ATAng atacontrol issue

From: Andre Guibert de Bruet <andy_at_siliconlandmark.com>
Date: Sat, 30 Aug 2003 21:56:42 -0400 (EDT)
As reported to sos_at_, with a little extra debugging at the bottom...

-----------

I was playing with atacontrol reinit'ing all of the channels that are
installed on my machine, when I accidentally tried to reinit channel '4',
which clearly doesn't exist. Here's what showed up at the serial console:

ata0: resetting devices ..
done
ata1: resetting devices ..
done
ata2: resetting devices ..
done
ata3: resetting devices ..
done
panic: lock (sleep mutex) Giant not locked _at_ kern/sys_generic.c:678
cpuid = 1; lapic.id = 01000000
Debugger("panic")
Stopped at      Debugger+0x4e:  xchgl   %ebx,in_Debugger.0
db> tr
Debugger(c04088ac,1000000,c040bc40,f0e0abe4,100) at Debugger+0x4e
panic(c040bc40,c041c423,c04080be,c040bfe4,2a6) at panic+0x151
witness_unlock(c0494c40,8,c040bfe4,2a6,6) at witness_unlock+0x213
_mtx_unlock_flags(c0494c40,0,c040bfdb,2a6,ca8f9130) at
_mtx_unlock_flags+0x80
ioctl(ca8f9130,f0e0ad14,c042237d,3eb,3) at ioctl+0x4f8
syscall(2f,2f,2f,805e92f,bfbffd36) at syscall+0x253
Xint0x80_syscall() at Xint0x80_syscall+0x1d
--- syscall (54, FreeBSD ELF32, ioctl), eip = 0x804995b, esp = 0xbfbff76c, ebp = 0xbfbffc24 ---

My ata setup has the following devicesL
acd0: DVDROM <DVD-ROM BDV316C> at ata0-master PIO4
ad2: 238475MB <WDC WD2500JB-34EVA0> [484521/16/63] at ata1-master UDMA100
ad4: 194481MB <Maxtor 6Y200P0> [395136/16/63] at ata2-master UDMA133
ad6: 194481MB <Maxtor 6Y200P0> [395136/16/63] at ata3-master UDMA133

These devices are located on the following controllers:

atapci0: <AMD 768 UDMA100 controller> port 0xb800-0xb80f at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
atapci1: <Promise PDC20269 UDMA133 controller> port 0x9000-0x900f,0x9400-0x9403,0x9800-0x9807,0xa000-0xa003,0xa400-0xa407 mem 0xe6000000-0xe6003fff irq 11 at device 5.0 on pci2
ata2: at 0xa400 on atapci1
ata3: at 0x9800 on atapci1

A little bit of GDB'ing gives the following:

(kgdb) l *(ioctl+0x4f8)
0xc0270fa8 is in ioctl (../../../kern/sys_generic.c:679).
674             if (memp)
675                     free(memp, M_IOCTLOPS);
676             fdrop(fp, td);
677     done:
678             mtx_unlock(&Giant);
679             return (error);
680     }
681
682     /*
683      * sellock and selwait are initialized in selectinit() via SYSINIT.
(kgdb) l *(syscall+0x253)
0xc03c6103 is in syscall (../../../i386/i386/trap.c:1005).
1000                    td->td_retval[0] = 0;
1001                    td->td_retval[1] = frame.tf_edx;
1002
1003                    STOPEVENT(p, S_SCE, narg);
1004
1005                    error = (*callp->sy_call)(td, args);
1006            }
1007
1008            switch (error) {
1009            case 0:
(kgdb)

We're not locking Giant in this case because of the following check:

        /*
         * Try to run the syscall without Giant if the syscall
         * is MP safe.
         */
        if ((callp->sy_narg & SYF_MPSAFE) == 0)
                mtx_lock(&Giant);

It appears that the syscall is marked as MPSAFE but ends up calling code
in ioctl that expects Giant to be locked. Any ideas?

Regards,

> Andre Guibert de Bruet | Enterprise Software Consultant >
> Silicon Landmark, LLC. | http://siliconlandmark.com/    >
Received on Sat Aug 30 2003 - 16:56:49 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:20 UTC