From owner-freebsd-current@freebsd.org Mon Feb 8 14:43:28 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9A6A2AA0181 for ; Mon, 8 Feb 2016 14:43:28 +0000 (UTC) (envelope-from sreekanth.reddy@broadcom.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 80C601017 for ; Mon, 8 Feb 2016 14:43:28 +0000 (UTC) (envelope-from sreekanth.reddy@broadcom.com) Received: by mailman.ysv.freebsd.org (Postfix) id 7F892AA0180; Mon, 8 Feb 2016 14:43:28 +0000 (UTC) Delivered-To: current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F1C4AA017F for ; Mon, 8 Feb 2016 14:43:28 +0000 (UTC) (envelope-from sreekanth.reddy@broadcom.com) Received: from mail-wm0-x22f.google.com (mail-wm0-x22f.google.com [IPv6:2a00:1450:400c:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D7B91010 for ; Mon, 8 Feb 2016 14:43:28 +0000 (UTC) (envelope-from sreekanth.reddy@broadcom.com) Received: by mail-wm0-x22f.google.com with SMTP id g62so135711094wme.0 for ; Mon, 08 Feb 2016 06:43:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=K4Y9zlGGiBw5c/i738EIPLwBDHsM0BK3xzlkBc8Uht0=; b=cAOfNXFCHQoWYTtO2yv3lDo1p2EqS86nJ7F2RT512oIVPdOSi9XjzcVKwaiLeUTdQR PrRyH6dHo7flpcamYWFOlLWU/G4KRwzxXKiUxn3NMZx8OXsoE8jbj6ray9zmYH8Th6HE gL42NkAZalsLWAYX3iH77+Kzr75uUMfkK8oHs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc :content-type; bh=K4Y9zlGGiBw5c/i738EIPLwBDHsM0BK3xzlkBc8Uht0=; b=CMBBndZjkn0JCI9zh8he6u9RgK/Q2oQ5K11gp1cL7W3SCerxZQah8zAHcBmQ4opV1D kMJFN8sSD9NIvMU1qrgXwOcupCuqenY6NTdJDpivOmEVz7JwBLjvOQkqdEMJJFawZfSU XgvrSOUcq6bfdm6z1bU9sNrl31iIAQaegRehDPkLNodsW73KbA2nb/iKRQJEmHokcyWt 0Zcpx5RdT/K1TL7OAf6SiMu3WyvlJRbbAJkilbUriJduFaSH1QzrDHDMZY315QG5mH4W 1IHxzfuMjxe6lcD/Dv8Ojf8XkXJfHpsKimiykJ7/q0ww/qUbEm1yiFtmP7mNRFuyPowe Hf4Q== X-Gm-Message-State: AG10YOR9I8UQPYxIOR+GvAiCMl0fiFERWRT9noFN6Hd6nmInc56pOg33fFkIgPnW0Lr38ONMzVR4kzkRLjYO/2GS MIME-Version: 1.0 X-Received: by 10.28.179.130 with SMTP id c124mr32128835wmf.76.1454942606347; Mon, 08 Feb 2016 06:43:26 -0800 (PST) Received: by 10.27.133.196 with HTTP; Mon, 8 Feb 2016 06:43:26 -0800 (PST) Date: Mon, 8 Feb 2016 20:13:26 +0530 Message-ID: Subject: Panic on reloading a driver with same DEVICE_PROBE() return value From: Sreekanth Reddy To: ken@freebsd.org Cc: scsi@freebsd.org, current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Mon, 08 Feb 2016 14:49:38 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2016 14:43:28 -0000 Hi, We are trying to rename our out-of-box driver from "mpslsi3" to "mpr" (which is the inbox driver name). From in-box to out-of-box driver diff is vary small. Here are the steps to reproduce this issue, 1. Replace the in-box mpr.ko file from out-of-box's mpr.ko file in /boot/kernel/ path 2. Added below line in the file /boot/loader.conf mpr_load="YES" 3. Then rebooted the server and verified that out-of-box driver is loaded during the boot time. 4. Then unloaded the mpr driver using "kldunload mpr" command. 5. Now when I reload the driver using "kldload mpr" then we observed below panic -------------------------------------------------------------------------------------------------------------------------------------------- Unread portion of the kernel message buffer: mpr0: port 0x8000-0x80ff mem 0xdfe40000-0xdfe4ffff,0xdfe00000-0xdfe3ffff irq 32 at device 0.0 on pci1 Fatal trap 12: page fault while in kernel mode cpuid = 2; apic id = 04 fault virtual address = 0x8 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8092adf9 stack pointer = 0x28:0xfffffe085d0cb2b0 frame pointer = 0x28:0xfffffe085d0cb300 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 770 (kldload) trap number = 12 panic: page fault cpuid = 2 KDB: stack backtrace: #0 0xffffffff80984e30 at kdb_backtrace+0x60 #1 0xffffffff809489e6 at vpanic+0x126 #2 0xffffffff809488b3 at panic+0x43 #3 0xffffffff80d4aadb at trap_fatal+0x36b #4 0xffffffff80d4addd at trap_pfault+0x2ed #5 0xffffffff80d4a47a at trap+0x47a #6 0xffffffff80d307f2 at calltrap+0x8 #7 0xffffffff819a0930 at _end+0x2a7d00 #8 0xffffffff8199e5ba at _end+0x2a598a #9 0xffffffff8097bbfd at device_attach+0x43d #10 0xffffffff8069385a at pci_driver_added+0xea #11 0xffffffff80979d3a at devclass_driver_added+0x7a #12 0xffffffff80979c9c at devclass_add_driver+0x11c #13 0xffffffff8092d50b at module_register_init+0xfb #14 0xffffffff80922bf7 at linker_load_module+0xc07 #15 0xffffffff80924043 at kern_kldload+0xc3 #16 0xffffffff8092411b at sys_kldload+0x5b #17 0xffffffff80d4b3f7 at amd64_syscall+0x357 ------------------------------------------------------------------------------------------------------------------------------------------ Note: * Same panic occurs, even if we unload and load the in-box mpr driver. * Now both in-box and in out-of-box drivers return with "BUS_PROBE_DEFAULT" from device_probe() callback function. we won't observe any panic if we reload the the driver with higher device_probe() return value when compared with the drive's device_probe() return value which has loaded during the OS boot time. For example: 1. First booted the OS with the out-of-box driver which returns with "BUS_PROBE_DEFAULT" device_probe() return value. 2. Then I have unloaded this out-of-box driver using kldunload command, 3. Then in driver code, I have modified the device_probe()'s return value to "BUS_PROBE_VENDOR" and then compiled and loaded this experimented driver successfully with out any panic. 4. Again I am observing same issue if I reboot the OS with this experimented driver loaded a boot time and if reload the same experimented driver. I found that panic occurs while first time allocating memory with malloc() API, In mpr driver, it occurs while executing below line while reloading the same driver, sc->facts = malloc(sizeof(MPI2_IOC_FACTS_REPLY), M_MPR, M_ZERO|M_NOWAIT); Here are my quires: * Why driver reload will successful only if the device_probe()'s return value is higher then the driver which has loaded during OS boot time. Whether kernel will save device_probe()'s return value of the driver which is loaded during the OS boot time. * How can I reload the modified driver with return same device_probe() value as the one which has loaded during the OS boot time. I observed that whenever I try to load this modified driver using "kldload ./mpr.ko" command then I see that driver in the /boot/kernel/ path has executed. Thanks, Sreekanth