Patch ID	: P95020202
Summary		: spl problems cause data fault in vme_interrupt()
Status		: Mandatory
Date		: 02/02/95
Release		: OS 4.1C
Architectures	: Series5 Series6
Affected bugs	:
	2734
	2740

Changed files	:
	sys/kbus/machdep.c (delta 1.17)

Problem Description:

vme_interrupt() was not correctly protecting itself against additional
interrupts while handling an already-received interrupt.  This can
cause many odd symptoms, the most common of which is a data fault
somewhere in vme_interrupt().  Other symptoms can include hat lock
timeouts.  Sample tracebacks follow.

Data fault:

BAD TRAP on cpu 0 in slot 5, ipl = 136
MXCC error reg hi = 0x00000000, lo = 0x00000000
cpu 0 in slot 5 pid 26709, `simv': Data fault
kernel read fault at addr=0xf2364710, pte=0x0
Fault Status Reg: 126<Fault_address_valid> Invalid_address Supervisor_data_load Level1
pid=26709 rp=0xff1f2e3c pc= _vme_interrupt+758(ff1cc1b0) sp=0xff1f2ef0 psr=0x404010c4 ipl=0xff ctxnum=0x68
g1-g7: 404010a5, 40401fa5, 40401fa5, 80, 2c68c0, ff0a2250, ff1cc18c
Begin traceback { sp = ff1f2ef0
Called from vme_int+14(ff0a2250), fp=ff1f3028
        args=ff3127f0 1 ff3127f0 f3127f00 ff23c810 48
Called from TOO LOW+2c68c0(2c68c0), fp=f7ffeb20
        args=1fde0f8 f7ffeb80 31 7 1 19540
End traceback }


Hat lock timeout:

BAD TRAP on cpu 0 in slot 5, ipl = 136
MXCC error reg hi = 0x00000000, lo = 0x00000000
cpu 0 in slot 5 pid 571, `simv': Data fault
panic on cpu 0 in slot 5: lock error: lock timeout
    lock 0xff2866f8:`hat' held by cpu 2 in slot 10
    caused lock timeout on cpu 0 in slot 5 u_procp 0xff5269e8 pid 571 u_comm `simv'
    lock `hat' backtrace:
	Called from _hat_mon_enter+54(ff181f10)
	Called from _hat_pagesync+4(ff18060c)
	Called from _pvn_getdirty+160(ff16a344)


cpu 0 in slot 5 traceback: rp=0xff1f2a0c, pid=571, pc= _assert_nmi+9c(ff0a2ac0), sp=0xff1f2ac0
                psr=0x40401fc3, ipr=255, ctxnum=0x34 u_comm `simv'
Begin traceback { sp = ff1f2ac0
Called from _panic_lock_timeout+10c(ff178d0c), fp=ff1f2b40
	args=ff27db60 ff27db60 ff27d17d ff27d17e ff27db60 ff27db10
Called from lock_panic_4+c(ff1d037c), fp=ff1f2bb8
	args=ff2866f8 ff1d0388 63000 ff2863c8 0 23b
Called from _hat_mon_enter+54(ff181f10), fp=ff1f2c18
	args=ff2866f8 2 0 ff269bc0 0 96b
Called from _mmu_getpte+cc(ff180cc8), fp=ff1f2c78
	args=ff252000 0 ff000000 0 1 ff
Called from _showregs+1dc(ff1d4954), fp=ff1f2ce0
	args=7f27af74 ff1f2d4c 23b ff269c00 0 7f27af74
Called from _trap+488(ff1d2400), fp=ff1f2d50
	args=9 ff1f2e3c 7f27af74 1a6 2 ff
Called from fault+40(ff0a1efc), fp=ff1f2de0
	args=9 ff1f2e3c 7f27af74 1a6 2 88
Called from _etext+50918(ff23c808), fp=ff1f2ef0
	args=ff1f2f74 20022000 80088000 12 12 120
Called from vme_int+14(ff0a2250), fp=ff1f3028
	args=0 1 ff322d08 1 1 48
Called from TOO LOW+1ae104(1ae104), fp=f7ffefc8
	args=f7fff028 2ee17fd 31 6 ffffff01 0
End traceback }

cpu 1 in slot 11 traceback: rp=0xff1f5dbc, pid=489, pc= sl_lock_wait+1c(ff1cfa1c), sp=0xff1f5e70
                psr=0x400000c2, ipr=140, ctxnum=0x40 u_comm `uProc'
Begin traceback { sp = ff1f5e70
Called from _do_protocol+148(ff1bbbc4), fp=ff1f5ed0
	args=ff2f90b0 fce69600 ff1f5f38 ffff8e01 0 0
Called from _eiread+268(ff1b477c), fp=ff1f5f48
	args=ff3175e2 fce69600 ff2f90b0 88 8c 0
Called from _eiintr+314(ff1b4134), fp=ff1f5fb0
	args=ff2f90b0 ff310048 1 ff3175f0 ff3175e0 fce69600
Called from level3+30(ff0a2414), fp=ff1f6028
	args=ff310048 1 0 4f3 ff2f90b0 ff525bd0
Called from TOO LOW+400(400), fp=ffffee60
	args=3c3 ff269c8c 7fffffff aed0 ffffeee8 99cf0
Called from sr_user+bc(ff0a19bc), fp=ffffeef0
	args=400 ffffef4c 0 0 0 fd8054c0
Called from TOO LOW+6384(6384), fp=f7fff980
	args=8 f7fffa20 f7fffa00 f7fff9e0 2ed18 22314
End traceback }

cpu 2 in slot 10 traceback: rp=0xffffe70c, pid=582, pc= _usec_delay+64(ff1d1184), sp=0xffffe7c0
                psr=0x404010c5, ipr=142, ctxnum=0x33 u_comm `simv'
Begin traceback { sp = ffffe7c0
Called from _hat_sync_tlb+268(ff182300), fp=ffffe820
	args=0 ff269c46 ff269c50 10e45392 21c8a726 10e45393
Called from _hat_mpsetpte+90(ff181fe0), fp=ffffe890
	args=ffffe884 ff26b04c ff26b058 ff26b046 ff26b050 0
Called from _hat_pagesync+c4(ff1806cc), fp=ffffe8f8
	args=b2a9719e ff4618fc fd43f000 ff4769cc 1 ff0fffff
Called from _pvn_getdirty+160(ff16a344), fp=ffffe960
	args=ff94d68c 0 20 fd43f000 ff4618fc ff94d6ac
Called from _pvn_range_dirty+ac(ff16a8b8), fp=ffffe9c0
	args=ff94d68c ffffea24 2100 4b2c000 fa8ccb04 ffffffff
Called from _ufs_putpage+3b8(ff15bb88), fp=ffffea28
	args=fa8ccb04 4b2c000 4b3bfff 2000 4b46000 2100
Called from _ufs_l_putpage+30(ff15e0e4), fp=ffffeaa8
	args=fa8ccb04 fa8ccafc c000 4b3a000 4b2c000 4b2c000
Called from _segmap_release+17c(ff161d3c), fp=ffffeb10
	args=fa8ccb04 4b38000 2000 2100 0 0
Called from _rwip+994(ff156670), fp=ffffeb70
	args=fa87e000 fd586000 7 fd803b98 fd804b58 2100
Called from _ufs_rdwr+1c0(ff155a54), fp=ffffec08
	args=fa8ccafc ffffee2c 1 6fa 4 7
Called from _ufs_l_rdwr+80(ff15da10), fp=ffffec80
	args=fa8ccb04 ffffee2c 1 1 fa87e958 fa8ccafc
Called from _vno_rw+114(ff10c60c), fp=ffffece8
	args=fa8ccb04 ffffee2c 1 1 fa87e958 1000
Called from _rwuio+278(ff0f3500), fp=ffffed48
	args=ff515e08 1 ffffee2c 1 fa8ccb04 1
Called from _write+2c(ff0f2720), fp=ffffedc0
	args=ffffee2c 1 ff515e08 ff244784 ffffee2c ff515e08
Called from _syscall+6e0(ff1d3aac), fp=ffffee40
	args=ffffef78 0 4 20 ff241824 2000
Called from SC_st_have_window+c(ff0a2b88), fp=ffffeef0
	args=0 17ca 31 89511b0 ffffef4c fd8054c0
Called from TOO LOW+f76e3b28(f76e3b28), fp=f7ffe270
	args=a 86aff98 2000 2000 2000 2000
End traceback }

cpu 3 in slot 8 traceback: rp=0xff1fbdbc, pid=560, pc= sl_lock_wait+8(ff1cfa08), sp=0xff1fbe70
                psr=0x400010c6, ipr=140, ctxnum=0x36 u_comm `simv'
Begin traceback { sp = ff1fbe70
Called from _do_protocol+148(ff1bbbc4), fp=ff1fbed0
	args=ff2f8f28 fce6d880 ff1fbf38 0 1 fce67c00
Called from _eiread+268(ff1b477c), fp=ff1fbf48
	args=ff304ee2 fce6d880 ff2f8f28 da 8c 0
Called from _eiintr+314(ff1b4134), fp=ff1fbfb0
	args=ff2f8f28 ff300020 0 ff304ef0 ff304ee0 fce6d880
Called from level3+30(ff0a2414), fp=ff1fc028
	args=ff300020 1 0 4f3 ff2f8f28 ff1f0000
Called from _vno_rw+f0(ff10c5e8), fp=ffffece8
	args=ff26d500 2 2 ff26a7c0 9f54087f 1000
Called from _rwuio+278(ff0f3500), fp=ffffed48
	args=ff515a18 1 ffffee2c 2 fa8eddbc 1
Called from _write+2c(ff0f2720), fp=ffffedc0
	args=ffffee2c 1 ff515a18 ff244784 ffffee2c ff515a18
Called from _syscall+6e0(ff1d3aac), fp=ffffee40
	args=ffffef78 0 4 20 ff241824 2000
Called from SC_st_have_window+c(ff0a2b88), fp=ffffeef0
	args=0 ffffffff 1841530 344 ffffef4c fd8054c0
Called from TOO LOW+f76e3b28(f76e3b28), fp=f7ffe468
	args=13 aa310b8 2000 2000 2000 2000
End traceback }

cpu 4 in slot 6 traceback: rp=0xff1feeac, pid=594, pc= sl_lock_wait+18(ff1cfa18), sp=0xff1fef60
                psr=0x400010c4, ipr=142, ctxnum=0x35 u_comm `simv'
Begin traceback { sp = ff1fef60
Called from _hardclock+470(ff0d5f40), fp=ff1fefc0
	args=0 0 ff275640 ff57d41c ff26d500 0
Called from level6+d8(ff0a25c4), fp=ff1ff028
	args=8d 408010c7 0 0 f4240 ff1f0000
Called from _vno_rw+f0(ff10c5e8), fp=ffffece8
	args=ff26d500 2 2 ff26abc0 9f889e28 1000
Called from _rwuio+278(ff0f3500), fp=ffffed48
	args=ff515970 1 ffffee2c 2 fa8f19d0 1
Called from _write+2c(ff0f2720), fp=ffffedc0
	args=ffffee2c 1 ff515970 ff244784 ffffee2c ff515970
Called from _syscall+6e0(ff1d3aac), fp=ffffee40
	args=ffffef78 0 4 20 ff241824 2000
Called from SC_st_have_window+c(ff0a2b88), fp=ffffeef0
	args=0 2e79a1d 3778818 1ffae64 ffffef4c fd8054c0
Called from TOO LOW+f76e3b28(f76e3b28), fp=f7ffe3c8
	args=13 c3814e0 2000 2000 2000 2000
End traceback }

****** DUMPING SIMPLE LOCKS ******
cpu 0 in slot 5: lock 0xff323110:`vme_iack': backtrace:
	Called from _vme_interrupt+114(ff1cbb6c)
	Called from vme_int+14(ff0a2250)
	Called from TOO LOW+1ae104(1ae104)
cpu 2 in slot 10: lock 0xff2866f8:`hat': backtrace:
	Called from _hat_mon_enter+54(ff181f10)
	Called from _hat_pagesync+4(ff18060c)
	Called from _pvn_getdirty+160(ff16a344)
cpu 2 in slot 10: lock 0xff26d500:`vm_context': backtrace:
	Called from _uiomove_vmopt+15c(ff0e19a4)
	Called from _rwip+78c(ff156468)
	Called from _ufs_rdwr+1c0(ff155a54)
