From owner-freebsd-current@FreeBSD.ORG  Sat Jul 31 06:45:14 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from green.homeunix.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0968C16A4CE; Sat, 31 Jul 2004 06:45:02 +0000 (GMT)
Received: from green.homeunix.org (green@localhost [127.0.0.1])
	by green.homeunix.org (8.12.11/8.12.11) with ESMTP id i6V6innv085892;
	Sat, 31 Jul 2004 02:44:49 -0400 (EDT)
	(envelope-from green@green.homeunix.org)
Received: (from green@localhost)
	by green.homeunix.org (8.12.11/8.12.11/Submit) id i6V6iXaq085891;
	Sat, 31 Jul 2004 02:44:33 -0400 (EDT)
	(envelope-from green)
Date: Sat, 31 Jul 2004 02:44:33 -0400
From: Brian Fundakowski Feldman <green@freebsd.org>
To: Nate Lawson <nate@root.org>
Message-ID: <20040731064433.GD33220@green.homeunix.org>
References: <410AD054.8070202@root.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <410AD054.8070202@root.org>
User-Agent: Mutt/1.5.6i
cc: current@freebsd.org
cc: sos@deepcore.dk
Subject: Re: memory corruption/panic solved ("FAILURE - ATAPI_IDENTIFY no
	interrupt")
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2004 06:45:14 -0000

On Fri, Jul 30, 2004 at 03:48:52PM -0700, Nate Lawson wrote:
> I've tracked down the source of the memory corruption in -current that
> results when booting with various CD and DVD drives (especially the ones
> that come with Thinkpads including T23, R32, T41, etc.)  The panic is
> obvious when running with INVARIANTS ("memory modified after free") but
> not so obvious in other configurations.  For instance, without
> INVARIANTS, part of the rt_info structure is corrupted on my wireless
> card, resulting in a panic during ifconfig on boot.  This is likely the
> source of other problems, including phk's ACPI panic (again, only
> triggered when booting with the CD drive in the bay.)
> 
> The root problem is that ata_timeout() fires and calls ata_pio_read()
> which overwrites 512 bytes random memory.  There are actually two bugs 
> here that overwrite memory.  The code path is as follows:

Good job identifying it more exactly.  I decided it should just fundamentally
be using GEOM primitives everywhere to move the solutions to all these
side cases into where they're already handled generically... still think
that's probably the right solution, but I'm glad to see this specific
problem fixed.

-- 
Brian Fundakowski Feldman                           \'[ FreeBSD ]''''''''''\
  <> green@FreeBSD.org                               \  The Power to Serve! \
 Opinions expressed are my own.                       \,,,,,,,,,,,,,,,,,,,,,,\