Yep, looking at the code, it looks like fd clears fj_drive on detach
(e.g. due to modunload due to memory pressure), but does not clear the
FUNIT_DRVATCH flag.
I should have a fix in about 10 minutes.
-- Garrett
Juergen Keil wrote:
> Garrett D'Amore wrote:
>
>
>> Today I posted some updates for iprb and fdc. These drivers, available from
>>
>> http://www.opensolaris.org/os/community/device_drivers/files/
>>
>> have made it possible for me to use suspend/resume nicely on my Dell
>> Precision M390 workstation. I'm using build 100 of Solaris. These
>> drivers also support quiesce, and I'm able to use reboot -f on this
>> platform now, as well.
>>
>> Look for files named "iprb-2008-11-01.tar.gz" and
>> "fdc-2008-11-01.tar.gz". The fdc tarball actually includes a nice
>> installation script. I wrote that after I'd already posted iprb, so the
>> iprb tarball lacks it.
>>
>
> There is a problem with the fdc webrev. I added the fdc.patch to my
> set of opensolaris sources, compiled and installed.
>
> Test-suspend (uadmin 3 22) on an ASUS M2NPV-VM with a PS/2 floppy drive
> paniced the system on suspend. System was booted without floppy media
> in the PS/2 floppy drive, nor was a floppy media inserted into the drive
> before trying the uadmin 3 22.
>
>
> Apparently it is crashing in fdc.c fdc_select_impl() because fjp->fj_drive
> is a NULL pointer:
>
> /* make sure drive is not selected in case we change speed */
> fcp->c_digout = (fcp->c_digout & ~FD_DRSEL) |
> (~unit & FD_DRSEL);
> outb(fcp->c_regbase + FCR_DOR, fcp->c_digout);
>
> (void) fdc_motorsm(fjp, FMI_STARTCMD,
> fjp->fj_drive->fdd_motoron); <<<<<<<<<<<<<<<<<<<<<<<
>
>
>
>
>
> From the panic crash dump:
>
> Loading modules: [ unix genunix specfs dtrace cpu.generic
> cpu_ms.AuthenticAMD.15
> uppc pcplusmp scsi_vhci ufs sd ip hook neti sctp arp usba s1394 stmf nca fctl
> zfs lofs md audiosup cpc random nfs fcip logindmux nsctl ptm sppp ipc ]
>
>
>> ::msgbuf
>>
> ...
> panic[cpu1]/thread=ffffff02e8b294c0:
> BAD TRAP: type=e (#pf Page fault) rp=ffffff00101c18b0 addr=24 occurred in
> module
> "fdc" due to a NULL pointer dereference
>
>
> uadmin:
> #pf Page fault
> Bad kernel fault at addr=0x24
> pid=1298, pc=0xfffffffff84ebd03, sp=0xffffff00101c19a0, eflags=0x10202
> cr0: 8005003b<pg,wp,ne,et,ts,mp,pe> cr4: 6f8<xmme,fxsr,pge,mce,pae,pse,de>
> cr2: 24
> cr3: 22f89b000
> cr8: c
>
> rdi: 3f2 rsi: f rdx: ffffff02e8b203f2
> rcx: 3 r8: 0 r9: ffffff02d2564678
> rax: f rbx: 0 rbp: ffffff00101c19e0
> r10: ffffff02edf5d1e0 r11: fffffffff785524c r12: ffffff02d2e9b080
> r13: ffffff02d2e9b208 r14: ffffff02d2e9b088 r15: ffffff02d2e9b080
> fsb: 0 gsb: ffffff02d2ebb000 ds: 4b
> es: 4b fs: 0 gs: 1c3
> trp: e err: 0 rip: fffffffff84ebd03
> cs: 30 rfl: 10202 rsp: ffffff00101c19a0
> ss: 38
>
> ffffff00101c1790 unix:die+dd ()
> ffffff00101c18a0 unix:trap+1752 ()
> ffffff00101c18b0 unix:_cmntrap+e9 ()
> ffffff00101c19e0 fdc:fdc_select_impl+13b ()
> ffffff00101c1a30 fdc:fdc_detach+16a ()
> ffffff00101c1a90 genunix:devi_detach+82 ()
> ffffff00101c1b50 cpr:cpr_suspend_devices+ae ()
> ffffff00101c1c10 cpr:cpr_suspend_devices+4c ()
> ffffff00101c1cd0 cpr:cpr_suspend_devices+4c ()
> ffffff00101c1d00 cpr:cpr_suspend+1a3 ()
> ffffff00101c1d80 cpr:cpr_main+172 ()
> ffffff00101c1db0 cpr:cpr+18c ()
> ffffff00101c1df0 unix:stubs_common_code+51 ()
> ffffff00101c1e60 genunix:kadmin+248 ()
> ffffff00101c1ec0 genunix:uadmin+120 ()
> ffffff00101c1f10 unix:brand_sys_syscall32+197 ()
>
> syncing file systems...
> 2
> 2
> done
> dumping to /dev/dsk/c6t0d0s1, offset 431030272, content: kernel
>
>
>> $C
>>
> ffffff00101c19e0 fdc_select_impl+0x13b(ffffff02d2e9b208, 0, 1)
> ffffff00101c1a30 fdc_detach+0x16a(ffffff02d2218398, 1)
> ffffff00101c1a90 devi_detach+0x82(ffffff02d2218398, 1)
> ffffff00101c1b50 cpr_suspend_devices+0xae(ffffff02d2218398)
> ffffff00101c1c10 cpr_suspend_devices+0x4c(ffffff02d0df4018)
>
>
>> ffffff02d2e9b208::print struct fcu_obj
>>
> {
> fj_flags = 0x215
> fj_lock = {
> _opaque = [ 0xffffff0010162c86 ]
> }
> fj_data = 0
> fj_drive = 0
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> fj_chars = 0
> fj_attr = 0
> fj_dip = 0xffffff02d0df49b8
> fj_rotspd = 0x12c
> fj_unit = 0
> fj_ops = fdc_iops
> fj_fdc = 0xffffff02d2e9b080
> fj_iblock = 0xffffff02d2e9b110
> }
>
>> fdc_select_impl+0x13b::dis
>>
> fdc_select_impl+0x117: movl %ebx,%ecx
> fdc_select_impl+0x119: notl %ecx
> fdc_select_impl+0x11b: andl $0x3,%ecx
> fdc_select_impl+0x11e: movl %eax,%esi
> fdc_select_impl+0x120: orl %ecx,%esi
> fdc_select_impl+0x122: movb %sil,0x178(%r12)
> fdc_select_impl+0x12a: movl 0x3c(%r12),%edi
> fdc_select_impl+0x12f: addl $0x2,%edi
> fdc_select_impl+0x132: call +0x33620c1 <outb>
> fdc_select_impl+0x137: movq 0x18(%r13),%r8
> fdc_select_impl+0x13b: movl 0x24(%r8),%edx
> <<<<<<<<<<<<<<<<<<<<<<<
> fdc_select_impl+0x13f: movq %r13,%rdi
> fdc_select_impl+0x142: movl $0x1,%esi
> fdc_select_impl+0x147: call +0x1d5c <fdc_motorsm>
> fdc_select_impl+0x14c: movq 0x28(%r13),%r8
> fdc_select_impl+0x150: movzwl (%r8),%edx
> fdc_select_impl+0x154: movq %r12,%rdi
> fdc_select_impl+0x157: movq %r13,%rsi
> fdc_select_impl+0x15a: call +0x1a11 <fdcspdchange>
> fdc_select_impl+0x15f: testl %eax,%eax
> fdc_select_impl+0x161: je +0x12 <fdc_select_impl+0x175>
>
>> ffffff02d2e9b208::print struct fcu_obj fj_fdc[0]
>>
> {
> fj_fdc->c_lock = {
> _opaque = [ 0 ]
> }
> fj_fdc->c_dorlock = {
> _opaque = [ 0xffffff02e8b294c0 ]
> }
> fj_fdc->c_iocv = {
> _opaque = 0
> }
> fj_fdc->c_selsem = {
> _opaque = [ 0, 0 ]
> }
> fj_fdc->c_suspended = 0 (B_FALSE)
> fj_fdc->c_dip = 0xffffff02d2218398
> fj_fdc->c_number = 0
> fj_fdc->c_regbase = 0x3f0
> fj_fdc->c_dmachan = 0x2
> fj_fdc->c_intprio = 0
> fj_fdc->c_intvec = 0
> fj_fdc->c_chip = 0x82077
> fj_fdc->c_mode = 0 (FDCMODE_AT)
> fj_fdc->c_flags = 0
> fj_fdc->c_intrstat = 0xffffff02d861c000
> fj_fdc->fdstats = {
> rd = 0
> wr = 0
> recal = 0x3
> form = 0
> other = 0x2
> reset = 0x1
> to = 0
> run = 0
> de = 0
> bfmt = 0
> }
> fj_fdc->c_iblock = 5
> fj_fdc->c_idevice = {
> idu = {
> _idev_vector = 0
> _idev_priority = 0
> }
> idev_softint = 0
> }
> fj_fdc->c_curunit = 0
> fj_fdc->c_timeid = 0
> fj_fdc->c_unit = [ 0xffffff02d2e9b208, 0xffffff02d2e9b268,
> 0xffffff02d2e9b2c8, 0xffffff02d2e9b328 ]
> fj_fdc->c_motort = [ 0, 0, 0, 0 ]
> fj_fdc->c_mtrstate = [ 0 (FMS_OFF), 0 (FMS_OFF), 0 (FMS_OFF), 0 (FMS_OFF)
> ]
> fj_fdc->c_curpcyl = [ 0x1, 0xffffffff, 0xffffffff, 0xffffffff ]
> fj_fdc->c_sekdir = [ '\001', '\0', '\0', '\0' ]
> fj_fdc->c_csb = {
> csb_bufp = 0
> csb_dmahandle = 0
> csb_handle_bound = 0
> csb_dmacookiecnt = 0
> csb_dmacurrcookie = 0
> csb_dmawincnt = 0
> csb_dmacurrwin = 0
> csb_dmacookie = {
> _dmu = {
> _dmac_ll = 0
> _dmac_la = [ 0, 0 ]
> }
> dmac_size = 0
> dmac_type = 0
> }
> csb_xstate = 0t13 (FXS_END)
> csb_oldxs = 7 (FXS_HDST)
> csb_npcyl = 0x1
> csb_drive = 0
> csb_ncmds = 0x3
> csb_nrslts = 0x2
> csb_opflags = 0x1
> csb_timer = 0xa
> csb_maxretry = 0x3
> csb_retrys = 0
> csb_ourtrys = 0
> csb_status = 0
> csb_cmdstat = 0
> csb_cmd = [ 0xf, 0, 0x1, 0, 0, 0, 0, 0, 0, 0 ]
> csb_rslt = [ 0x20, 0x1, 0, 0, 0, 0, 0, 0, 0, 0 ]
> }
> fj_fdc->c_digout = 0xf
> fj_fdc->c_drate = 0
> fj_fdc->c_config = 0
> fj_fdc->c_mstat = 0
> fj_fdc->c_data = 0
> fj_fdc->c_digin = 0
> fj_fdc->c_bsec = 0
> fj_fdc->c_hutsrt = 0xdf
> fj_fdc->c_hlt = 0x28
> }
>
>> ffffff02d2e9b208::print struct fcu_obj fj_drive
>>
> fj_drive = 0
>
>
