Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Mar 2001 03:52:24 -0800 (PST)
From:      chervarium@nove.bg
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   i386/26049: bug in modular vn code causes a fatal trap 12
Message-ID:  <200103241152.f2OBqOh33828@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         26049
>Category:       i386
>Synopsis:       bug in modular vn code causes a fatal trap 12
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 24 04:00:02 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Atanas Bachvaroff
>Release:        FreeBSD 4.3-BETA
>Organization:
NOVE Holding
>Environment:
none available (sorry, didn't get all information needed on the floppy disk)
>Description:
incorrectly modularised vn driver causes a fatal trap 12 due to when module is unloaded, it's entry in cdevsw[] array is left unchanged. afterward, any lstat-ting /dev/vn0 result in unresolved page fault and crash. last in chain function devsw from /usr/src/sys/kerc/kern_conf.c returns invalid (struct cdevsw *) pointer to vn_isdisk from vfs_subr.c, and that pointer is accessed (i'm not describing the whole functions chain, everyone can see it in the sources):
        if (!devsw(vp->v_rdev)) {
                if (errp != NULL)
                        *errp = ENXIO;
                return (0);
        }
        if (!(devsw(vp->v_rdev)->d_flags & D_DISK)) {
                if (errp != NULL)
                        *errp = ENOTBLK;
                return (0);
        }
(watch the second major if statement)
this problem may be found in other modular disk drivers. patch available (posted in the "Fix to the problem if known" part)...
>How-To-Repeat:
almost any loading of vn, using it and unloading it, followed by lstat syscall to "/dev/vn0" result in activating the bug and fatal trap 12 (page fault exception on x86 in protected mode with paging bit in %cr0 = 1 ;)...
>Fix:
--- /usr/src/sys/dev/vn/vn.c        Mon May 15 19:50:33 2000
+++ /usr/src/sys/dev/vn/vn.c        Sat Mar 24 12:09:07 2001
@@ -776,6 +776,7 @@
                                vnclear(vn);
                        free(vn, M_DEVBUF);
                }
+               cdevsw_remove(&vn_cdevsw);
                break;
        default:
                break;

>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103241152.f2OBqOh33828>