Date: Fri, 16 May 2003 20:46:39 +0400 (MSD) From: Yar Tikhiy <yar@comp.chem.msu.su> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/52338: fd(4) floppy disk driver & non-blocking I/O Message-ID: <200305161646.h4GGkdDS000677@stylish.chem.msu.su> Resent-Message-ID: <200305161650.h4GGoEVN030842@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52338
>Category: kern
>Synopsis: fd(4) floppy disk driver & non-blocking I/O
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri May 16 09:50:14 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Yar Tikhiy
>Release: FreeBSD 5.1-BETA i386
>Organization:
Moscow State University
>Environment:
System: FreeBSD stylish.chem.msu.su 5.1-BETA FreeBSD 5.1-BETA #1: Thu May 15 11:40:27 MSD 2003 yar@stylish.chem.msu.su:/usr/obj/usr/src/sys/STYLISH i386
>Description:
If /dev/fdX has been opened in non-blocking mode, the
inserted floppy type will never be autoselected. So trying
to get its parameters through DIOCGSECTORSIZE or DIOCGMEDIASIZE
will cause panic on dereferencing the NULL fd->ft pointer.
And reading from or writing to its descriptor will result
in the ENXIO (Device not configured) error.
>How-To-Repeat:
To see the panic, run the following test program on /dev/fd0:
# ./fdtest /dev/fd0
=====================================================
#include <sys/types.h>
#include <sys/disk.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int
main(int argc, char **argv)
{
int fd;
unsigned blksz;
off_t medsz;
if (argc < 2)
errx(2, "Args!");
fd = open(argv[1], O_RDONLY | O_NDELAY);
if (fd < 0)
err(2, "open");
if (ioctl(fd, DIOCGSECTORSIZE, &blksz) < 0)
err(2, "DIOCGSECTORSIZE");
if (ioctl(fd, DIOCGMEDIASIZE, &medsz) < 0)
err(2, "DIOCGMEDIASIZE");
printf("%u %lld\n", blksz, medsz);
close(fd);
return (0);
}
=====================================================
And the following program, written in somewhat poor style,
will demonstrate the read(2) bug:
=====================================================
#include <sys/types.h>
#include <sys/disk.h>
#include <err.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int
main(int argc, char **argv)
{
int fd;
unsigned blksz;
off_t medsz;
char buf[512];
if (argc < 2)
errx(2, "Args!");
fd = open(argv[1], O_RDONLY | O_NDELAY);
if (fd < 0)
err(2, "open");
if (read(fd, buf, 512) < 512)
err(2, "read");
close(fd);
return (0);
}
=====================================================
>Fix:
Not ready yet...
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305161646.h4GGkdDS000677>