From owner-freebsd-hackers Tue Jul 10 14:45:55 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 31E4137B401 for ; Tue, 10 Jul 2001 14:45:49 -0700 (PDT) (envelope-from tmoestl@gmx.net) Received: (qmail 20221 invoked by uid 0); 10 Jul 2001 21:45:47 -0000 Received: from pd900c789.dip.t-dialin.net (HELO forge.local) (217.0.199.137) by mail.gmx.net (mp008-rz3) with SMTP; 10 Jul 2001 21:45:47 -0000 Received: from tmm by forge.local with local (Exim 3.30 #1) id 15K5KD-0002PL-00; Tue, 10 Jul 2001 23:45:45 +0200 Date: Tue, 10 Jul 2001 23:45:45 +0200 From: Thomas Moestl To: Paul Halliday Cc: hackers@freebsd.org Subject: Re: Can someone verify this? Message-ID: <20010710234545.A8799@crow.dom2ip.de> Mail-Followup-To: Thomas Moestl , Paul Halliday , hackers@freebsd.org References: <3B4793CB.FDC5B64@penix.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="7JfCtLOvnd9MIVvH" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B4793CB.FDC5B64@penix.org>; from dp@penix.org on Sat, Jul 07, 2001 at 06:57:15PM -0400 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, 2001/07/07 at 18:57:15 -0400, Paul Halliday wrote: > FreeBSD dissent.p450.box 4.3-RC FreeBSD 4.3-RC #3: Sun Jun 10 22:27:47 > EDT 2001 root@dissent.p450.box:/usr/src/sys/compile/workstation > i386 > > FreeBSD useless.dell.box 4.3-STABLE FreeBSD 4.3-STABLE #6: Fri Jul 6 > 18:57:08 EDT 2001 > root@useless.dell.box:/usr/src/sys/compile/useless i386 > > mount /dev/acd0c /cdrom > should obviously fail, yet causes... > > panic: vm -fault on nofault entry, addr: c3e1e000 > > ....reboot. > any ideas? If it was an audio CD you were trying to mount: this is a known problem. The attached patch fixes it for me by disallowing reading of partial blocks; this could also be fixed by setting the buffer size different from the transfer size in such a case. - thomas --7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="acd-stable.diff" Index: dev/ata/atapi-cd.c =================================================================== RCS file: /home/ncvs/src/sys/dev/ata/atapi-cd.c,v retrieving revision 1.48.2.10 diff -u -r1.48.2.10 atapi-cd.c --- dev/ata/atapi-cd.c 2001/02/25 21:35:20 1.48.2.10 +++ dev/ata/atapi-cd.c 2001/07/09 21:48:58 @@ -1126,9 +1126,7 @@ /* reject all queued entries if media changed */ if (cdp->atp->flags & ATAPI_F_MEDIA_CHANGED) { bp->b_error = EIO; - bp->b_flags |= B_ERROR; - biodone(bp); - return; + goto failure; } bzero(ccb, sizeof(ccb)); @@ -1149,7 +1147,11 @@ lastlba = cdp->info.volsize; } - count = (bp->b_bcount + (blocksize - 1)) / blocksize; + if (bp->b_bcount % blocksize != 0) { + bp->b_error = EINVAL; + goto failure; + } + count = bp->b_bcount / blocksize; if (bp->b_flags & B_READ) { /* if transfer goes beyond range adjust it to be within limits */ @@ -1191,6 +1193,11 @@ atapi_queue_cmd(cdp->atp, ccb, bp->b_data, count * blocksize, bp->b_flags & B_READ ? ATPR_F_READ : 0, 30, acd_done,bp); + return; + +failure: + bp->b_flags |= B_ERROR; + biodone(bp); } static int --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message