netbsd-bugs: kern/11038: [dM] ddb.onpanic=0 but still land in ddb

Subject: kern/11038: [dM] ddb.onpanic=0 but still land in ddb
To: None <gnats-bugs@gnats.netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: netbsd-bugs
Date: 09/18/2000 10:53:28
>Number:         11038
>Category:       kern
>Synopsis:       [dM] ddb.onpanic=0 but still drops into ddb
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 18 10:59:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     der Mouse
>Release:        1.4T (see below for exact file versions)
>Organization:
	Dis-
>Environment:
	Any; observed primarily on SPARCs (IPX, SS2, etc)
>Description:
	Setting ddb.onpanic to 0 is not enough to ensure that the
	machine doesn't drop into ddb on certain errors.  Various
	pieces of code call Debugger() directly, without checking
	db_onpanic, #ifdef DDB.

	Finding all such places is fairly easy:
	% cd /sys
	% find . -type f -name '*.[ch]' -print | xargs egrep -l Debugger

	Filtering out false positives is tedious.  An eyeball search,
	with all the error potential that implies, gives the following
	list of files, versions, and approximate line numbers.  I have
	omitted cases where the Debugger() call is conditional on
	something like a run-time subsystem-specific debugging bit that
	would not normally be turned on (even in a DEBUG and DIAGNOSTIC
	kernel), and calls conditional on things like boothowto&RB_KDB
	that are *supposed* to call Debugger regardless.  When
	uncertain, I've tried to err on the side of false positives.

	File				Ver	Line(s)
	arch/amiga/amiga/trap.c		1.72	361
	arch/amiga/dev/flsc.c		1.25	354
	arch/amiga/dev/if_es.c		1.24	590
	arch/amiga/dev/sbic.c		1.38	405, 559, 663, 744,
						1305, 1544, 1712, 1944,
						2553
	arch/amiga/dev/siop2.c		1.14	364, 980, 1180, 1219,
						1330, 1458, 1533
	arch/amiga/dev/siop.c		1.43	378, 915, 1101, 1210,
						1332, 1405
	arch/i386/isa/fd.c		1.131	1125
	arch/mac68k/mac68k/machdep.c	1.243	963, 984
	arch/mac68k/mac68k/macrom.c	1.44	376
	arch/sparc/dev/fd.c		1.77	1519
	arch/sparc/dev/si.c		1.54	547, 974
	arch/sparc/sparc/trap.c		1.88	411
	arch/sun3/dev/si.c		1.46	224, 272, 329
	arch/sun3/dev/si_obio.c		1.21	340
	arch/sun3/dev/fd.c		1.15	1239
	arch/alpha/isa/fd.c		1.8	1082
	arch/atari/dev/hdfd.c		1.19	1026
	arch/mvme68k/dev/sbic.c		1.11	396, 564, 687, 751,
						1462, 1612, 1785, 2538
	arch/mvme68k/dev/siop.c		1.3	378, 914, 1039, 1078,
						1187, 1309, 1382
	arch/arm32/arm32/ast.c		1.16	83, 137
	arch/arm32/arm32/undefined.c	1.16	223
	arch/arm32/mainbus/fd.c		1.27	1076
	arch/arm32/podulebus/asc.c	1.26	260, 377, 469
	arch/arm32/podulebus/sbic.c	1.14	415, 570, 703, 786,
						1392, 1637, 1808, 2050,
						2660
	arch/mips/mips/vm_machdep.c	1.47	409
	arch/x68k/x68k/machdep.c	1.76	916
	arch/x68k/dev/fd.c		1.30	1204, 1277
	arch/x68k/dev/mha.c		1.18	224
	arch/powerpc/powerpc/trap.c	1.23	301
	arch/bebox/isa/fd.c		1.11	1137
	arch/sparc64/sparc64/trap.c	1.35	504, 669, 1002, 1010,
						1222, 1230, 1472, 1480,
						1606, 1614, 1801, 1885,
						1942
	arch/sparc64/sparc64/svr4_machdep.c 1.10 140, 236, 529
	arch/sparc64/sparc64/sunos_machdep.c 1.8 246
	arch/sparc64/sparc64/pmap.c	1.47	1200, 1560, 1830, 1964,
						2073, 2081, 2240, 2480,
						2502, 2522, 2541, 2551,
						2576, 2596, 2621, 2643,
						2653, 2671, 2683, 2727,
						2739, 2810, 2842, 2869,
						2883, 2894, 2930, 2955,
						2978, 2991, 3010, 3145,
						3152, 3332, 3390, 3398,
						3459
	arch/sparc64/sparc64/openfirm.c	1.8	505
	arch/sparc64/sparc64/machdep.c	1.56	635, 651, 669, 1096
	arch/sparc64/sparc64/compat_13_machdep.c 1.6 84, 101, 120
	arch/sparc64/sparc64/netbsd32_machdep.c 1.5 279, 295, 311, 374,
						390, 408
	arch/sparc64/fpu/fpu.c		1.3	171
	arch/sparc64/dev/zs.c		1.13	175
	arch/sparc64/dev/sbus.c		1.23	795, 819
	arch/sparc64/dev/ebus_bus.c	1.4	545, 616
	arch/sparc64/dev/fd.c		1.11	1253
	arch/sparc64/dev/iommu.c	1.3	352
	arch/sparc64/dev/psycho_bus.c	1.5	647, 715
	arch/arc/dti/btl.c		1.2	858
	arch/arc/dev/fd.c		1.16	921
	dev/eisa/ahb.c			1.28	314, 351, 625
	dev/eisa/uha_eisa.c		1.14	253
	dev/isa/uha_isa.c		1.18	294
	dev/ic/aha.c			1.25	749
	dev/ic/aic6360var.h		1.6	191
	dev/ic/bha.c			1.34	532
	dev/ic/uha.c			1.23	394
	dev/ic/adv.c			1.15	919
	dev/ic/adw.c			1.14	1104
	dev/ic/mb89352var.h		1.2	188
	ufs/lfs/lfs_debug.c		1.9	231
	ufs/lfs/lfs_vfsops.c		1.46	741
	uvm/uvm_map_i.h			1.16	200, 228

	There are a bunch more that possibly should be conditional on
	db_fromconsole (but aren't).

	arch/next68k/next68k/machdep.c 1.29 line 1004 looks suspicious
	given the "...or parity errors" part of the comment above the
	function.

	arch/arm32/shark/scr.c 1.6 may need attention too; I'm not
	sure.
>How-To-Repeat:
	Trip over one of the conditions tested in any of the
	files/lines listed above.  Note that you get dropped into DDB
	even if ddb.onpanic is zero.
>Fix:
	Someone needs to look at each of the above and decide what the
	Right Thing is in each case.  Some of them may be right; AFAICT
	there is no uniform routine like panic() for "drop into DDB if
	present, otherwise ignore", but some of the above look like
		#ifdef DDB
			Debugger();
		#else
			panic(...);
		#endif
	which is appropriate only when the condition might be
	recoverable by poking at things in DDB - and even then, there
	should be a way to set it for unattended operation.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
>Release-Note:
>Audit-Trail:
>Unformatted: