From owner-freebsd-geom@FreeBSD.ORG  Tue Sep 14 18:42:22 2004
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 40DDE16A4CE; Tue, 14 Sep 2004 18:42:22 +0000 (GMT)
Received: from neo.samodelkin.net (samodelkin.net [81.176.202.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 777A343D48; Tue, 14 Sep 2004 18:42:21 +0000 (GMT)
	(envelope-from fjoe@neo.samodelkin.net)
Received: by neo.samodelkin.net (Postfix, from userid 1000)
	id 338881707A; Wed, 15 Sep 2004 01:42:20 +0700 (NOVST)
Date: Wed, 15 Sep 2004 01:42:20 +0700
From: Max Khon <fjoe@samodelkin.net>
To: daichi <daichi@freebsd.org>
Message-ID: <20040914184220.GB1075@samodelkin.net>
References: <200409090607.i89674F3039635@freefall.freebsd.org>
	<20040914160245.7db7d1e0.daichi@freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040914160245.7db7d1e0.daichi@freebsd.org>
User-Agent: Mutt/1.4.2i
cc: Max Khon <fjoe@FreeBSD.org>
cc: freebsd-geom@FreeBSD.org
Subject: Re: kern/71431: [panic fix] [patch] geom_uzip.ko caused panic
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2004 18:42:22 -0000

Hi!

On Tue, Sep 14, 2004 at 04:02:45PM +0900, daichi wrote:

> I think this problem depends on malloc/free confusion.
> In shortly, next code is bad I think.
> 
>  void * buf = malloc(size, M_GEOM, M_WAITOK);
>  free(buf, M_GEOM_UZIP);
> 
> In for_loop of g_uzip_taste, malloced area gets free
> with M_GEOM_UZIP flag. But the area is malloced with 
> M_GEOM flag. I think this causes problem.

Now I see the problem! Does this patch fix the problem for you?

Index: g_uzip.c
===================================================================
RCS file: /home/ncvs/src/sys/geom/uzip/g_uzip.c,v
retrieving revision 1.1.2.1
diff -u -p -r1.1.2.1 g_uzip.c
--- g_uzip.c	10 Sep 2004 07:00:38 -0000	1.1.2.1
+++ g_uzip.c	14 Sep 2004 18:19:36 -0000
@@ -424,7 +424,7 @@ g_uzip_taste(struct g_class *mp, struct 
 	for (blk = 1; offsets_read < total_offsets; blk++) {
 		uint32_t nread;
 
-		free(buf, M_GEOM_UZIP);
+		free(buf, M_GEOM);
 		buf = g_read_data(
 		    cp, blk * pp->sectorsize, pp->sectorsize, &error);
 		if (buf == NULL || error != 0)
@@ -470,7 +470,7 @@ err:
 	g_topology_lock();
 	g_access(cp, -1, 0, 0);
 	if (buf != NULL)
-		free(buf, M_GEOM_UZIP);
+		free(buf, M_GEOM);
 	if (gp->softc != NULL) {
 		g_uzip_softc_free(gp->softc, NULL);
 		gp->softc = NULL;

/fjoe