From owner-freebsd-current@FreeBSD.ORG Sun Feb 13 19:46:10 2011 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26D5B1065674 for ; Sun, 13 Feb 2011 19:46:10 +0000 (UTC) (envelope-from mdf356@gmail.com) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id B471A8FC1E for ; Sun, 13 Feb 2011 19:46:09 +0000 (UTC) Received: by wwi17 with SMTP id 17so1235931wwi.1 for ; Sun, 13 Feb 2011 11:46:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=MujnsFkUoZvbHNYhSAx08VMDaYmnlk1U5hpGkMTWU9I=; b=FgQSqnWjFGibIC11JMe9lZrPeAoJJ6OVwUkqQDhVfyHB235Qw0SbNsWbfRPWjyuuGE Vbj+jNvjRABFZV8rOQaXAVjZLWXcWDapVsRhMSJ05n8fcECSYzDLmL1F04xOoys4Db7c +RCg64NT5yn9DHIrASg0oPfhQqmsFNCpq01Xg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=KQdVArSNbWWhzOnlrht0NtpU7Nw11QGGY9kYbAo0ieo0pD1/Rtk756/a0xnIg2KJHP gq5RC8HTpIZQRvgqz4p5se6z1XR8wgwjTqWvo6OwQXPGuMZLD7xygm6O6U7DNRVkQQIM hPL0agcy1sruFPIQdTzZ3NG8GJac2iqDUo47c= MIME-Version: 1.0 Received: by 10.216.163.11 with SMTP id z11mr2563391wek.36.1297626367638; Sun, 13 Feb 2011 11:46:07 -0800 (PST) Received: by 10.216.86.200 with HTTP; Sun, 13 Feb 2011 11:46:07 -0800 (PST) Date: Sun, 13 Feb 2011 11:46:07 -0800 Message-ID: From: Matthew Fleming To: freebsd-current@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: acpi_resource bug? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Feb 2011 19:46:10 -0000 I'm not very familiar with the acpi code, but we have seen an intermittent issue on boot: Panic occurred in module kernel loaded at 0xffffffff80100000: Stack: -------------------------------------------------- kernel:trap_fatal+0xac kernel:trap_pfault+0x24c kernel:trap+0x42e kernel:bcopy+0x16 kernel:AcpiWalkResources+0xdf kernel:acpi_lookup_irq_resource+0x9e kernel:acpi_alloc_resource+0x249 kernel:bus_alloc_resource+0x97 kernel:sioattach+0x446 kernel:device_attach+0x63 kernel:bus_generic_attach+0x27 kernel:acpi_probe_children+0x50 kernel:acpi_attach+0x836 kernel:device_attach+0x63 kernel:bus_generic_attach+0x27 kernel:nexus_attach+0x25 kernel:device_attach+0x63 kernel:root_bus_configure+0x2d kernel:configure+0x1a kernel:mi_startup+0x64 -------------------------------------------------- cpuid = 0; apic id = 00 fault virtual address = 0xffffff8003abe000 fault code = supervisor read data, page not present acpi_lookup_irq_handler() is trying to bcopy an entire ACPI_RESOURCE (68 bytes) from the input pointer, even though in this case the resource was a ACPI_RESOURCE_TYPE_IRQ (5 bytes), and the loop in AcpiWalkResourcessaw is seeing res->Length == 0x10. In this case, I found the following resouces on the list: (gdb) x/2wx 0xffffff8003abdfb0 0xffffff8003abdfb0: 0x00000004 0x00000010 (gdb) x/2wx 0xffffff8003abdfc0 0xffffff8003abdfc0: 0x00000004 0x00000010 (gdb) x/2wx 0xffffff8003abdfd0 0xffffff8003abdfd0: 0x00000000 0x00000010 (gdb) x/2wx 0xffffff8003abdfe0 0xffffff8003abdfe0: 0x00000001 0x00000010 (gdb) x/2wx 0xffffff8003abdff0 0xffffff8003abdff0: 0x00000007 0x00000010 So copying 68 bytes from 0xffffff8003abdfd0 will always fault. What I wonder is the following: 1) should the length of the bcopy() be changed to either respect res->Length or the actual length of the ACPI_RESOURCE_DATA for the type? 2) why would there be no memory mapped at the next virtual page on some boots, but not others? I *think* that a reboot doesn't clear the issue, but booting into a different kernel with no relevant changes will change whether the panic on boot is hit. Thanks, matthew