I wrote a flash driver for an AMD part that uses the standard MTD a29f100
service routines. The driver occasionally crashes when writing data to the
flash. I built a debug version of the driver and ran it under gdb. Below
is the output of gdb when the crash occurs:
#0 0x0 in ?? ()
#1 0x4804fea4 in f3s_flash_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#2 0x4805062c in f3s_head_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#3 0x4804d99c in f3s_extptr_fresh ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#4 0x4804ea9c in f3s_file_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#5 0x4804cad8 in f3s_dirent_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#6 0x4804d3a4 in f3s_entry_lookup ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#7 0x48042abc in f3s_namei ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#8 0x48042d00 in f3s_open ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#9 0xfe336d90 in _resmgr_connect_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#10 0xfe337e7c in _resmgr_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#11 0xfe32968c in _resmgr_msg_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
—Type to continue, or q to quit—
#12 0xfe328c20 in _message_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#13 0xfe3278e4 in dispatch_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#14 0xfe3271b0 in _thread_pool_thread ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#15 0xfe3297c8 in thread_pool_start ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#16 0xfe31a170 in __my_thread_exit ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
(gdb)
(gdb)
It seems like the f3s_flash_read() makes a call to a NULL routine however,
I cannot say beyond that because I dont have the source code for the
f3s_flash library. FYI, in my driver code, I do not have a service routine
for the read function (the entry for it is set to NULL). Here’s how the
f3s_flash_t structure gets filled in the driver’s main routine:
static f3s_flash_t flash[]=
{
{
sizeof(f3s_flash_t),
f3s_a29f100_ident,
f3s_a29f040_reset,
NULL
f3s_a29f100_write,
f3s_a29f100_erase,
NULL,
NULL,
f3s_a29f040_sync
},
{
0, 0, 0, 0, 0, 0, 0, 0, 0 /* mandatory last entry */
}
};
Notice that I am also using some of f3s_a29f040 routines to fill up the
mandatory entries in f3s_flash_t because there are no comparable routines
in the f3s_a29f100 library for me to use (The MTD library in bsp-6.1.0 has
only three a29f100 routines in it – ident, write, and erase).
We are using QNX 6.1 for development. Any help in solving this problem
would be great appreciated.
After you reboot, is the flash accessible? Having a NULL read routine is
okay, it uses memcpy() instead. I need to know the following:
-
Platform (CPU, RAM, etc…) hopefully it’s something we have in
house. Anything unusual about this platform?
-
Flash config (size, model, interleave, etc…)
-
Operations that cause the crash. Is it reproducible? How? How fast
can it be reproduced?
-
Do you have a support plan with QNX?
Daryl Low
Murtaza wrote:
I wrote a flash driver for an AMD part that uses the standard MTD a29f100
service routines. The driver occasionally crashes when writing data to the
flash. I built a debug version of the driver and ran it under gdb. Below
is the output of gdb when the crash occurs:
#0 0x0 in ?? ()
#1 0x4804fea4 in f3s_flash_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#2 0x4805062c in f3s_head_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#3 0x4804d99c in f3s_extptr_fresh ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#4 0x4804ea9c in f3s_file_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#5 0x4804cad8 in f3s_dirent_read ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#6 0x4804d3a4 in f3s_entry_lookup ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#7 0x48042abc in f3s_namei ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#8 0x48042d00 in f3s_open ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#9 0xfe336d90 in _resmgr_connect_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#10 0xfe337e7c in _resmgr_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#11 0xfe32968c in _resmgr_msg_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
—Type to continue, or q to quit—
#12 0xfe328c20 in _message_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#13 0xfe3278e4 in dispatch_handler ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#14 0xfe3271b0 in _thread_pool_thread ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#15 0xfe3297c8 in thread_pool_start ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
#16 0xfe31a170 in __my_thread_exit ()
from //D/QNXsdk/QNXsdk/target/qnx6/ppcbe/lib/libc.so.2
(gdb)
(gdb)
It seems like the f3s_flash_read() makes a call to a NULL routine however,
I cannot say beyond that because I dont have the source code for the
f3s_flash library. FYI, in my driver code, I do not have a service routine
for the read function (the entry for it is set to NULL). Here’s how the
f3s_flash_t structure gets filled in the driver’s main routine:
static f3s_flash_t flash[]=
{
{
sizeof(f3s_flash_t),
f3s_a29f100_ident,
f3s_a29f040_reset,
NULL
f3s_a29f100_write,
f3s_a29f100_erase,
NULL,
NULL,
f3s_a29f040_sync
},
{
0, 0, 0, 0, 0, 0, 0, 0, 0 /* mandatory last entry */
}
};
Notice that I am also using some of f3s_a29f040 routines to fill up the
mandatory entries in f3s_flash_t because there are no comparable routines
in the f3s_a29f100 library for me to use (The MTD library in bsp-6.1.0 has
only three a29f100 routines in it – ident, write, and erase).
We are using QNX 6.1 for development. Any help in solving this problem
would be great appreciated.