From dean@stack.nl  Fri Apr 22 13:04:05 2005
Return-Path: <dean@stack.nl>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A389B16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 22 Apr 2005 13:04:05 +0000 (GMT)
Received: from mailhost.stack.nl (vaak.stack.nl [131.155.140.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D2D2443D39
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 22 Apr 2005 13:04:04 +0000 (GMT)
	(envelope-from dean@stack.nl)
Received: from toad.stack.nl (zen.stack.nl [IPv6:2001:610:1108:5010::130])
	by mailhost.stack.nl (Postfix) with ESMTP id DD39D1F201;
	Fri, 22 Apr 2005 15:04:03 +0200 (CEST)
Received: by toad.stack.nl (Postfix, from userid 1600)
	id CAA9D99; Fri, 22 Apr 2005 15:04:03 +0200 (CEST)
Message-Id: <20050422130403.CAA9D99@toad.stack.nl>
Date: Fri, 22 Apr 2005 15:04:03 +0200 (CEST)
From: Dean Strik <dean@ipnet6.org>
Reply-To: Dean Strik <dean@ipnet6.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Dean Strik <dean@stack.nl>
Subject: Wrong mtx_unlock in IPS morpheus-specific code causing panic
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         80246
>Category:       kern
>Synopsis:       [patch] Wrong mtx_unlock in IPS morpheus-specific code causing panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 22 13:10:10 GMT 2005
>Closed-Date:    Mon Jun 06 16:16:15 GMT 2005
>Last-Modified:  Mon Jun 06 16:16:15 GMT 2005
>Originator:     Dean Strik
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Eindhoven University of Technology
>Environment:
System: FreeBSD sphinx.ipnet6.org 5.4-STABLE FreeBSD 5.4-STABLE #2: Fri Apr 22 14:23:05 CEST 2005 dean@sphinx.ipnet6.org:/usr/obj/usr/src/sys/SPHINX  i386

ips0: <IBM ServeRAID Adapter> mem 0xe9300000-0xe9301fff irq 20 at device 8.0 on pci0
ips0: adapter type: ServeRAID 4M (morpheus)
ips0: logical drives: 1
ips0: Logical Drive 0: RAID5 sectors: 286744576, state OK
ipsd0: <Logical Drive> on ips0
ipsd0: Logical Drive  (140012MB)
>Description:
	(description is for 5.4-STABLE, applies to -current as well)

	In ips/ips.c, the Morpheus-specific function ips_morpheus_intr():
		mtx_lock(&sc->queue_mtx);
		ips_morpheus_check_intr(sc);
		mtx_unlock(&sc->queue_mtx);
	Yet ips_morpheus_check_intr() does the same mtx_unlock():
		if(!(oisr & MORPHEUS_BIT_CMD_IRQ)){
			DEVICE_PRINTF(2,sc->dev, "got a non-command irq\n");
			mtx_unlock(&sc->queue_mtx);
			return (0);
		}
	causing a panic.

>How-To-Repeat:
	Inititialize the ips driver when using a Morpheus card.
>Fix:

The attached patch to src/sys/dev/ips/ips.c removes the mtx_unlock in
ips.c::ips_morpheus_check_intr(). However, looking at the diff between revision
1.15 and 1.16 of ips.c in ips_morpheus_intr(), other changes may be 
necesary..

--- ips-mtxunlock.patch begins here ---
--- ips.c	Fri Apr 22 14:07:02 2005
+++ ips.c	Fri Apr 22 14:16:03 2005
@@ -512,7 +512,6 @@
 	PRINTF(9, "interrupt registers out:%x\n", oisr);
 	if(!(oisr & MORPHEUS_BIT_CMD_IRQ)){
 		DEVICE_PRINTF(2,sc->dev, "got a non-command irq\n");
-		mtx_unlock(&sc->queue_mtx);
 		return (0);	
 	}
 	while((status.value = ips_read_4(sc, MORPHEUS_REG_OQPR)) != 0xffffffff){
--- ips-mtxunlock.patch ends here ---

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: arved 
State-Changed-When: Mon Jun 6 16:15:45 GMT 2005 
State-Changed-Why:  
Fixed by scottl on May 6, Thanks for reporting! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=80246 
>Unformatted:
