Date: Sat, 8 Dec 2012 21:52:01 +1100 (EST) From: Peter Jeremy <peter@rulingia.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/174277: ata_attach() panic's on disabled disk Message-ID: <201212081052.qB8Aq1TH006093@server.rulingia.com> Resent-Message-ID: <201212081100.qB8B01Xi008556@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174277
>Category: kern
>Synopsis: ata_attach() panic's on disabled disk
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 08 11:00:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Peter Jeremy
>Release: FreeBSD 8.3-STABLE i386
>Organization:
FreeBSD
>Environment:
System: FreeBSD aspire.rulingia.com 8.3-STABLE FreeBSD 8.3-STABLE #18: Sat Dec 8 21:35:18 EST 2012 root@builder.rulingia.com:/obj/usr/src/sys/aspire i386
Actual revision is r242865M
>Description:
After updating my netbook from 8.x r237444 to 8.x r242865, I
found it panics "page fault while in kernel mode" in
ata_identify(). Working back, ata_boot_attach() is passing
NULL to ata_identify() and the device_get_softc() at the top
of ata_identify() is dereferencing that and setting "ch" to
garbage which panics on ch->devices.
Working back further, I have "hint.ata.0.disabled=1" in my
loader.conf (because the boot device is on ata1 and there's
nothing attached to ata0 so disabling it sped up the boot).
It appears that this leaves ata0 with a present but zero'd
softc - which isn't correctly handled in ata_boot_attach().
It's not clear to me what changed between r237444 and r242865
to cause this problem to become apparent. The relevant ata(4)
code has not been touched for some time.
>How-To-Repeat:
On a system with an ATA controllor and ata(4) in the kernel,
boot with ata0 disabled as per the above.
>Fix:
Whilst I have only tested it on 8.x, this patch appears to
be applicable to 9.x and head as well.
Index: dev/ata/ata-all.c
===================================================================
--- dev/ata/ata-all.c (revision 242865)
+++ dev/ata/ata-all.c (working copy)
@@ -854,16 +854,16 @@
static void
ata_boot_attach(void)
{
- struct ata_channel *ch;
+ device_t dev;
int ctlr;
mtx_lock(&Giant); /* newbus suckage it needs Giant */
- /* kick of probe and attach on all channels */
+ /* kick of probe and attach on all enabled channels */
for (ctlr = 0; ctlr < devclass_get_maxunit(ata_devclass); ctlr++) {
- if ((ch = devclass_get_softc(ata_devclass, ctlr))) {
- ata_identify(ch->dev);
- }
+ dev = devclass_get_device(ata_devclass, ctlr);
+ if (dev != NULL && device_is_enabled(dev))
+ ata_identify(dev);
}
/* release the hook that got us here, we are only needed once during boot */
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212081052.qB8Aq1TH006093>