NetBSD Problem Report #25307

Received: (qmail 17115 invoked by uid 605); 25 Apr 2004 00:21:41 -0000
Message-Id: <200404250021.i3P0LcdE011490@bigbox.hjalmar.to>
Date: Sun, 25 Apr 2004 02:21:38 +0200 (CEST)
From: Anders Hjalmarsson <hjalmar@hjalmar.to>
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: hjalmar@hjalmar.to
To: gnats-bugs@gnats.NetBSD.org
Subject: Raw disk I/O broken on VAXstation 3100/m30, causes panic
X-Send-Pr-Version: 3.95

>Number:         25307
>Category:       port-vax
>Synopsis:       Raw disk I/O broken on VAXstation 3100/m30, causes panic
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-vax-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 25 00:22:00 +0000 2004
>Closed-Date:    Sun May 02 08:54:16 +0000 2004
>Last-Modified:  Wed May 05 15:32:00 +0000 2004
>Originator:     Anders Hjalmarsson
>Release:        NetBSD 2.0C
>Organization:
unorganized
>Environment:
System: NetBSD  2.0C NetBSD 2.0C (VS3100_30-$Revision: 1.118 $) #7: Sat Apr 24 23:14:34 UTC 2004  hjalmar@simh-vax.hjalmar.to:/var/obj/config/vax/compile/VS3100_30 vax
Architecture: vax
Machine: vax
>Description:
	Raw disk I/O broken on VAXstation 3100/m30, causes panic
	This probably affects all vaxen attching si at vsbus and
	maybe those with hdc at vsbus.


Partial dmesg:

si0 at vsbus0 csr 0x200c0080 vec 770 ipl 14 maskbit 1
si0: NCR5380, SCSI ID 6
scsibus0 at si0: 8 targets, 8 luns per target

scsibus0: waiting 2 seconds for devices to settle...
sd0 at scsibus0 target 0 lun 0: <DEC, RZ24     (C) DEC, 211B> disk fixed
sd0: drive offline
sd0: async, 8-bit transfers
sd1 at scsibus0 target 2 lun 0: <DEC, RZ24     (C) DEC, 211B> disk fixed
sd1: drive offline
sd1: async, 8-bit transfers


>How-To-Repeat:

# dd if=/dev/rsd0c bs=8k count=1 of=/dev/null
panic: trap: access fault: addr 800c09e2 code 8087d000
Stopped at      netbsd:trap+0x1ab:      bbc     $2, 75(r7), trap+0x1bd
db> bt
panic: trap: access fault: addr 800defa1 code 10
Stopped at      netbsd:trap+0x1ab:      bbc     $2, 75(r7), trap+0x1bd




# dd if=/dev/zero bs=8k count=1 of=/dev/rsd0b
panic: Segv in kernel mode: pc 800c0afc addr 89ded000
Stopped in pid 9.1 (dd) at      netbsd:trap+0x2c2:      movl    $2, -52(fp)
db> 
db> bt
panic: Segv in kernel mode: pc %x addr %x
Stack traceback :
0x82dd9930: trap+0x2c2(0x82dd9a04)
0x82dd9a04: trap type=0x8 code=0x89ded000 pc=0x800c0afc psl=0xd50000
0x82dd99d0: vsbus_copyfromproc+0xc4(0x802a6960,0x26000,0x82582000,0x2000)
0x82dd9a50: si_dma_go+0x2b(0x81013000)
0x82dd9a90: vsbus_dma_intr+0x36(void)
0x82dd9ab4: vsbus_dma_start+0x25(0x810135d8)
0x82dd9acc: si_dma_start+0x1e(0x81013000)
0x82dd9ae8: ncr5380_data_xfer+0xd9(0x81013000,0)
0x82dd9b04: ncr5380_machine+0xdf(0x81013000)
0x82dd9b2c: ncr5380_sched+0x240(0x81013000)
0x82dd9b60: ncr5380_scsipi_request+0x12e(0x81013064,0,0x802b2000)
0x82dd9b94: scsipi_run_queue+0x11b(0x81013064)
0x82dd9bd0: scsipi_execute_xs+0x1b7(0x802b2000)
0x82dd9c04: scsi_scsipi_cmd+0xd6(0x8103ee00,0x82dd9cd4,0x6,0x26000,0x2000,0x4,0x
ea60,0x802b3e88,0x22009)
0x82dd9c38: scsipi_command+0x5c(0x8103ee00,0x82dd9cd4,0x6,0x26000,0x2000,0x4,0xe
a60,0x802b3e88,0x22009)
0x82dd9c8c: sdstart+0x1ad(0x8103ee00)
0x82dd9ce8: sdstrategy+0x217(0x802b3e88)
0x82dd9d20: physio+0x194(0x800d24b2,0,0x3b01,0,0x800d292e,0x82dd9eb8)
0x82dd9d64: sdwrite+0x1f(0x3b01,0x82dd9eb8,0x1)
0x82dd9dac: spec_write+0xc2(0x82dd9e50)
0x82dd9e00: ufsspec_write+0x33(0x82dd9e50)
0x82dd9e34: vn_write+0x11d(0x802ed0a8,0x802ed0d0,0x82dd9eb8,0x80ff8e80,0x1)
0x82dd9e64: dofilewrite+0x73(0x802a6960,0x4,0x802ed0a8,0x26000,0x2000,0x802ed0d0
,0x1,0x82dd9f58)
0x82dd9ed8: sys_write+0x60(0x802ad2e8,0x82dd9f60,0x82dd9f58)
0x82dd9f20: syscall+0xdc(0x82dd9fb4)
db> 

>Fix:
	The problem is in vsbus_copyfromproc and vsbus_copytoproc.
	The conversion to physical address uses the virtual address instead
	of the virtual page (See pmap.c:vaddrtopte for a typical correct
	conversion).
	Also, vsbus_copyfromproc uses "to" instead of "from" in the conversion.

Index: vsbus.c
===================================================================
RCS file: /cvsroot/src/sys/arch/vax/vsa/vsbus.c,v
retrieving revision 1.44
diff -u -r1.44 vsbus.c
--- vsbus.c	2003/07/15 02:15:07	1.44
+++ vsbus.c	2004/04/24 23:51:23
@@ -311,10 +311,16 @@
 		bcopy(from, to, len);
 		return;
 	}
-	if ((long)to & 0x40000000)
-		pte = &p->p_vmspace->vm_map.pmap->pm_p1br[((long)to & ~0x40000000)];
+
+#ifdef DIAGNOSTIC
+	if (p == NULL)
+		panic("vsbus_copytoproc: no proc");
+#endif
+
+	if ((vaddr_t)to & 0x40000000)
+		pte = &p->p_vmspace->vm_map.pmap->pm_p1br[vax_btop((vaddr_t)to & ~0x40000000)];
 	else
-		pte = &p->p_vmspace->vm_map.pmap->pm_p0br[(long)to];
+		pte = &p->p_vmspace->vm_map.pmap->pm_p0br[vax_btop((vaddr_t)to)];
 	if ((vaddr_t)to & PGOFSET) {
 		int cz = round_page((vaddr_t)to) - (vaddr_t)to;

@@ -345,10 +351,16 @@
 		bcopy(from, to, len);
 		return;
 	}
-	if ((long)to & 0x40000000)
-		pte = &p->p_vmspace->vm_map.pmap->pm_p1br[((long)to & ~0x40000000)];
+
+#ifdef DIAGNOSTIC
+	if (p == NULL)
+		panic("vsbus_copyfromproc: no proc");
+#endif
+
+	if ((vaddr_t)from & 0x40000000)
+		pte = &p->p_vmspace->vm_map.pmap->pm_p1br[vax_btop((vaddr_t)from & ~0x40000000)];
 	else
-		pte = &p->p_vmspace->vm_map.pmap->pm_p0br[(long)to];
+		pte = &p->p_vmspace->vm_map.pmap->pm_p0br[vax_btop((vaddr_t)from)];
 	if ((vaddr_t)from & PGOFSET) {
 		int cz = round_page((vaddr_t)from) - (vaddr_t)from;

>Release-Note:
>Audit-Trail:

From: Anders Magnusson <ragge@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: pr/25307 CVS commit: src/sys/arch/vax/vsa
Date: Sun,  2 May 2004 08:16:52 +0000 (UTC)

 Module Name:	src
 Committed By:	ragge
 Date:		Sun May  2 08:16:52 UTC 2004

 Modified Files:
 	src/sys/arch/vax/vsa: vsbus.c

 Log Message:
 Fix bug that were introduced together with the merge of nathanw_sa:
 SCSI on VS2k/VS3100 stopped working.  Spotted and fixed by Anders Hjalmarsson.
 This fixes PR#25307.


 To generate a diff of this commit:
 cvs rdiff -r1.44 -r1.45 src/sys/arch/vax/vsa/vsbus.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed 
State-Changed-By: ragge 
State-Changed-When: Sun May 2 08:53:21 UTC 2004 
State-Changed-Why:  
Patch attached by the submitter now applied. 

From: Matthias Scheler <tron@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: pr/25307 CVS commit: [netbsd-2-0] src/sys/arch/vax/vsa
Date: Wed,  5 May 2004 15:31:39 +0000 (UTC)

 Module Name:	src
 Committed By:	tron
 Date:		Wed May  5 15:31:38 UTC 2004

 Modified Files:
 	src/sys/arch/vax/vsa [netbsd-2-0]: vsbus.c

 Log Message:
 Pull up revision 1.45 (requested by ragge in ticket #245):
 Fix bug that were introduced together with the merge of nathanw_sa:
 SCSI on VS2k/VS3100 stopped working.  Spotted and fixed by Anders Hjalmarsson.
 This fixes PR#25307.


 To generate a diff of this commit:
 cvs rdiff -r1.44 -r1.44.2.1 src/sys/arch/vax/vsa/vsbus.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
 	NetBSD current from a few days ago

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.