Date: Mon, 30 Apr 2001 13:01:17 -0600 From: "Kenneth D. Merry" <ken@kdm.org> To: Michael Samuel <michael@miknet.net> Cc: freebsd-scsi@FreeBSD.ORG Subject: Re: NULL pointer deref in scsi_sense_desc Message-ID: <20010430130117.A47971@panzer.kdm.org> In-Reply-To: <20010429203016.A20311@miknet.net>; from michael@miknet.net on Sun, Apr 29, 2001 at 08:30:16PM %2B1000 References: <20010428114711.A7571@miknet.net> <20010428234800.A37675@panzer.kdm.org> <20010429203016.A20311@miknet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sun, Apr 29, 2001 at 20:30:16 +1000, Michael Samuel wrote:
> On Sat, Apr 28, 2001 at 11:48:00PM -0600, Kenneth D. Merry wrote:
> > Hmm, that would cause the code to deference a null pointer, which is bad.
> > It's probably a bug to do that without checking the pointer first, since a
> > drive could theoretically return a bogus sense key and cause a panic.
>
> Yes, that's exactly what the bug was. It died on that line, and the
> instruction it got the page fault in was a "movl 0x8(%eax), %eax" (from
> memory...), and I'm guessing that %eax would have been 0.
>
> This drive has been known in other systems to return bogus (or at-least
> uncommon) sense keys. The tape drive is a little bit stuffed, and has been
> causing hard lockups (not even ctrl-alt-esc responds) when I try to use it
> now.
After looking at it some more, a better fix for the problem would be
adding sense key table entries for the only two entries that aren't defined
-- blank check and data protect.
Your drive was probably returning one of those two errors. All sense key
values are defined by the spec (although "equal" is listed as obsolete and
0xf is reserved), and with the attached patch, all sense keys are defined
in the table.
So with this patch it should be impossible to get a bogus sense_entry
pointer; if it is, we should panic, since that's a bug.
Ken
--
Kenneth Merry
ken@kdm.org
--PNTmBPCT7hxwcZjr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="scsi_all.c.sense_key.20010430"
==== //depot/FreeBSD-adaptec/src/sys/cam/scsi/scsi_all.c#3 - /usr/home/ken/perforce/FreeBSD-adaptec/src/sys/cam/scsi/scsi_all.c ====
*** /tmp/tmp.10514.0 Mon Apr 30 12:55:56 2001
--- /usr/home/ken/perforce/FreeBSD-adaptec/src/sys/cam/scsi/scsi_all.c Mon Apr 30 12:55:36 2001
***************
*** 711,716 ****
--- 711,718 ----
{ SSD_KEY_HARDWARE_ERROR, SS_RDEF, "HARDWARE FAILURE" },
{ SSD_KEY_ILLEGAL_REQUEST, SS_FATAL|EINVAL, "ILLEGAL REQUEST" },
{ SSD_KEY_UNIT_ATTENTION, SS_FATAL|ENXIO, "UNIT ATTENTION" },
+ { SSD_KEY_DATA_PROTECT, SS_FATAL|EACCES, "DATA PROTECT" },
+ { SSD_KEY_BLANK_CHECK, SS_FATAL|ENOSPC, "BLANK CHECK" },
{ SSD_KEY_Vendor_Specific, SS_FATAL|EIO, "Vendor Specific" },
{ SSD_KEY_COPY_ABORTED, SS_FATAL|EIO, "COPY ABORTED" },
{ SSD_KEY_ABORTED_COMMAND, SS_RDEF, "ABORTED COMMAND" },
--PNTmBPCT7hxwcZjr--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-scsi" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010430130117.A47971>