Mercurial > illumos > illumos-gate
changeset 12948:ea5597b82cd8
6964679 Maguro+: System panic "kernel heap corruption detected"
author | Mark Logan <Mark.Logan@Sun.COM> |
---|---|
date | Wed, 28 Jul 2010 11:20:25 -0700 |
parents | c7112a30cb32 |
children | dd7214c03e0d |
files | usr/src/uts/common/io/sata/adapters/si3124/si3124.c |
diffstat | 1 files changed, 44 insertions(+), 36 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/uts/common/io/sata/adapters/si3124/si3124.c Wed Jul 28 13:12:37 2010 -0400 +++ b/usr/src/uts/common/io/sata/adapters/si3124/si3124.c Wed Jul 28 11:20:25 2010 -0700 @@ -1305,7 +1305,11 @@ if (spkt->satapkt_op_mode & (SATA_OPMODE_POLLING|SATA_OPMODE_SYNCH)) { /* we need to poll now */ si_poll_cmd(si_ctlp, si_portp, cport, slot, spkt); - + /* + * The command has completed, and spkt will be freed by the + * sata module, so don't keep a pointer to it lying around. + */ + si_portp->siport_slot_pkts[slot] = NULL; } mutex_exit(&si_portp->siport_mutex); @@ -1401,9 +1405,9 @@ } satapkt = si_portp->siport_slot_pkts[tmpslot]; - ASSERT(satapkt != NULL); - - if (satapkt->satapkt_cmd.satacmd_flags.sata_special_regs) { + + if (satapkt != NULL && + satapkt->satapkt_cmd.satacmd_flags.sata_special_regs) { si_copy_out_regs(&satapkt->satapkt_cmd, si_ctlp, port, tmpslot); } @@ -1429,36 +1433,41 @@ "handling failed slot: 0x%x", tmpslot); satapkt = si_portp->siport_slot_pkts[tmpslot]; - ASSERT(satapkt != NULL); - if (satapkt->satapkt_device.satadev_type == - SATA_DTYPE_ATAPICD) { - si_set_sense_data(satapkt, SATA_PKT_DEV_ERROR); - } - - - flagsp = &satapkt->satapkt_cmd.satacmd_flags; - - flagsp->sata_copy_out_lba_low_msb = B_TRUE; - flagsp->sata_copy_out_lba_mid_msb = B_TRUE; - flagsp->sata_copy_out_lba_high_msb = B_TRUE; - flagsp->sata_copy_out_lba_low_lsb = B_TRUE; - flagsp->sata_copy_out_lba_mid_lsb = B_TRUE; - flagsp->sata_copy_out_lba_high_lsb = B_TRUE; - flagsp->sata_copy_out_error_reg = B_TRUE; - flagsp->sata_copy_out_sec_count_msb = B_TRUE; - flagsp->sata_copy_out_sec_count_lsb = B_TRUE; - flagsp->sata_copy_out_device_reg = B_TRUE; - - si_copy_out_regs(&satapkt->satapkt_cmd, si_ctlp, port, tmpslot); - - /* - * In the case of NCQ command failures, the error is - * overwritten by the one obtained from issuing of a - * READ LOG EXTENDED command. - */ - if (si_portp->siport_err_tags_SDBERROR & (1 << tmpslot)) { - satapkt->satapkt_cmd.satacmd_error_reg = - si_read_log_ext(si_ctlp, si_portp, port); + + if (satapkt != NULL) { + + if (satapkt->satapkt_device.satadev_type == + SATA_DTYPE_ATAPICD) { + si_set_sense_data(satapkt, SATA_PKT_DEV_ERROR); + } + + + flagsp = &satapkt->satapkt_cmd.satacmd_flags; + + flagsp->sata_copy_out_lba_low_msb = B_TRUE; + flagsp->sata_copy_out_lba_mid_msb = B_TRUE; + flagsp->sata_copy_out_lba_high_msb = B_TRUE; + flagsp->sata_copy_out_lba_low_lsb = B_TRUE; + flagsp->sata_copy_out_lba_mid_lsb = B_TRUE; + flagsp->sata_copy_out_lba_high_lsb = B_TRUE; + flagsp->sata_copy_out_error_reg = B_TRUE; + flagsp->sata_copy_out_sec_count_msb = B_TRUE; + flagsp->sata_copy_out_sec_count_lsb = B_TRUE; + flagsp->sata_copy_out_device_reg = B_TRUE; + + si_copy_out_regs(&satapkt->satapkt_cmd, si_ctlp, + port, tmpslot); + + /* + * In the case of NCQ command failures, the error is + * overwritten by the one obtained from issuing of a + * READ LOG EXTENDED command. + */ + if (si_portp->siport_err_tags_SDBERROR & + (1 << tmpslot)) { + satapkt->satapkt_cmd.satacmd_error_reg = + si_read_log_ext(si_ctlp, si_portp, port); + } } CLEAR_BIT(failed_tags, tmpslot); @@ -1496,11 +1505,10 @@ } satapkt = si_portp->siport_slot_pkts[tmpslot]; - ASSERT(satapkt != NULL); SIDBG1(SIDBG_ERRS, si_ctlp, "si_mop_commands aborting spkt: %x", satapkt); - if (satapkt->satapkt_device.satadev_type == + if (satapkt != NULL && satapkt->satapkt_device.satadev_type == SATA_DTYPE_ATAPICD) { si_set_sense_data(satapkt, SATA_PKT_ABORTED); }