On Mon, Nov 19, 2018 at 08:35:44PM +0100, Patrick Wildt wrote: > On Mon, Nov 19, 2018 at 08:16:31PM +0100, Patrick Wildt wrote: > > On Mon, Nov 19, 2018 at 11:27:54AM -0700, Theo de Raadt wrote: > > > > That means bnxt(4) and dwpcie(4) share the same interrupt line, but one > > > > has IPL_AUDIO and the other one IPL_NET. Since the highest IPL on a > > > > pin counts, this line is now IPL_AUDIO (which is >IPL_VM). A bnxt(4) > > > > interrupt is now allowed to interrupt IPL_VM. > > > > > > > > I don't think there's a regression, I think it behaves as implemented. > > > > The question that remains is: How should it behave if not like that? > > > > > > When shared, it should operate at the lowest level not the highest. That > > > may cause other difficulties. > > > > Actually it seems like we do set the lowest level, not the highest, > > sorry. But I think there might be a bug. I will have a look. > > > > I hope I'm not wrong, but I think there's a bug in the calculation > code. The ampinctc_calc_mask() function sets the priority of an IRQ > every time a handler is established or disestablished on the given IRQ. > In this case, the IPL_AUDIO is probably established before the IPL_NET, > thus when the IPL_NET establish happens, iq_irq is already set to "max" > as in IPL_AUDIO. That means the code that sets the priority to "min" is > skipped, as the continue statement will take effect. > > I guess each intrq object should have the lowest and highest IPL, and > the loop should only continue of both are the same. The lowest IPL is > then set for the IPL priority, and the highest IPL is used to splraise() > once the IRQ actually hits and the handler is suppoed to run. > > Untested, I hope that someone has a look as well and to spot if I have > a mistake in my understanding. > > We have this issue in at least 4 files: agintc/ampintc for arm64/armv7. > > Patrick
Well...with the patch applied, we panic in another location (attached). +--+ Carlos
Stopped at panic+0x154: TID PID UID PRFLAGS PFLAGS C PU COMMAND 370699 33809 0 0x13 0 3 perl *102914 60685 0 0x14000 0x200 0 softnet db_enter() at panic+0x150 panic() at pool_get+0x5c pool_get() at m_gethdr+0x34 m_gethdr() at tcp_output+0x9a0 tcp_output() at tcp_input+0x2e94 tcp_input() at ip_deliver+0x240 ip_deliver() at ipintr+0x60 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb{0}> show panic pool_cache_item_magic_check: mbufpl cpu free list modified: item addr 0xffffff8 024cc2b00+16 0xffffff8024c7b000!=0x7bf2bf8d6b78bbb ddb{0}> trace db_enter() at panic+0x150 panic() at pool_get+0x5c pool_get() at m_gethdr+0x34 m_gethdr() at tcp_output+0x9a0 tcp_output() at tcp_input+0x2e94 tcp_input() at ip_deliver+0x240 ip_deliver() at ipintr+0x60 ipintr() at if_netisr+0x8c if_netisr() at taskq_thread+0x80 taskq_thread() at proc_trampoline+0x10 ddb{0}> mach ddbcpu 1 Stopped at ampintc_ipi_ddb+0x1c: db_enter() at ampintc_ipi_ddb+0x18 ampintc_ipi_ddb() at handle_el1h_irq+0x6c handle_el1h_irq() at sched_idle+0x264 sched_idle() at proc_trampoline+0x10 ddb{1}> mach ddbcpu 2 Stopped at ampintc_ipi_ddb+0x1c: db_enter() at ampintc_ipi_ddb+0x18 ampintc_ipi_ddb() at handle_el1h_irq+0x6c handle_el1h_irq() at sched_idle+0x264 sched_idle() at proc_trampoline+0x10 ddb{2}> mach ddbcpu 3 Stopped at ampintc_ipi_ddb+0x1c: db_enter() at ampintc_ipi_ddb+0x18 ampintc_ipi_ddb() at handle_el1h_irq+0x6c handle_el1h_irq() at tsleep+0x120 tsleep() at bwrite+0x224 bwrite() at ffs1_balloc+0x734 ffs1_balloc() at ffs_write+0x208 ffs_write() at VOP_WRITE+0x5c ddb{0}> ps PID TID PPID UID S FLAGS WAIT COMMAND 63229 264459 33809 0 3 0x100083 piperd signify 61279 149431 33809 57 3 0x100003 netlock ftp 33809 370699 68767 0 7 0x13 perl 68767 448790 1 0 3 0x10008b pause ksh 60114 382468 1 0 3 0x100098 poll cron 20210 409805 48663 720 3 0x90 kqread lldpd 48663 355916 1 0 3 0x80 netio lldpd 63008 469476 1 99 3 0x100090 poll sndiod 53674 479632 1 110 3 0x100090 poll sndiod 15732 327475 85598 95 3 0x100092 kqread smtpd 94636 299326 85598 103 3 0x100092 kqread smtpd 57774 76693 85598 95 3 0x100092 kqread smtpd 23788 122165 85598 95 3 0x100092 kqread smtpd 65743 344634 85598 95 3 0x100092 kqread smtpd 42485 499416 85598 95 3 0x100092 kqread smtpd 85598 204375 1 0 3 0x100080 kqread smtpd 13294 86371 1 0 3 0x80 select sshd 33900 334576 54338 83 3 0x100092 poll ntpd 54338 229575 56575 83 3 0x100092 poll ntpd 56575 222315 1 0 3 0x100080 poll ntpd 6277 355457 2175 74 3 0x100092 bpf pflogd 2175 367815 1 0 3 0x80 netio pflogd 191 157873 64956 73 3 0x100090 kqread syslogd 64956 449336 1 0 3 0x100082 netio syslogd 46751 290865 1 77 3 0x100090 poll dhclient 13612 149750 1 0 3 0x80 poll dhclient 3833 241695 81696 115 3 0x100092 kqread slaacd 12716 38042 81696 115 3 0x100092 kqread slaacd 81696 292319 1 0 3 0x100080 kqread slaacd 28310 13221 0 0 3 0x14200 pgzero zerothread 30261 447035 0 0 3 0x14200 aiodoned aiodoned 19436 499304 0 0 3 0x14200 syncer update 97858 506840 0 0 3 0x14200 cleaner cleaner 44656 399351 0 0 3 0x14200 reaper reaper 73296 131157 0 0 3 0x14200 pgdaemon pagedaemon 26447 256479 0 0 3 0x14200 bored crynlk 19005 454771 0 0 3 0x14200 bored crypto 78823 76292 0 0 3 0x40014200 idle3 75791 314598 0 0 7 0x40014200 idle2 98837 125412 0 0 7 0x40014200 idle1 81508 15782 0 0 3 0x14200 usbtsk usbtask 88377 24693 0 0 3 0x14200 usbatsk usbatsk 66739 316258 0 0 3 0x14200 bored sensors *60685 102914 0 0 7 0x14200 softnet 27305 149149 0 0 3 0x14200 bored systqmp 69126 162699 0 0 2 0x14200 systq 65063 245748 0 0 3 0x40014200 bored softclock 4477 427622 0 0 3 0x40014200 idle0 6704 239660 0 0 3 0x14200 kmalloc kmthread 1 118616 0 0 3 0x82 wait init 0 0 -1 0 3 0x10200 scheduler swapper ddb{0}> show uvm Current UVM status: pagesize=4096 (0x1000), pagemask=0xfff, pageshift=12 4036956 VM pages: 15367 active, 34591 inactive, 0 wired, 3875370 free (484444 zero) min 10% (25) anon, 10% (25) vnode, 5% (12) vtext freemin=134565, free-target=179420, inactive-target=0, wired-max=1345652 faults=545808, traps=0, intrs=0, ctxswitch=210848 fpuswitch=0 softint=314540, syscalls=448239, kmapent=13 fault counts: noram=0, noanon=0, noamap=0, pgwait=0, pgrele=0 ok relocks(total)=55651(55652), anget(retries)=206803(0), amapcopy=180703 neighbor anon/obj pg=23503/146861, gets(lock/unlock)=172655/55652 cases: anon=170001, anoncow=36802, obj=162961, prcopy=9693, przero=166343 daemon and swap counts: woke=0, revs=0, scans=0, obscans=0, anscans=0 busy=0, freed=0, reactivate=0, deactivate=0 pageouts=0, pending=0, nswget=0 nswapdev=1 swpages=1050249, swpginuse=0, swpgonly=0 paging=0 kernel pointers: objs(kern)=0xffffff8000aa7460 ddb{0}> show bcstats Current Buffer Cache status: numbufs 22627 busymapped 13, delwri 127 kvaslots 6553 avail kva slots 6540 bufpages 90435, dmapages 90435, dirtypages 508 pendingreads 41, pendingwrites 13 highflips 0, highflops 0, dmaflips 0
