From owner-freebsd-current@FreeBSD.ORG  Tue Sep 28 13:51:34 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2AD5E16A4CE
	for <current@freebsd.org>; Tue, 28 Sep 2004 13:51:34 +0000 (GMT)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by mx1.FreeBSD.org (Postfix) with SMTP id 4961E43D48
	for <current@freebsd.org>; Tue, 28 Sep 2004 13:51:33 +0000 (GMT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from gosset.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa67359@salmon>; 28 Sep 2004 14:51:25 +0100 (BST)
To: Matthias Andree <matthias.andree@gmx.de>
In-reply-to: Your message of "Tue, 28 Sep 2004 15:14:08 +0200."
             <20040928131408.GA6887@merlin.emma.line.org> 
X-Request-Do: 
Date: Tue, 28 Sep 2004 14:51:24 +0100
From: David Malone <dwmalone@maths.tcd.ie>
Message-ID: <200409281451.aa67359@salmon.maths.tcd.ie>
cc: Matthias Andree <ma@dt.e-technik.uni-dortmund.de>
cc: current@freebsd.org
Subject: Re: FreeBSD 5.3-BETA6 available 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Sep 2004 13:51:34 -0000

> > Bruce suggests that this one is fixed in geom, which is now used
> > by default. If this is the case, I can close the PR.

> Please do not close the PR yet, the bug persists in FreeBSD
> 4.10-RELEASE-p3 (tested a few minutes ago) and probably also in 4.8.

Here's a quick attempt to port the patch that Bruce suggested. I
haven't been able to test it yet, but you might like to try it.

	David.

--- /usr/src/sys/kern/subr_diskslice.c	Fri Sep  7 21:45:00 2001
+++ subr_diskslice.c	Tue Sep 28 14:47:39 2004
@@ -142,6 +142,7 @@
 	struct disklabel *lp;
 	char *msg;
 	long	nsec;
+	off_t offset;
 	struct partition *pp;
 	daddr_t	secno;
 	daddr_t	slicerel_secno;
@@ -153,6 +154,20 @@
 		printf("dscheck(%s): negative b_blkno %ld\n", 
 		    devtoname(bp->b_dev), (long)blkno);
 		bp->b_error = EINVAL;
+		goto bad;
+	}
+	offset = bp->b_offset;
+	if (offset < 0) {
+		printf("dscheck(%s): negative b_offset %ld\n",
+		    devtoname(bp->b_dev), (long)offset);
+		bp->b_error = EINVAL;
+		goto bad;
+	}
+	if (offset % (uoff_t)DEV_BSIZE) {
+		printf(
+		    "dscheck(%s): b_offset %ld is not on a DEV_BSIZE boundary\n",
+		    devtoname(bp->b_dev), (long)offset);
+		bp->bio_error = EINVAL;
 		goto bad;
 	}
 	sp = &ssp->dss_slices[dkslice(bp->b_dev)];