Date: Sat, 28 Apr 2001 23:48:00 -0600 From: "Kenneth D. Merry" <ken@kdm.org> To: Michael Samuel <michael@miknet.net> Cc: freebsd-scsi@FreeBSD.ORG Subject: Re: NULL pointer deref in scsi_sense_desc Message-ID: <20010428234800.A37675@panzer.kdm.org> In-Reply-To: <20010428114711.A7571@miknet.net>; from michael@miknet.net on Sat, Apr 28, 2001 at 11:47:11AM %2B1000 References: <20010428114711.A7571@miknet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Sat, Apr 28, 2001 at 11:47:11 +1000, Michael Samuel wrote:
> Hi,
>
> I got a "Page fault in kernel mode" which writing to a SCSI tape (which had
> barfed on me with some SCSI sense messages shortly before the crash).
>
> This is in -current from the CVS as of about a week or 2 ago.
>
> It stopped at scsi_sense_desc+0x2f, which resolved in gdb -k to
> cam/scsi/scsi_all.c line 1573, which in my copy of the source tree looks
> like this:
>
> void
> scsi_sense_desc(int sense_key, int asc, int ascq,
> struct scsi_inquiry_data *inq_data,
> const char **sense_key_desc, const char **asc_desc)
> {
> const struct asc_table_entry *asc_entry;
> const struct sense_key_table_entry *sense_entry;
>
> fetchtableentries(sense_key, asc, ascq,
> inq_data,
> &sense_entry,
> &asc_entry);
>
> *sense_key_desc = sense_entry->desc;
>
> It seems as though sense_entry is NULL after fetchtableentries() returns,
> which when I took a quick peek at fetchtableentries(), it indicates that it
> couldn't find a match.
Hmm, that would cause the code to deference a null pointer, which is bad.
It's probably a bug to do that without checking the pointer first, since a
drive could theoretically return a bogus sense key and cause a panic.
Would it be possible for you to get a stack trace? If you need info on how
to get a stack trace:
http://www.freebsd.org/doc/en_US.ISO_8859-1/books/handbook/kerneldebug.html
What I'm looking for is what the sense key, asc, and ascq are. I think we
should have all existing sense keys covered, but if we don't I'd like to
know about it. (It would also be useful to know if the drive is just
returning a bogus sense key.)
The attached patch should fix your problem. Let me know how it works.
> I'm not subscribed to this list, but if you need more info, feel free to
> send me an email directly (or Cc me in your follow-ups).
Ken
--
Kenneth Merry
ken@kdm.org
--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="scsi_all.c.20010428"
==== //depot/FreeBSD-ken/src/sys/cam/scsi/scsi_all.c#9 - /usr/home/ken/perforce/FreeBSD-ken/src/sys/cam/scsi/scsi_all.c ====
*** /tmp/tmp.44053.0 Sat Apr 28 23:43:22 2001
--- /usr/home/ken/perforce/FreeBSD-ken/src/sys/cam/scsi/scsi_all.c Sat Apr 28 23:43:11 2001
***************
*** 1570,1576 ****
&sense_entry,
&asc_entry);
! *sense_key_desc = sense_entry->desc;
if (asc_entry != NULL)
*asc_desc = asc_entry->desc;
--- 1570,1579 ----
&sense_entry,
&asc_entry);
! if (sense_entry != NULL)
! *sense_key_desc = sense_entry->desc;
! else
! *sense_key_desc = "Unknown Sense Key";
if (asc_entry != NULL)
*asc_desc = asc_entry->desc;
--mYCpIKhGyMATD0i+--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-scsi" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010428234800.A37675>