From owner-freebsd-bugs Sat Mar 24 4: 0:13 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C1B9C37B71B for ; Sat, 24 Mar 2001 04:00:02 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2OC02i34175; Sat, 24 Mar 2001 04:00:02 -0800 (PST) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8798237B718 for ; Sat, 24 Mar 2001 03:52:24 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f2OBqOh33828; Sat, 24 Mar 2001 03:52:24 -0800 (PST) (envelope-from nobody) Message-Id: <200103241152.f2OBqOh33828@freefall.freebsd.org> Date: Sat, 24 Mar 2001 03:52:24 -0800 (PST) From: chervarium@nove.bg To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: i386/26049: bug in modular vn code causes a fatal trap 12 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 26049 >Category: i386 >Synopsis: bug in modular vn code causes a fatal trap 12 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 24 04:00:02 PST 2001 >Closed-Date: >Last-Modified: >Originator: Atanas Bachvaroff >Release: FreeBSD 4.3-BETA >Organization: NOVE Holding >Environment: none available (sorry, didn't get all information needed on the floppy disk) >Description: incorrectly modularised vn driver causes a fatal trap 12 due to when module is unloaded, it's entry in cdevsw[] array is left unchanged. afterward, any lstat-ting /dev/vn0 result in unresolved page fault and crash. last in chain function devsw from /usr/src/sys/kerc/kern_conf.c returns invalid (struct cdevsw *) pointer to vn_isdisk from vfs_subr.c, and that pointer is accessed (i'm not describing the whole functions chain, everyone can see it in the sources): if (!devsw(vp->v_rdev)) { if (errp != NULL) *errp = ENXIO; return (0); } if (!(devsw(vp->v_rdev)->d_flags & D_DISK)) { if (errp != NULL) *errp = ENOTBLK; return (0); } (watch the second major if statement) this problem may be found in other modular disk drivers. patch available (posted in the "Fix to the problem if known" part)... >How-To-Repeat: almost any loading of vn, using it and unloading it, followed by lstat syscall to "/dev/vn0" result in activating the bug and fatal trap 12 (page fault exception on x86 in protected mode with paging bit in %cr0 = 1 ;)... >Fix: --- /usr/src/sys/dev/vn/vn.c Mon May 15 19:50:33 2000 +++ /usr/src/sys/dev/vn/vn.c Sat Mar 24 12:09:07 2001 @@ -776,6 +776,7 @@ vnclear(vn); free(vn, M_DEVBUF); } + cdevsw_remove(&vn_cdevsw); break; default: break; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message