> Le 17 août 2018 à 07:07, Michael van Elst <mlel...@serpens.de> a écrit :
>
>> On Fri, Aug 17, 2018 at 02:23:16AM +0000, Emmanuel Dreyfus wrote:
>>
>> blkif_response_t *rep = RING_GET_RESPONSE(&sc->sc_ring, i);
>> struct xbd_req *xbdreq = &sc->sc_reqs[rep->id];
>> bp = xbdreq->req_bp;
>>
>> It decides to call dk_done for the last occurence and return. Next
>> call to xbd_handler finds the same offending buf_t leading the queue.
>> dk_done is called again, leading to the panic.
>
It should not do this since cons should equal prod and it should not enter the
loop. i was investigating whether it could be some interaction between
DIOCCACHEFLUSH and bio, or raw vs block I/O, nothing found yet.
yes, one of the problems is the code happily handles stale bufs. it does not
clear the buf pointer when the response is already handled. we should add some
KASSERTs there for this and clear the response structure on reuse.
also DPRINTF() in the loop assume bp is balid so it uses stale pointer for disk
flush ...
the whole xbd code really needs a cleanup and proper mpification.
I was not able to repeat the panic yet on my machine though. maybe i need
bigger virtual disk.
