龙芯cpu:Loongson-3A3000 mips64el内核crash问题解析

CPU 2 Unable to handle kernel paging request at virtual address 0000000000000008, epc == 0000000000000008, ra == 0000000000000008

Oops[#1]:

CPU: 2 PID: 3923 Comm: pool Tainted: G           O   ------------   3.10.01 #8

task: 98000005fb0d1680 ti: 98000005f81e4000 task.ti: 98000005f81e4000

$ 0   : 0000000000000000 0000000000000001 0000000000000008 98000005fa19ca40

$ 4   : 0000000000000008 0000000000000001 0000000000000000 0000000000002001

$ 8   : 0000000000000000 98000005fa19cf00 0000000000000010 ffffffff80208778

$12   : 0000000000000000 ffffffff811d5890 0000000000000000 98000005f81e4000

$16   : 0000000000000008 98000005f81e7e30 98000005fa19cf00 98000005fa0c0a00

$20   : 0000000000000008 0000000000000017 0000000000000001 0000000000000004

$24   : ffffffff8054c7f8 ffffffff80431950                                  

$28   : 98000005f81e4000 98000005f81e7e60 0000000000000004 0000000000000008

Hi    : 0000000000050360

Lo    : 00000000000dc948

epc   : 0000000000000008 0x8

    Tainted: G           O   ------------  

ra    : 0000000000000008 0x8

Status: f400cce3        KX SX UX KERNEL EXL IE 

Cause : 10000008

BadVA : 0000000000000008

PrId  : 0014630d (ICT Loongson-3)

Modules linked in: iptable_filter ip_tables x_tables znd(O) test(O) fuse snd_hda_codec_hdmi snd_hda_intel shpchp r8169 ipv6 autofs4 [last unloaded: test]

Process pool (pid: 3923, threadinfo=98000005f81e4000, task=98000005fb0d1680, tls=000000ffbe0065a0)

Stack : 000000ffa0002ca0 000000ffc4002420 0000000000000008 ffffffffffffffff

          000000ffbdffe380 0000000000000017 0000000000000004 000000ffa4008200

          000000ffbdffe1b8 ffffffff8021b724 0000000000000000 0000000000000001

          000000000000148f 000000ffbe0065a0 0000000000000017 0000000000000000

          0000000000000016 000000ffbdffe0e0 0000000000000008 0000000000000004

          00000001202f0198 aaaaaaaaaaaaaaab 8080808080000000 0000000000000003

          7f7f7f7f7fffffff 0000000000000040 000000ffac006a90 000000ffac000020

          000000ffac006a90 0000000000000050 0000000000000080 000000ffac006a80

          0000000000000090 0000000000000000 0000000000000012 000000ffe82b0410

          000000ffbdffe0e0 0000000000000000 000000ffe8361820 000000ffbdffe080

          ...

Call Trace:

[<ffffffff8021b724>] handle_sys64+0x44/0x68

Code: (Bad address in epc)

---[ end trace e46da27ba07b5cfe ]---

Fatal exception: panic in 5 seconds

Kernel panic - not syncing: Fatal exception

问题描述：hook do_splice_from导致系统crash

解析：反汇编vmlinux

385 ffffffff803a7d40 <do_splice_from>:

386 ffffffff803a7d40:   67bdffc0    daddiu  sp,sp,-64                                                                  

387 ffffffff803a7d44:   ebb400ff    gssq    ra,s4,48(sp)

388 ffffffff803a7d48:   ebb200b3    gssq    s3,s2,32(sp)

389 ffffffff803a7d4c:   ebb00071    gssq    s1,s0,16(sp)

第387行保存的ra，跳转到do_splice_from执行前自己内核模块有daddiu  sp,sp,-80预留堆栈的操作，

导致跳转到do_splice_from执行后就不正返回到自己的代码中。