Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 May 2000 20:19:19 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Howard Leadmon <howardl@account.abs.net>
Cc:        Greg Lehey <grog@lemis.com>, freebsd-stable@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG
Subject:   Re: Debugging Kernel/System Crashes, can anyone help??
Message-ID:  <200005040319.UAA66688@apollo.backplane.com>
References:   <200005040255.WAA61544@account.abs.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
:#14 0xc0227c57 in trap (frame={tf_fs = 24, tf_es = -675545072, 
:      tf_ds = -1058602992, tf_edi = -1059013248, tf_esi = 28, 
:      tf_ebp = -8360071, tf_isp = -8360160, tf_ebx = -1058670080, 
:      tf_edx = -1059008325, tf_ecx = 0, tf_eax = -1059168256, tf_trapno = 12, 
:      tf_err = 2, tf_eip = -1072225173, tf_cs = 8, tf_eflags = 66178, 
:      tf_esp = -1071902645, tf_ss = -1059168256}) at ../../i386/i386/trap.c:423
:#15 0xc017246b in bpfioctl (dev=0xc0c0de60, cmd=12639866, 
:    addr=0xff400800 <Address 0xff400800 out of bounds>, flags=16777215, 
:    p=0xacc0de60) at ../../net/bpf.c:683
:#16 0xc01c19 in ?? ()
:cannot read proc at 0
:(kgdb)
:
:
:Is this more help?  (shame I don't actually understand it..)
:
:Howard Leadmon - howardl@abs.net - http://www.abs.net

    Ahhhh hah!  Yes, I think I see what is happening.

    The kernel ioctl() system call is using a stack based
    char buffer to hold the temporary data, and this buffer is not 
    aligned.

    Please try the following patch.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>
Index: kern/sys_generic.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/sys_generic.c,v
retrieving revision 1.55
diff -u -r1.55 sys_generic.c
--- kern/sys_generic.c	2000/02/20 13:36:26	1.55
+++ kern/sys_generic.c	2000/05/04 03:18:02
@@ -496,7 +496,10 @@
 	caddr_t data, memp;
 	int tmp;
 #define STK_PARAMS	128
-	char stkbuf[STK_PARAMS];
+	union {
+	    char stkbuf[STK_PARAMS];
+	    long align;
+	} ubuf;
 
 	fdp = p->p_fd;
 	if ((u_int)uap->fd >= fdp->fd_nfiles ||
@@ -523,11 +526,11 @@
 	if (size > IOCPARM_MAX)
 		return (ENOTTY);
 	memp = NULL;
-	if (size > sizeof (stkbuf)) {
+	if (size > sizeof (ubuf.stkbuf)) {
 		memp = (caddr_t)malloc((u_long)size, M_IOCTLOPS, M_WAITOK);
 		data = memp;
 	} else
-		data = stkbuf;
+		data = ubuf.stkbuf;
 	if (com&IOC_IN) {
 		if (size) {
 			error = copyin(uap->data, data, (u_int)size);


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005040319.UAA66688>