FS#12391 - PP502x commit_discard_idcache() causes memory corruption
Opened by Boris Gjenero (dreamlayers) - Thursday, 17 November 2011, 18:04 GMT
Last edited by Boris Gjenero (dreamlayers) - Sunday, 26 May 2013, 17:56 GMT
If I add "if (!write) cpucache_invalidate();" to ata_transfer_sectors in firmware/drivers/ata.c, a database commit almost always crashes. I suspect this is related to instability seen in PP502x IDE DMA (
The crash does not always happen during the same stage (number) of the database commit, but it always happens at the same spot: near the start of tempbuf_sort, currently starting at line 2088 in apps/tagcache.c:
idlist = &lookup[i]->idlist;
while (idlist->next != NULL)
idlist = idlist->next;
The compiler inlines tempbuf_sort into build_index. One time I printed the first pointer pointing outside of RAM and it was 0xc0edbabe.
I'm attaching a patch I used to add the code to ata_transfer_sectors. If you want to reproduce this bug, you should probably keep the LCD awake manually or disable LCD sleep so that you can see the crash message. Note that /.rockbox/database_tmp.tcd will remain, and Rockbox will again attempt to commit the database on next startup. If /.rockbox/rockbox.ipod contains the patch, you may have to restart into disk mode to fix this, so you might want to put the patched rockbox.ipod elsewhere and load it from within Rockbox. If others can't reproduce this, I can attach my database_tmp.tcd file.
I've confirmed this with r30989 and r31001 on my 5G 30GB iPod. Defining FORCE_SINGLE_CORE and increasing the tagcache stack did not help. I suspect this is a problem with PP502x cpucache_invalidate(), and not with the database.
Sunday, 26 May 2013, 17:56 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 0fec841