Re: current dom0 panic on domu launch

[Christoph Egger <Christoph_Egger%gmx.de@localhost>]

On Wednesday 14 October 2009 11:55:55 Manuel Bouyer wrote:
> On Wed, Oct 14, 2009 at 08:05:43AM +0200, Christoph Egger wrote:
> > Index: sys/dev/scsipi/sd.c
> > ===================================================================
> > RCS file: /cvsroot/src/sys/dev/scsipi/sd.c,v
> > retrieving revision 1.289
> > diff -u -p -r1.289 sd.c
> > --- sys/dev/scsipi/sd.c     3 Aug 2009 09:40:45 -0000       1.289
> > +++ sys/dev/scsipi/sd.c     14 Oct 2009 05:50:21 -0000
> > @@ -1188,7 +1188,9 @@ sdioctl(dev_t dev, u_long cmd, void *add
> >              */
> >             if ((flag & FWRITE) == 0)
> >                     return (EBADF);
> > -           if (((sd->flags & SDF_DIRTY) != 0 || *(int *)addr != 0)) {
> > +           if (((sd->flags & SDF_DIRTY) != 0 ||
> > +              (addr && *(int *)addr != 0)))
> > +           {
> >                     error = sd_flush(sd, 0);
> >                     if (error)
> >                             sd->flags &= ~SDF_FLUSHING;
>
> that's probably the wrong thing to do, some cache flush operations
> would be ignored. Better fix the caller to provice a non-NULL, non-0
> int pointer.

This is the backtrace provided by Sarton in an earlier mail:

sdioctl() at netbsd:sdioctl+0x506
VOP_IOCTL() at netbsd:VOP_IOCTL+0x31
xbdback_do_io() at netbsd:xbdback_do_io+0xd2
workqueue_worker() at netbsd:workqueue_worker+0x81

IN xbdback_do_io(), there's this line:

                error = VOP_IOCTL(xbdi->xbdi_vp, DIOCCACHESYNC, NULL, FWRITE,
                    kauth_cred_get());

where NULL is explicitely passed to addr.
If sd.c is correct as is, then xbdback_do_io() is wrong.

Christoph