Date: Sun, 01 Aug 2004 22:57:48 -0700 From: Nate Lawson <nate@root.org> To: =?ISO-8859-1?Q?S=F8ren_Schmidt?= <sos@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/dev/ata ata-all.c Message-ID: <410DD7DC.4020707@root.org> In-Reply-To: <20040731103039.5D6D716A52B@hub.freebsd.org> References: <20040731103039.5D6D716A52B@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Søren Schmidt wrote:
> sos 2004-07-31 10:29:30 UTC
>
> Modified files:
> sys/dev/ata ata-all.c
> Log:
> Fix the panic (""memory modified after free") when ata_getparam() fails
> and retries.
>
> Found by: Nate Lawson
>
> Revision Changes Path
> 1.216 +1 -0 src/sys/dev/ata/ata-all.c
Thanks. For the record, this was the root cause of several panics and
anyone whose system prints "FAILURE - ATAPI_IDENTIFY no interrupt" (or
retried the identify for other reasons) was subject to the memory
corruption.
The message "memory modified after free" was not a panic in itself.
Instead, the caller of malloc() would go on to use the memory expecting
it to be zeroed, since it came from the MZERO pool, and cause a panic.
Observed panic victims included GEOM, ACPI, and the routing code (rt_msg2).
-Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?410DD7DC.4020707>