Date: Fri, 22 Apr 2005 15:04:03 +0200 (CEST) From: Dean Strik <dean@ipnet6.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Dean Strik <dean@stack.nl> Subject: kern/80246: Wrong mtx_unlock in IPS morpheus-specific code causing panic Message-ID: <20050422130403.CAA9D99@toad.stack.nl> Resent-Message-ID: <200504221310.j3MDAAC8016963@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80246
>Category: kern
>Synopsis: Wrong mtx_unlock in IPS morpheus-specific code causing panic
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Apr 22 13:10:10 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dean Strik
>Release: FreeBSD 5.4-STABLE i386
>Organization:
Eindhoven University of Technology
>Environment:
System: FreeBSD sphinx.ipnet6.org 5.4-STABLE FreeBSD 5.4-STABLE #2: Fri Apr 22 14:23:05 CEST 2005 dean@sphinx.ipnet6.org:/usr/obj/usr/src/sys/SPHINX i386
ips0: <IBM ServeRAID Adapter> mem 0xe9300000-0xe9301fff irq 20 at device 8.0 on pci0
ips0: adapter type: ServeRAID 4M (morpheus)
ips0: logical drives: 1
ips0: Logical Drive 0: RAID5 sectors: 286744576, state OK
ipsd0: <Logical Drive> on ips0
ipsd0: Logical Drive (140012MB)
>Description:
(description is for 5.4-STABLE, applies to -current as well)
In ips/ips.c, the Morpheus-specific function ips_morpheus_intr():
mtx_lock(&sc->queue_mtx);
ips_morpheus_check_intr(sc);
mtx_unlock(&sc->queue_mtx);
Yet ips_morpheus_check_intr() does the same mtx_unlock():
if(!(oisr & MORPHEUS_BIT_CMD_IRQ)){
DEVICE_PRINTF(2,sc->dev, "got a non-command irq\n");
mtx_unlock(&sc->queue_mtx);
return (0);
}
causing a panic.
>How-To-Repeat:
Inititialize the ips driver when using a Morpheus card.
>Fix:
The attached patch to src/sys/dev/ips/ips.c removes the mtx_unlock in
ips.c::ips_morpheus_check_intr(). However, looking at the diff between revision
1.15 and 1.16 of ips.c in ips_morpheus_intr(), other changes may be
necesary..
--- ips-mtxunlock.patch begins here ---
--- ips.c Fri Apr 22 14:07:02 2005
+++ ips.c Fri Apr 22 14:16:03 2005
@@ -512,7 +512,6 @@
PRINTF(9, "interrupt registers out:%x\n", oisr);
if(!(oisr & MORPHEUS_BIT_CMD_IRQ)){
DEVICE_PRINTF(2,sc->dev, "got a non-command irq\n");
- mtx_unlock(&sc->queue_mtx);
return (0);
}
while((status.value = ips_read_4(sc, MORPHEUS_REG_OQPR)) != 0xffffffff){
--- ips-mtxunlock.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050422130403.CAA9D99>