Re: [CHECKER] bugs in FreeBSD

• Previous message: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• In reply to: Ruslan Ermilov: "Re: [CHECKER] bugs in FreeBSD"
• Next in thread: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• Reply: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 18 Jan 2004 10:44:57 -0800 (PST)
To: Ruslan Ermilov <ru@freebsd.org>

     These cam_sim_alloc() calls seem to be fairly critical to the operation
     of DPT and friends, why is it even possible for them to return NULL
     in the first place and what would be the effect of a (properly handled)
     NULL return if it did occur at this point?

                                        -Matt
                                        Matthew Dillon
                                        <dillon@backplane.com>

:> > * Create the device queue for our SIM.
:> > */
:> > Start --->
:> > devq =3D cam_simq_alloc(dpt->max_dccbs);
:> >=20
:...
:> Index: dpt_scsi.c
:> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
:=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
:=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
:> RCS file: /home/ncvs/src/sys/dev/dpt/dpt_scsi.c,v
:> retrieving revision 1.45
:> diff -u -p -r1.45 dpt_scsi.c
:> --- dpt_scsi.c 24 Aug 2003 17:46:04 -0000 1.45
:> +++ dpt_scsi.c 18 Jan 2004 15:39:13 -0000
:> @@ -1553,6 +1553,8 @@ dpt_attach(dpt_softc_t *dpt)
:> dpt->sims[i] =3D cam_sim_alloc(dpt_action, dpt_poll, "dpt",
:> dpt, dpt->unit, /*untagged*/2,
:> /*tagged*/dpt->max_dccbs, devq);
:> + if (dpt->sims[i] =3D=3D NULL)
:> + break;
:> if (xpt_bus_register(dpt->sims[i], i) !=3D CAM_SUCCESS) {
:> cam_sim_free(dpt->sims[i], /*free_devq*/i =3D=3D 0);
:> break;
:> %%%
:>=20
:Bah, but with this patch that avoids the NULL pointer dereference
:we start leaking devq. Attached is a more complete patch, and for
:dev/irr/irr.c too.
:
:
:Cheers,
:--=20
:Ruslan Ermilov
:FreeBSD committer
:ru@FreeBSD.org
:
:--yLVHuoLXiP9kZBkt
:Content-Type: text/plain; charset=us-ascii
:Content-Disposition: attachment; filename=p
:
:Index: dpt/dpt_scsi.c
:===================================================================
:RCS file: /home/ncvs/src/sys/dev/dpt/dpt_scsi.c,v
:retrieving revision 1.45
:diff -u -p -r1.45 dpt_scsi.c
:--- dpt/dpt_scsi.c 24 Aug 2003 17:46:04 -0000 1.45
:+++ dpt/dpt_scsi.c 18 Jan 2004 15:51:44 -0000
:@@ -1553,6 +1553,11 @@ dpt_attach(dpt_softc_t *dpt)
: dpt->sims[i] = cam_sim_alloc(dpt_action, dpt_poll, "dpt",
: dpt, dpt->unit, /*untagged*/2,
: /*tagged*/dpt->max_dccbs, devq);
:+ if (dpt->sims[i] == NULL) {
:+ if (i == 0)
:+ cam_simq_free(devq);
:+ break;
:+ }
: if (xpt_bus_register(dpt->sims[i], i) != CAM_SUCCESS) {
: cam_sim_free(dpt->sims[i], /*free_devq*/i == 0);
: break;
:Index: iir/iir.c
:===================================================================
:RCS file: /home/ncvs/src/sys/dev/iir/iir.c,v
:retrieving revision 1.9
:diff -u -p -r1.9 iir.c
:--- iir/iir.c 26 Sep 2003 15:36:47 -0000 1.9
:+++ iir/iir.c 18 Jan 2004 15:52:04 -0000
:@@ -510,6 +510,11 @@ iir_attach(struct gdt_softc *gdt)
: gdt->sims[i] = cam_sim_alloc(iir_action, iir_poll, "iir",
: gdt, gdt->sc_hanum, /*untagged*/2,
: /*tagged*/GDT_MAXCMDS, devq);
:+ if (gdt->sims[i] == NULL) {
:+ if (i == 0)
:+ cam_simq_free(devq);
:+ break;
:+ }
: if (xpt_bus_register(gdt->sims[i], i) != CAM_SUCCESS) {
: cam_sim_free(gdt->sims[i], /*free_devq*/i == 0);
: break;
:
:--yLVHuoLXiP9kZBkt--
:
:--SO98HVl1bnMOfKZd
:Content-Type: application/pgp-signature
:Content-Disposition: inline
:
:-----BEGIN PGP SIGNATURE-----
:Version: GnuPG v1.2.4 (FreeBSD)
:
:iD8DBQFACq9iUkv4P6juNwoRAghWAKCBpqGJmtW1g7vOJS15YgKfg/782QCeImr/
:aZ5eUYh2kvOaSBl5zcFd4mE=
:=j+I+
:-----END PGP SIGNATURE-----

_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"

• Previous message: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• In reply to: Ruslan Ermilov: "Re: [CHECKER] bugs in FreeBSD"
• Next in thread: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• Reply: Scott Long: "Re: [CHECKER] bugs in FreeBSD"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH] serial driver PMC MSP71xx, kernel linux-mips.git mast er ... > retrieving revision 1.1.1.7 ... Your patch is clearly garbled again, ... we have a regshift of 2 on this SoC and it could be different on other ... console output before the serial driver opens. ... (Linux-Kernel) *Warning* long post - OpenSSH patch to allow requiring *both* public key and password auth ... I am submitting this patch to both the OpenBSD tech mailing list and the ... authentication is done twice, both ... retrieving revision 1.5 ... diff -u -d -r1.63 monitor.c ... (SSH) Re: Re: 5.3-RELEASE: WARNING - WRITE_DMA interrupt timout - what does it mean? ... On Wed, 10 Nov 2004, Zoltan Frombach wrote: ... > Is your patch were produce for HEAD? ... retrieving revision 1.2 ... > notebook with continuous measurement of the latency to schedule tasks, ... (freebsd-current) Re: TCP listenall ... of the patch is at the end of this email. ... retrieving revision 1.40 ... diff -u -r1.370 tcp_input.c ... (freebsd-net) Re: Should I merge fix for PR#64091 (NFS data corruption)? ... > The test programs in the PR provoke the bug in no more than a couple ... > a go on a 4.10-beta client, then try it with the attached patch. ... > retrieving revision 1.83.2.4 ... > * Convert between nfsnode pointers and vnode pointers ... (freebsd-stable)