From owner-freebsd-scsi  Sat Oct 18 07:40:50 1997
Return-Path: <owner-freebsd-scsi>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA20433
          for freebsd-scsi-outgoing; Sat, 18 Oct 1997 07:40:50 -0700 (PDT)
          (envelope-from owner-freebsd-scsi)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA20428
          for <freebsd-scsi@FreeBSD.ORG>; Sat, 18 Oct 1997 07:40:46 -0700 (PDT)
          (envelope-from bde@zeta.org.au)
Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.6.9) id AAA28420; Sun, 19 Oct 1997 00:38:58 +1000
Date: Sun, 19 Oct 1997 00:38:58 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199710181438.AAA28420@godzilla.zeta.org.au>
To: freebsd-scsi@FreeBSD.ORG, j@uriah.heep.sax.de
Subject: Re: Cannot happen?
Sender: owner-freebsd-scsi@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>Oct 18 14:28:26 uriah /kernel: sd0: ILLEGAL REQUEST asc:21,0 Logical block address out of range field replaceable unit: d sks:cf,7
>Oct 18 14:28:26 uriah /kernel: spec_getpages: I/O read error
>Oct 18 14:28:27 uriah /kernel: vm_fault: pager input (probably hardware) error, PID 16207 failure
>
>But the questions is: how can this happen?

1. a slice table or label can override the driver's idea of the disk size.
   This is a feature.
2. the frobbing of the sector size in the current sd and od is still broken.
   It allows writing beyond the disk.  This shouldn't happen for paging.
3. some drivers don't do any bounds checking for the raw partition.  This
   is not a problem for sd and the raw partition shouldn't be used for
   paging.

>Ain't the driver supposed
>to limit the requests before calling the SCSI layers?  Ain't the

Sort of.  SCSI drivers can probably rely on the device to do the checking.
OTOH, the floppy device does bad things when asked to seek to a huge
cylinder number.  My version of the driver supports slices and used to
seek to garbage offsets to attempt to read labels pointed to by garbage
in the slice table.

>filesystem supposed to never attempt to access outside the disk
>limits?

The above error message is for paging, probably nor for filesystem i/o.
Perhaps the partition size is just wrong, or the swap pager runs off
the end and bug (2) allows the request to get as far as the drive.

Bruce