]'location' [92]'pad' [96]'network' [104]'tsec' [109]'nicaddr' [117]'nicphyaddr' [128]'imagefs' [136]'startup' [144]'bootram' [152]'sysram' Section:intrinfo offset:0x00000680 size:0x000000c0 0) vector_base:00000000, #vectors:84, cascade_vector:7fffffff cpu_intr_base:00000140, cpu_intr_stride:0, flags:0000 id => flags:0400, size:001c, rtn:0000b804 eoi => flags:0400, size:0018, rtn:0000b820 mask:0000b838, unmask:0000b910, config:0000b9e4 1) vector_base:80000000, #vectors:1, cascade_vector:7fffffff cpu_intr_base:00000240, cpu_intr_stride:0, flags:0000 id => flags:0400, size:0010, rtn:0000b9f8 eoi => flags:0000, size:0000, rtn:0000ba08 mask:0000ba08, unmask:0000ba10, config:00000000 2) vector_base:00000064, #vectors:16, cascade_vector:00000039 cpu_intr_base:00000140, cpu_intr_stride:0, flags:0000 id => flags:0000, size:0084, rtn:0000ba18 eoi => flags:1000, size:0060, rtn:0000ba9c mask:0000bafc, unmask:0000bb38, config:00000000 Section:smp offset:0x00000780 size:0x00000000 Section:pminfo offset:0x00000780 size:0x00000000 Section:mdriver offset:0x00000780 size:0x00000000 Section:boxinfo offset:0x00000780 size:0x00000000 Section:kerinfo offset:0x00000128 size:0x00000030 pretend_cpu:00000000 init_msr:00000000, asid_bits:00000000 Section:smpinfo offset:0x00000780 size:0x00000000 Section:tlbinfo offset:0x00000780 size:0x00000000 System page at phys:0000b000 user:0000b000 kern:0000b000 Starting next program at v00234550 Welcome to QNX Neutrino 6.4.0 on the Freescale MPC8641D Argo Navis Board @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ # ./trigger 0 Test compiled on: Jan 21 2010 14:09:42 Before mmap() of address 0xf0000000 After munmap_device_memory() of phys addr 0xf0000000 Before mmap() of address 0xf0000000 Before mmap() of address 0x1ff800000 After munmap_device_memory() of phys addr 0x1ff800000 Before mmap() of address 0x1ff800000 # # # # # ./trigger 1 Test compiled on: Jan 21 2010 14:09:42 Before mmap() of address 0xf0000000 After mmap(). Before *pPage = 0 {pPage=0x80100000} Shutdown[0,0] S/C/F=10/3/33 C/D=0020b098/00274bb8 QNX Version 6.4.0 Release 2008/10/21-10:59:55EDT [0]PID-TID=184329-1 P/T FL=00000000/00000000 "./trigger" ppcbe context[0ff90e8c]: 0000: fe355fa4 4803fdf0 48048b5c 48041d88 fe35c9f4 ee6b2800 00002800 00000000 0020: 00000000 00000000 00000000 00000000 4803fb44 48049c98 00000000 00000000 0040: 00000000 00000000 00000000 0ffe8a58 4803fe80 00000002 4803fe94 4803fea0 0060: 4803fec4 00000000 4803ffbb 48041d88 80100000 48040a10 fe37e3b0 48041d88 0080: 00000000 fe37e3b0 0014d930 fe35c8c0 28000042 20000000 00000000 00000000 00a0: 00000000 instruction[fe35c8c0]: 80 7e fb 74 48 02 27 55 2f 9f 00 00 41 9e 00 18 80 1f 00 48 2f 80 00 00 41 9e stack[4803fdf0]: 0000: 4803fe00 fe35c738 fe37e3b0 48041d88 4803fe20 fe355fa4 ffffffff ffffffff 0020: 80100000 00000001 00000000 f0000000 4803fe40 48040770 4803fe94 00000000 0040: 4803ff14 4803ff18 0ffe6000 4803fe94 4803fe60 480408ac 0ffe6000 00000000 0060: 4803fe80 4803ffaf 4803fe94 00000000 4803fe70 48041d48 4803fea0 4803fec4 <<<<<<<<<<<<<<<<<<<<<<<< RESET >>>>>>>>>>>>>>>>>>>>>>>>>>> U-Boot 1.2.0 (Jan 18 2007 - 12:21:11) Freescale PowerPC CPU: Core: E600, Version: 0.2, (0x80040202) System: 8641D, Version: 2.0, (0x80900120) Clocks: CPU:1320 MHz, MPX: 528 MHz, DDR: 264 MHz, LBC: 66 MHz L2: Enabled Board: MPC8641HPCN I2C: ready # # # # ./trigger 2 Test compiled on: Jan 21 2010 14:09:42 Before mmap() of address 0x1ff800000 After mmap(). Before *pPage = 0 {pPage=0x80100000} Shutdown[0,0] S/C/F=10/3/33 C/D=0020b098/00274bb8 QNX Version 6.4.0 Release 2008/10/21-10:59:55EDT [0]PID-TID=200713-1 P/T FL=00000000/00000000 "./trigger" ppcbe context[0ff9da0c]: 0000: fe355fa4 4803fdf0 48048b5c 48041d88 fe35c9f4 ee6b2800 00002800 00000000 0020: 00000000 00000000 00000000 00000000 4803fb44 48049c98 00000000 00000000 0040: 00000000 00000000 00000000 0ffe8a58 4803fe80 00000002 4803fe94 4803fea0 0060: 4803fec4 00000000 4803ffbb 48041d88 80100000 48040a10 fe37e3b0 48041d88 0080: 00000000 fe37e3b0 0014d930 fe35c8c0 28000042 20000000 00000000 00000000 00a0: 00000000 instruction[fe35c8c0]: 80 7e fb 74 48 02 27 55 2f 9f 00 00 41 9e 00 18 80 1f 00 48 2f 80 00 00 41 9e stack[4803fdf0]: 0000: 4803fe00 fe35c738 fe37e3b0 48041d88 4803fe20 fe355fa4 ffffffff ffffffff 0020: 80100000 00000001 00000001 ff800000 4803fe40 48040770 4803fe94 00000000 0040: 4803ff14 4803ff18 0ffe6000 4803fe94 4803fe60 480408d8 0ffe6000 00000000 0060: 4803fe80 4803ffaf 4803fe94 00000000 4803fe70 48041d48 4803fea0 4803fec4 <<<<<<<<<<<<<<<<<<<<<<<< RESET >>>>>>>>>>>>>>>>>>>>>>>>>>> U-Boot 1.2.0 (Jan 18 2007 - 12:21:11) Freescale PowerPC CPU: Core: E600, Version: 0.2, (0x80040202) System: 8641D, Version: 2.0, (0x80900120) Clocks: CPU:1320 MHz, MPX: 528 MHz, DDR: 264 MHz, LBC: 66 MHz L2: Enabled Board: MPC8641HPCN