From nobody@FreeBSD.org  Wed Jun 27 18:30:50 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9DA13106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 27 Jun 2012 18:30:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 892748FC18
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 27 Jun 2012 18:30:50 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5RIUohn050618
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 27 Jun 2012 18:30:50 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q5RIUnhd050617;
	Wed, 27 Jun 2012 18:30:49 GMT
	(envelope-from nobody)
Message-Id: <201206271830.q5RIUnhd050617@red.freebsd.org>
Date: Wed, 27 Jun 2012 18:30:49 GMT
From: Steven Hartland <steven.hartland@multiplay.co.uk>
To: freebsd-gnats-submit@FreeBSD.org
Subject: panic after cam scsi cd device loss (patch included)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         169495
>Category:       kern
>Synopsis:       panic after cam scsi cd device loss (patch included)
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 27 18:40:10 UTC 2012
>Closed-Date:    Fri Jun 29 18:17:46 UTC 2012
>Last-Modified:  Fri Jun 29 18:17:46 UTC 2012
>Originator:     Steven Hartland
>Release:        8.3-RELEASE
>Organization:
Multiplay
>Environment:
FreeBSD blade26.multiplay.co.uk 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #114: Wed Jun 27 17:26:53 UTC 2012     root@build:/usr/obj/usr/src/sys/MULTIPLAY  amd64
>Description:
While testing a kernel patch we ended with a reproducable panic when disconnecting the IPMI cd device.

The panic is from the force panic in cam_periph_release_locked_buses on 8.3
panic("%s: release of %p when refcount is zero\n ", __func__, periph);

After much investigation it turns out cam/scsi_cd.c isn't testing the return from cam_periph_hold in cdclose.
>How-To-Repeat:
This is hard to repeat on a stock kernel as it seems to be very timing dependent but on our machine disconnecting the IPMI cd device causes the panic.
>Fix:
The fix is to test the return code from cam_periph_hold as done by the scsi da device, see patch attached.

Patch attached with submission follows:

--- /usr/src/sys/cam/scsi/scsi_cd.c.orig	2012-06-27 17:20:12.902599170 +0000
+++ /usr/src/sys/cam/scsi/scsi_cd.c	2012-06-27 17:39:11.567322238 +0000
@@ -1041,7 +1041,11 @@
 	softc = (struct cd_softc *)periph->softc;
 
 	cam_periph_lock(periph);
-	cam_periph_hold(periph, PRIBIO);
+	if (cam_periph_hold(periph, PRIBIO) != 0) {
+		cam_periph_unlock(periph);
+		cam_periph_release(periph);
+		return (0);
+	}
 
 	if ((softc->flags & CD_FLAG_DISC_REMOVABLE) != 0)
 		cdprevent(periph, PR_ALLOW);


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: marius 
State-Changed-When: Fri Jun 29 18:16:41 UTC 2012 
State-Changed-Why:  
Close; this was fixed in r237335 (MFC'ed to stable/9 in r237469 and to 
stable/8 in r237470). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169495 
>Unformatted:
