netbsd-bugs: Re: port-mac68k/32583: mac68k netbsd-2 panics during rcp(1)

Subject: Re: port-mac68k/32583: mac68k netbsd-2 panics during rcp(1)
To: None <port-mac68k-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: netbsd-bugs
Date: 01/24/2006 21:25:02

The following reply was made to PR port-mac68k/32583; it has been noted by GNATS.

From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
To: Scott Reynolds <scottr@clank.org>
Cc: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>,
	Dave Huang <khym@azeotrope.org>, port-mac68k-maintainer@netbsd.org,
	gnats-bugs@netbsd.org, Chuck Silvers <chuq@chuq.com>
Subject: Re: port-mac68k/32583: mac68k netbsd-2 panics during rcp(1)
Date: Tue, 24 Jan 2006 22:20:46 +0100

 At 13:17 Uhr -0600 24.1.2006, Scott Reynolds wrote:
 >I'd almost rather see what happens if DIAGNOSTIC is set.
 
 The kernel in question was built with DEBUG and DIAGNOSTIC.
 
 >This will
 >cause a panic if bus_space_set_region_2() is called with a zero
 >count. While I agree in principle that if_ae shouldn't attempt it, I
 >also can't find a way for the driver to get to that condition under
 >normal conditions. It might be instructive to add a debug printf that
 >displays the value (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) to see if
 >this is actually working out to be 1.
 
 [hauke@pizza] /<5>mac68k/dev > cvs diff -u if_ae.c
 Index: if_ae.c
 ===================================================================
 RCS file: /cvsroot/src/sys/arch/mac68k/dev/if_ae.c,v
 retrieving revision 1.75
 diff -u -u -r1.75 if_ae.c
 --- if_ae.c     15 Jul 2003 02:43:16 -0000      1.75
 +++ if_ae.c     24 Jan 2006 21:15:30 -0000
 @@ -171,7 +171,10 @@
                         }
                 }
         }
 -
 +#if defined(DEBUG)
 +       printf("ae_write_mbuf() (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) =
 %d\n",
 +           (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen));
 +#endif
         if (wantbyte) {
                 savebyte[1] = 0;
                 bus_space_write_region_2(sc->sc_buft, sc->sc_bufh,
 
 
 [...]
 ae_write_mbuf() (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) = -14
 ae_write_mbuf() (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) = 6
 ae_write_mbuf() (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) = 1
 trap type 0, code = 0x72d, v = 0x29d0000
 kernel program counter = 0xfeb6e
 kernel: Bus error trap
 pid = 38, lid = 1, pc = 000FEB6E, ps = 2208, sfc = 1, dfc = 1
 
 [registers etc.pp. as before]
 
 Note that this is not the first network access by any means: The machine
 runs dhclient, timed, sendmail, and the 'deadly' rcp (ftp does the same
 trick) was issued in an xterm started via rsh.
 
 	hauke
 
 
 --
 "It's never straight up and down"     (DEVO)