Date: Wed, 10 Mar 1999 22:32:41 +0100 (CET) From: Frode Vatvedt Fjeld <frodef@dslab7.cs.uit.no> To: FreeBSD-gnats-submit@freebsd.org Subject: i386/10533: meteor driver panics Message-ID: <199903102132.WAA08519@dslab7.cs.uit.no>
next in thread | raw e-mail | index | archive | help
>Number: 10533
>Category: i386
>Synopsis: A bug in the meteor driver causes kernel panic
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 10 13:40:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator: Frode Vatvedt Fjeld
>Release: FreeBSD 3.1-STABLE i386
>Organization:
>Environment:
FreeBSD-stable i386 with meteor video-grabber device.
>Description:
The meteor driver (sys/pci/meteor.c) provides an ioctl
SSIGNAL for specifying a signal to send to the process
when a video frame is delivered. When this ioctl is used,
the kernel will (more often than not) panic (pagefault)
just when the process exits.
>How-To-Repeat:
main() {
open device
ioctl (SSIGNAL)
ioctl (CAPTUR)
exit
}
>Fix:
Adding a line "mtr -> proc = NULL;" somewhere in
meteor_close() seems to remove the symptom. However,
I guess the real problem is somewhere else.
Also, the SSIGNAL ioctl interface is broken, as there
is no way to return the device-driver to the original
state (i.e. mtr -> proc == NULL) once this ioctl is
used by a process. The code in meteor_ioctl() should
go something like this:
case SSIGNAL:
mtr -> signal = arg;
if (mtr -> signal) {
mtr -> proc = p;
} else {
mtr -> proc = NULL;
}
break;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903102132.WAA08519>