Created attachment 166215 [details] Patch to fix the NULL pointer dereference This bug is reported from NetApp: -------------- We found, what we believe to be, a bug in storvsc_create_bounce_buffer and storvsc_destroy_bounce_buffer. http://fxr.watson.org/fxr/source/dev/hyperv/storvsc/hv_storvsc_drv_freebsd.c?v=FREEBSD10#L1529 A panic was hit when the g_hv_sgl_page_pool.in_use_sgl_list list is empty. The remove of a NULL sgl_node causes a page fault. To address this (and the same code in create_bounce_buffer), we added a LIST_EMPTY check prior to calling LIST_FIRST and LIST_REMOVE. -------------- This bug cannot be easily reproduced. It may be triggered in some corner case.
I've already told Wei that creating your own bounce buffer is a bad idea. Instead you should use the BUSDMA API and let it take care of the bouncing when necessary: https://reviews.freebsd.org/D1964 IIRC something was missing in BUSDMA so that the HyperV storage driver could use it, we should look into adding what's needed and then removing this custom bounce buffering. Please upload the patch to the review system. Roger.
Yes, the final fix should be using BUSDMA. Temporarily we still used the customized bounce buffer. The code review for this patch: https://reviews.freebsd.org/D5097
Patch committed as base r295295