From owner-freebsd-current Mon Feb 25 17:37:22 2002 Delivered-To: freebsd-current@freebsd.org Received: from white.imgsrc.co.jp (ns.imgsrc.co.jp [210.226.20.2]) by hub.freebsd.org (Postfix) with ESMTP id 96C8F37B404 for ; Mon, 25 Feb 2002 17:37:16 -0800 (PST) Received: from black.imgsrc.co.jp (black.imgsrc.co.jp [2001:218:422:2::130]) by white.imgsrc.co.jp (Postfix) with ESMTP id D162D24D1C for ; Tue, 26 Feb 2002 10:37:15 +0900 (JST) Received: from waterblue.imgsrc.co.jp (waterblue.imgsrc.co.jp [2001:218:422:2::160]) by black.imgsrc.co.jp (Postfix) with ESMTP id C78251E4651 for ; Tue, 26 Feb 2002 10:37:14 +0900 (JST) Date: Tue, 26 Feb 2002 10:37:15 +0900 Message-ID: <7mg03p9g6s.wl@waterblue.imgsrc.co.jp> From: Jun Kuriyama To: Current Subject: struct {bio,buf} pointer for bioqdisksort() User-Agent: Wanderlust/2.9.6 (Unchained Melody) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.1 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In arstrategy() at dev/ata/ata-raid.c, memory is allocated with size of "struct ar_buf" and passed as "struct bio*". > buf1 = malloc(sizeof(struct ar_buf), M_AR, M_NOWAIT | M_ZERO); ... > buf1->bp.bio_dev->AD_STRATEGY((struct bio *)buf1); This works fine because "struct ar_buf" contains "struct bio" as first member. > struct ar_buf { > struct bio bp; ... This pointer is passed to bioqdisksort() as "struct bio*". In bioqdisksort() at kern/subr_disklabel.c, "struct bio *bp" is converted into "struct buf*" with BIOTOBUF() macro. > void > bioqdisksort(bioq, bp) > struct bio_queue_head *bioq; > struct bio *bp; > { ... > if (td && td->td_ksegrp->kg_nice > 0) { > TAILQ_FOREACH(bn, &bioq->queue, bio_queue) > if (BIOTOBUF(bp)->b_vp != BIOTOBUF(bn)->b_vp) > break; On my environment, this causes panic because "*bp" does not have enough allocated region. (kgdb) p sizeof(struct bio) $1 = 80 (kgdb) p sizeof(struct ar_buf) $2 = 96 (kgdb) p sizeof(struct buf) $3 = 364 I'm not familiar with this area, but I think (1) arstrategy() should allocate enough size to cover "struct buf" for "struct ar_buf", (2) bioqdisksort() should not suppose "struct bio *bp" can be converted into "struct buf*", or (3) Call chain such as arstrategy() -> adstrategy() -> bioqdisksort() is wrong. Can someone explain what I should do next about this? -- Jun Kuriyama // IMG SRC, Inc. // FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message