Re: current dom0 panic on domu launch

[Christoph Egger <Christoph_Egger%gmx.de@localhost>]

Sarton O'Brien wrote:
> On 6/10/2009 7:45 AM, Sarton O'Brien wrote:
>> On 5/10/2009 11:45 PM, Christoph Egger wrote:
>>> rcx is 0, so this is a NULL-pointer dereference.
>>>
>>> What is the output of
>>>
>>> gdb netbsd.gdb
>>> (gdb) list *(0xffffffff805651f3)
>>>
>>> ?
>>
>> gdb /usr/src/sys/arch/amd64/compile/obj/XEN3_DOM0/netbsd.gdb
>>
>> (gdb) list *(0xffffffff805651f3)
>> 0xffffffff805651f3 is in sdioctl (/usr/src/sys/dev/scsipi/sd.c:1191).
>> 1186 * XXX Do we really need to care about having a writable
>> 1187 * file descriptor here?
>> 1188 */
>> 1189 if ((flag & FWRITE) == 0)
>> 1190 return (EBADF);
>> 1191 if (((sd->flags & SDF_DIRTY) != 0 || *(int *)addr != 0)) {
>> 1192 error = sd_flush(sd, 0);
>> 1193 if (error)
>> 1194 sd->flags &= ~SDF_FLUSHING;
>> 1195 else

This is in DIOCCACHESYNC and 'addr' is NULL.
Sarton: Please give attached patch a try.


XXX addr is not used in the DIOCCACHESYNC section at all.
What is the 'addr' check needed for?

Christoph

Index: sys/dev/scsipi/sd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/scsipi/sd.c,v
retrieving revision 1.289
diff -u -p -r1.289 sd.c
--- sys/dev/scsipi/sd.c 3 Aug 2009 09:40:45 -0000       1.289
+++ sys/dev/scsipi/sd.c 14 Oct 2009 05:50:21 -0000
@@ -1188,7 +1188,9 @@ sdioctl(dev_t dev, u_long cmd, void *add
                 */
                if ((flag & FWRITE) == 0)
                        return (EBADF);
-               if (((sd->flags & SDF_DIRTY) != 0 || *(int *)addr != 0)) {
+               if (((sd->flags & SDF_DIRTY) != 0 ||
+                  (addr && *(int *)addr != 0)))
+               {
                        error = sd_flush(sd, 0);
                        if (error)
                                sd->flags &= ~SDF_FLUSHING;