Skip site navigation (1)Skip section navigation (2)
Date:      12 Sep 2001 08:57:33 -0400
From:      Greg Troxel <gdt@fnord.ir.bbn.com>
To:        Nathan Mace <nmace85@yahoo.com>
Cc:        freebsd newbies <freebsd-newbies@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: burncd makes computer reboot!
Message-ID:  <rmiy9nklg76.fsf@fnord.ir.bbn.com>
In-Reply-To: Nathan Mace's message of "Wed, 12 Sep 2001 00:27:41 -0400"
References:  <20010912002741.4cac25b4.nmace85@yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I have seen behavior that may be similar, but not tracked it down well
enough to file a report.

  burncd: ioctl(CDRIOCCLOSEDISK): Inapproprate iotl for device

This may be a sign of burncd/kernel version skew - I think something
changed between near 4.3.  (I tried 4.3 burncd on 4.2+kame and lost;
with everything from the same 'make world' it works fine.)  Make sure
you have burncd of the same date as kernel sources, compiled against
the matching include files.  This could explain why the cd did not get
written properly (or fixated), but not the crash.

I believe that the kernel code involving in cd9660 mounting may have a
bug that is triggered by CDs that are apparently zero length
(i.e. those for which read at 0 acts like EOF).  I use the following
shell function to test CDs to make sure they have data on them before
mounting.

ddcd () 
{ 
    dd if=/dev/racd0c of=/dev/null bs=32k
}

Looking at the sources, I see in isofs/cd9660/cd9660_vfsops.c, around
line 327 of 1.74.2.5, bread is called on the device, and the return
value checked for error.
Then, bp->b_data is dereferenced without checking bp->b_count,
bp->b_bufsize, or bp->b_resid.
Perhaps adding

	if ( bp->b_count != iso_bsize ) {
		error = ENOSPC;		/* XXX need better error report */
		goto out;
	}

might help.  I didn't read kern/vfs_bio.c to see if an error would be
returned, but I note that dd reports reading 0 bytes with no errors.
If my guess is right, this problem exists multiple places in cd9660.
But I suspect I'm off base, since I see similar code in ffs_vfsops.c.
But there could be checks for partition size first, and then again,
how often do people mount zero-length disks?

        Greg Troxel <gdt@ir.bbn.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rmiy9nklg76.fsf>