From owner-freebsd-mobile@FreeBSD.ORG  Tue Jul  6 18:11:59 2010
Return-Path: <owner-freebsd-mobile@FreeBSD.ORG>
Delivered-To: freebsd-mobile@freebsd.org
Received: from [127.0.0.1] (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by hub.freebsd.org (Postfix) with ESMTP id C2AE2106574E;
	Tue,  6 Jul 2010 18:11:59 +0000 (UTC)
	(envelope-from jkim@FreeBSD.org)
From: Jung-uk Kim <jkim@FreeBSD.org>
To: Yamagi Burmeister <lists@yamagi.org>
Date: Tue, 6 Jul 2010 14:11:43 -0400
User-Agent: KMail/1.6.2
References: <alpine.BSF.2.00.1007011623470.2777@screw.home.yamagi.org>
	<alpine.BSF.2.00.1007012019490.2120@maka.home.yamagi.org>
In-Reply-To: <alpine.BSF.2.00.1007012019490.2120@maka.home.yamagi.org>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201007061411.44873.jkim@FreeBSD.org>
Cc: Christoph Mallon <christoph.mallon@gmx.de>, freebsd-mobile@freebsd.org
Subject: Re: PATCH: Crash while suspending on FreeBSD/amd64 8.1-RC2
X-BeenThere: freebsd-mobile@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobile computing with FreeBSD <freebsd-mobile.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>, 
	<mailto:freebsd-mobile-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-mobile>
List-Post: <mailto:freebsd-mobile@freebsd.org>
List-Help: <mailto:freebsd-mobile-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>,
	<mailto:freebsd-mobile-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 18:12:00 -0000

On Thursday 01 July 2010 02:43 pm, Yamagi Burmeister wrote:
> Okay, with the help of a friend of mine I managed to track this
> down.
>
> > (kgdb) bt
> > #0  doadump () at pcpu.h:223
> > #1  0xffffffff8020dfe9 in boot (howto=260) at
> > /usr/src/sys/kern/kern_shutdown.c:416
> > #2  0xffffffff8020e41c in panic (fmt=0xffffffff8044ebbb "%s")
> >    at /usr/src/sys/kern/kern_shutdown.c:590
> > #3  0xffffffff80408bc8 in trap_fatal (frame=0xffffff0004a4e000,
> > eva=Variable "eva" is not available.
> > )
> >    at /usr/src/sys/amd64/amd64/trap.c:777
> > #4  0xffffffff80408f94 in trap_pfault (frame=0xffffff803da285e0,
> > usermode=0)
> >    at /usr/src/sys/amd64/amd64/trap.c:693
> > #5  0xffffffff804097da in trap (frame=0xffffff803da285e0)
> >    at /usr/src/sys/amd64/amd64/trap.c:451
> > #6  0xffffffff803ef543 in calltrap () at
> > /usr/src/sys/amd64/amd64/exception.S:223
> > #7  0xffffffff80406f16 in bcopy () at
> > /usr/src/sys/amd64/amd64/support.S:124
> > #8  0xffffffff80745fb7 in vesa_bios_save_restore (code=1,
> > p=0xffffff80002a6004,
> >    size=4928) at
> > /usr/src/sys/modules/vesa/../../dev/fb/vesa.c:551 #9 
> > 0xffffffff80746059 in vesa_save_state (adp=Variable "adp" is not
> > available.
> > )
> >    at /usr/src/sys/modules/vesa/../../dev/fb/vesa.c:1429
> > #10 0xffffffff80424144 in vga_suspend (dev=0xffffff0001632a00)
> >    at /usr/src/sys/isa/vga_isa.c:81
> > #11 0xffffffff804241d7 in isavga_suspend (dev=0xffffff0001632a00)
> >    at /usr/src/sys/isa/vga_isa.c:234
>
> The problem is on stack level 8. Line 538 in sys/dev/fb/vesa.c
> returns NULL because x86bios_alloc(&offs, size); couldn't allocate
> memory. In line 551 the nullpointer is passed to bcopy(), causing
> the crash. A simple sollution is to add a nullpointer check like
> the attached patch does. But I'm not sure if that's the right
> solution, since the VGA state will not be saved if the check
> triggers.
>
> --- vesa.c_	2010-07-01 20:38:54.000000000 +0200
> +++ vesa.c	2010-07-01 20:38:03.000000000 +0200
> @@ -536,6 +536,8 @@
>  		return (1);
>
>  	buf = x86bios_alloc(&offs, size);
> +	if (buf == NULL)
> +		return (1);
>
>  	x86bios_init_regs(&regs);
>  	regs.R_AX = 0x4f04;

Fixed on HEAD.  Will be MFC'ed soon.

Thanks!

Jung-uk Kim