From owner-svn-src-head@freebsd.org Mon Oct 26 14:50:37 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6CC9A1C99D; Mon, 26 Oct 2015 14:50:37 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EB1A1386; Mon, 26 Oct 2015 14:50:37 +0000 (UTC) (envelope-from royger@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t9QEoa64099841; Mon, 26 Oct 2015 14:50:36 GMT (envelope-from royger@FreeBSD.org) Received: (from royger@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t9QEoaxo099839; Mon, 26 Oct 2015 14:50:36 GMT (envelope-from royger@FreeBSD.org) Message-Id: <201510261450.t9QEoaxo099839@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: royger set sender to royger@FreeBSD.org using -f From: =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= Date: Mon, 26 Oct 2015 14:50:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r290005 - head/sys/dev/xen/blkfront head/sys/x86/x86 svnadmin/tools/checkacl X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2015 14:50:37 -0000 Author: royger Date: Mon Oct 26 14:50:35 2015 New Revision: 290005 URL: https://svnweb.freebsd.org/changeset/base/290005 Log: x86/dma_bounce: revert r289834 and r289836 The new load_ma implementation can cause dereferences when used with certain drivers, back it out until the reason is found: Fatal trap 12: page fault while in kernel mode cpuid = 11; apic id = 03 fault virtual address = 0x30 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff808a2d22 stack pointer = 0x28:0xfffffe07cc737710 frame pointer = 0x28:0xfffffe07cc737790 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 13 (g_down) trap number = 12 panic: page fault cpuid = 11 KDB: stack backtrace: #0 0xffffffff80641647 at kdb_backtrace+0x67 #1 0xffffffff80606762 at vpanic+0x182 #2 0xffffffff806067e3 at panic+0x43 #3 0xffffffff8084eef1 at trap_fatal+0x351 #4 0xffffffff8084f0e4 at trap_pfault+0x1e4 #5 0xffffffff8084e82f at trap+0x4bf #6 0xffffffff80830d57 at calltrap+0x8 #7 0xffffffff8063beab at _bus_dmamap_load_ccb+0x1fb #8 0xffffffff8063bc51 at bus_dmamap_load_ccb+0x91 #9 0xffffffff8042dcad at ata_dmaload+0x11d #10 0xffffffff8042df7e at ata_begin_transaction+0x7e #11 0xffffffff8042c18e at ataaction+0x9ce #12 0xffffffff802a220f at xpt_run_devq+0x5bf #13 0xffffffff802a17ad at xpt_action_default+0x94d #14 0xffffffff802c0024 at adastart+0x8b4 #15 0xffffffff802a2e93 at xpt_run_allocq+0x193 #16 0xffffffff802c0735 at adastrategy+0xf5 #17 0xffffffff80554206 at g_disk_start+0x426 Uptime: 2m29s Modified: head/sys/dev/xen/blkfront/blkfront.c head/sys/x86/x86/busdma_bounce.c Changes in other areas also in this revision: Modified: Directory Properties: svnadmin/tools/checkacl/Makefile (props changed) svnadmin/tools/checkacl/checkacl.c (props changed) vendor/ (props changed) Modified: head/sys/dev/xen/blkfront/blkfront.c ============================================================================== --- head/sys/dev/xen/blkfront/blkfront.c Mon Oct 26 14:14:56 2015 (r290004) +++ head/sys/dev/xen/blkfront/blkfront.c Mon Oct 26 14:50:35 2015 (r290005) @@ -293,12 +293,8 @@ xbd_queue_request(struct xbd_softc *sc, { int error; - if (cm->cm_bp != NULL) - error = bus_dmamap_load_bio(sc->xbd_io_dmat, cm->cm_map, - cm->cm_bp, xbd_queue_cb, cm, 0); - else - error = bus_dmamap_load(sc->xbd_io_dmat, cm->cm_map, - cm->cm_data, cm->cm_datalen, xbd_queue_cb, cm, 0); + error = bus_dmamap_load(sc->xbd_io_dmat, cm->cm_map, cm->cm_data, + cm->cm_datalen, xbd_queue_cb, cm, 0); if (error == EINPROGRESS) { /* * Maintain queuing order by freezing the queue. The next @@ -358,6 +354,8 @@ xbd_bio_command(struct xbd_softc *sc) } cm->cm_bp = bp; + cm->cm_data = bp->bio_data; + cm->cm_datalen = bp->bio_bcount; cm->cm_sector_number = (blkif_sector_t)bp->bio_pblkno; switch (bp->bio_cmd) { @@ -1011,7 +1009,7 @@ xbd_instance_create(struct xbd_softc *sc sc->xbd_disk->d_mediasize = sectors * sector_size; sc->xbd_disk->d_maxsize = sc->xbd_max_request_size; - sc->xbd_disk->d_flags = DISKFLAG_UNMAPPED_BIO; + sc->xbd_disk->d_flags = 0; if ((sc->xbd_flags & (XBDF_FLUSH|XBDF_BARRIER)) != 0) { sc->xbd_disk->d_flags |= DISKFLAG_CANFLUSHCACHE; device_printf(sc->xbd_dev, Modified: head/sys/x86/x86/busdma_bounce.c ============================================================================== --- head/sys/x86/x86/busdma_bounce.c Mon Oct 26 14:14:56 2015 (r290004) +++ head/sys/x86/x86/busdma_bounce.c Mon Oct 26 14:50:35 2015 (r290005) @@ -79,8 +79,8 @@ struct bounce_page { vm_offset_t vaddr; /* kva of bounce buffer */ bus_addr_t busaddr; /* Physical address */ vm_offset_t datavaddr; /* kva of client data */ + vm_page_t datapage; /* physical page of client data */ vm_offset_t dataoffs; /* page offset of client data */ - vm_page_t datapage[2]; /* physical page(s) of client data */ bus_size_t datacount; /* client data count */ STAILQ_ENTRY(bounce_page) links; }; @@ -135,8 +135,8 @@ static int alloc_bounce_pages(bus_dma_ta static int reserve_bounce_pages(bus_dma_tag_t dmat, bus_dmamap_t map, int commit); static bus_addr_t add_bounce_page(bus_dma_tag_t dmat, bus_dmamap_t map, - vm_offset_t vaddr, bus_addr_t addr1, - bus_addr_t addr2, bus_size_t size); + vm_offset_t vaddr, bus_addr_t addr, + bus_size_t size); static void free_bounce_page(bus_dma_tag_t dmat, struct bounce_page *bpage); int run_filter(bus_dma_tag_t dmat, bus_addr_t paddr); static void _bus_dmamap_count_pages(bus_dma_tag_t dmat, bus_dmamap_t map, @@ -527,51 +527,6 @@ _bus_dmamap_count_pages(bus_dma_tag_t dm } } -static void -_bus_dmamap_count_ma(bus_dma_tag_t dmat, bus_dmamap_t map, struct vm_page **ma, - int ma_offs, bus_size_t buflen, int flags) -{ - bus_size_t sg_len, max_sgsize; - int page_index; - vm_paddr_t paddr; - - if ((map != &nobounce_dmamap && map->pagesneeded == 0)) { - CTR4(KTR_BUSDMA, "lowaddr= %d Maxmem= %d, boundary= %d, " - "alignment= %d", dmat->common.lowaddr, - ptoa((vm_paddr_t)Maxmem), - dmat->common.boundary, dmat->common.alignment); - CTR3(KTR_BUSDMA, "map= %p, nobouncemap= %p, pagesneeded= %d", - map, &nobounce_dmamap, map->pagesneeded); - - /* - * Count the number of bounce pages - * needed in order to complete this transfer - */ - page_index = 0; - while (buflen > 0) { - paddr = ma[page_index]->phys_addr + ma_offs; - sg_len = PAGE_SIZE - ma_offs; - max_sgsize = MIN(buflen, dmat->common.maxsegsz); - sg_len = MIN(sg_len, max_sgsize); - if (bus_dma_run_filter(&dmat->common, paddr) != 0) { - sg_len = roundup2(sg_len, - dmat->common.alignment); - sg_len = MIN(sg_len, max_sgsize); - KASSERT((sg_len & (dmat->common.alignment - 1)) - == 0, ("Segment size is not aligned")); - map->pagesneeded++; - } - if (((ma_offs + sg_len) & ~PAGE_MASK) != 0) - page_index++; - ma_offs = (ma_offs + sg_len) & PAGE_MASK; - KASSERT(buflen >= sg_len, - ("Segment length overruns original buffer")); - buflen -= sg_len; - } - CTR1(KTR_BUSDMA, "pagesneeded= %d\n", map->pagesneeded); - } -} - static int _bus_dmamap_reserve_pages(bus_dma_tag_t dmat, bus_dmamap_t map, int flags) { @@ -677,7 +632,7 @@ bounce_bus_dmamap_load_phys(bus_dma_tag_ map->pagesneeded != 0 && bus_dma_run_filter(&dmat->common, curaddr)) { sgsize = MIN(sgsize, PAGE_SIZE - (curaddr & PAGE_MASK)); - curaddr = add_bounce_page(dmat, map, 0, curaddr, 0, + curaddr = add_bounce_page(dmat, map, 0, curaddr, sgsize); } sgsize = _bus_dmamap_addseg(dmat, map, curaddr, sgsize, segs, @@ -746,7 +701,7 @@ bounce_bus_dmamap_load_buffer(bus_dma_ta bus_dma_run_filter(&dmat->common, curaddr)) { sgsize = roundup2(sgsize, dmat->common.alignment); sgsize = MIN(sgsize, max_sgsize); - curaddr = add_bounce_page(dmat, map, kvaddr, curaddr, 0, + curaddr = add_bounce_page(dmat, map, kvaddr, curaddr, sgsize); } else { sgsize = MIN(sgsize, max_sgsize); @@ -765,90 +720,6 @@ bounce_bus_dmamap_load_buffer(bus_dma_ta return (buflen != 0 ? EFBIG : 0); /* XXX better return value here? */ } -static int -bounce_bus_dmamap_load_ma(bus_dma_tag_t dmat, bus_dmamap_t map, - struct vm_page **ma, bus_size_t buflen, int ma_offs, int flags, - bus_dma_segment_t *segs, int *segp) -{ - vm_paddr_t paddr, next_paddr; - int error, page_index; - struct vm_page *page; - bus_size_t sgsize, max_sgsize; - - if (dmat->common.flags & BUS_DMA_KEEP_PG_OFFSET) { - /* - * If we have to keep the offset of each page this function - * is not suitable, switch back to bus_dmamap_load_ma_triv - * which is going to do the right thing in this case. - */ - error = bus_dmamap_load_ma_triv(dmat, map, ma, buflen, ma_offs, - flags, segs, segp); - return (error); - } - - if (map == NULL) - map = &nobounce_dmamap; - - if (segs == NULL) - segs = dmat->segments; - - if ((dmat->bounce_flags & BUS_DMA_COULD_BOUNCE) != 0) { - _bus_dmamap_count_ma(dmat, map, ma, ma_offs, buflen, flags); - if (map->pagesneeded != 0) { - error = _bus_dmamap_reserve_pages(dmat, map, flags); - if (error) - return (error); - } - } - - page_index = 0; - page = ma[0]; - while (buflen > 0) { - /* - * Compute the segment size, and adjust counts. - */ - page = ma[page_index]; - paddr = page->phys_addr + ma_offs; - max_sgsize = MIN(buflen, dmat->common.maxsegsz); - sgsize = PAGE_SIZE - ma_offs; - if (((dmat->bounce_flags & BUS_DMA_COULD_BOUNCE) != 0) && - map->pagesneeded != 0 && - bus_dma_run_filter(&dmat->common, paddr)) { - sgsize = roundup2(sgsize, dmat->common.alignment); - sgsize = MIN(sgsize, max_sgsize); - KASSERT((sgsize & (dmat->common.alignment - 1)) == 0, - ("Segment size is not aligned")); - /* - * Check if two pages of the user provided buffer - * are used. - */ - if (((ma_offs + sgsize) & ~PAGE_MASK) != 0) - next_paddr = ma[page_index + 1]->phys_addr; - else - next_paddr = 0; - paddr = add_bounce_page(dmat, map, 0, paddr, - next_paddr, sgsize); - } else { - sgsize = MIN(sgsize, max_sgsize); - } - sgsize = _bus_dmamap_addseg(dmat, map, paddr, sgsize, segs, - segp); - if (sgsize == 0) - break; - KASSERT(buflen >= sgsize, - ("Segment length overruns original buffer")); - buflen -= sgsize; - if (((ma_offs + sgsize) & ~PAGE_MASK) != 0) - page_index++; - ma_offs = (ma_offs + sgsize) & PAGE_MASK; - } - - /* - * Did we fit? - */ - return (buflen != 0 ? EFBIG : 0); /* XXX better return value here? */ -} - static void bounce_bus_dmamap_waitok(bus_dma_tag_t dmat, bus_dmamap_t map, struct memdesc *mem, bus_dmamap_callback_t *callback, void *callback_arg) @@ -892,7 +763,6 @@ bounce_bus_dmamap_sync(bus_dma_tag_t dma { struct bounce_page *bpage; vm_offset_t datavaddr, tempvaddr; - bus_size_t datacount1, datacount2; if ((bpage = STAILQ_FIRST(&map->bpages)) == NULL) return; @@ -908,35 +778,17 @@ bounce_bus_dmamap_sync(bus_dma_tag_t dma while (bpage != NULL) { tempvaddr = 0; datavaddr = bpage->datavaddr; - datacount1 = bpage->datacount; if (datavaddr == 0) { tempvaddr = - pmap_quick_enter_page(bpage->datapage[0]); + pmap_quick_enter_page(bpage->datapage); datavaddr = tempvaddr | bpage->dataoffs; - datacount1 = min(PAGE_SIZE - bpage->dataoffs, - datacount1); } bcopy((void *)datavaddr, - (void *)bpage->vaddr, datacount1); + (void *)bpage->vaddr, bpage->datacount); if (tempvaddr != 0) pmap_quick_remove_page(tempvaddr); - - if (bpage->datapage[1] == 0) - goto next_w; - - /* - * We are dealing with an unmapped buffer that expands - * over two pages. - */ - datavaddr = pmap_quick_enter_page(bpage->datapage[1]); - datacount2 = bpage->datacount - datacount1; - bcopy((void *)datavaddr, - (void *)(bpage->vaddr + datacount1), datacount2); - pmap_quick_remove_page(datavaddr); - -next_w: bpage = STAILQ_NEXT(bpage, links); } dmat->bounce_zone->total_bounced++; @@ -946,35 +798,17 @@ next_w: while (bpage != NULL) { tempvaddr = 0; datavaddr = bpage->datavaddr; - datacount1 = bpage->datacount; if (datavaddr == 0) { tempvaddr = - pmap_quick_enter_page(bpage->datapage[0]); + pmap_quick_enter_page(bpage->datapage); datavaddr = tempvaddr | bpage->dataoffs; - datacount1 = min(PAGE_SIZE - bpage->dataoffs, - datacount1); } - bcopy((void *)bpage->vaddr, (void *)datavaddr, - datacount1); + bcopy((void *)bpage->vaddr, + (void *)datavaddr, bpage->datacount); if (tempvaddr != 0) pmap_quick_remove_page(tempvaddr); - - if (bpage->datapage[1] == 0) - goto next_r; - - /* - * We are dealing with an unmapped buffer that expands - * over two pages. - */ - datavaddr = pmap_quick_enter_page(bpage->datapage[1]); - datacount2 = bpage->datacount - datacount1; - bcopy((void *)(bpage->vaddr + datacount1), - (void *)datavaddr, datacount2); - pmap_quick_remove_page(datavaddr); - -next_r: bpage = STAILQ_NEXT(bpage, links); } dmat->bounce_zone->total_bounced++; @@ -1138,7 +972,7 @@ reserve_bounce_pages(bus_dma_tag_t dmat, static bus_addr_t add_bounce_page(bus_dma_tag_t dmat, bus_dmamap_t map, vm_offset_t vaddr, - bus_addr_t addr1, bus_addr_t addr2, bus_size_t size) + bus_addr_t addr, bus_size_t size) { struct bounce_zone *bz; struct bounce_page *bpage; @@ -1168,16 +1002,12 @@ add_bounce_page(bus_dma_tag_t dmat, bus_ if (dmat->common.flags & BUS_DMA_KEEP_PG_OFFSET) { /* Page offset needs to be preserved. */ - bpage->vaddr |= addr1 & PAGE_MASK; - bpage->busaddr |= addr1 & PAGE_MASK; - KASSERT(addr2 == 0, - ("Trying to bounce multiple pages with BUS_DMA_KEEP_PG_OFFSET")); + bpage->vaddr |= addr & PAGE_MASK; + bpage->busaddr |= addr & PAGE_MASK; } bpage->datavaddr = vaddr; - bpage->datapage[0] = PHYS_TO_VM_PAGE(addr1); - KASSERT((addr2 & PAGE_MASK) == 0, ("Second page is not aligned")); - bpage->datapage[1] = PHYS_TO_VM_PAGE(addr2); - bpage->dataoffs = addr1 & PAGE_MASK; + bpage->datapage = PHYS_TO_VM_PAGE(addr); + bpage->dataoffs = addr & PAGE_MASK; bpage->datacount = size; STAILQ_INSERT_TAIL(&(map->bpages), bpage, links); return (bpage->busaddr); @@ -1249,7 +1079,7 @@ struct bus_dma_impl bus_dma_bounce_impl .mem_free = bounce_bus_dmamem_free, .load_phys = bounce_bus_dmamap_load_phys, .load_buffer = bounce_bus_dmamap_load_buffer, - .load_ma = bounce_bus_dmamap_load_ma, + .load_ma = bus_dmamap_load_ma_triv, .map_waitok = bounce_bus_dmamap_waitok, .map_complete = bounce_bus_dmamap_complete, .map_unload = bounce_bus_dmamap_unload,