current-users: Re: Crash to db> due to firewire, in NetBSD 4 BETA [workaround]

Subject: Re: Crash to db> due to firewire, in NetBSD 4 BETA [workaround]
To: Jonathan A. Kollasch <jakllsch@kollasch.net>
From: Rhialto <rhialto@falu.nl>
List: current-users
Date: 09/11/2006 02:32:09
(patch at end)

Some more experimenting gave me this: PQUIRK_NOBIGMODESENSE.
Setting that (for testing I set it on al sd* devices), and the "cooler
master" mass storage works over FireWire. The mode page 4 and 5 data
still looks like nonsense but at least the data from page 0 looks just a
bit better, so that 512-byte blocks are assumed (more or less by
accident, I guess, so the real problem is still to be found).

http://www.coolermaster-europe.com/index.php?LT=nederlands&Language_s=11&url_place=product&p_serial=RX-3HA&other_title=RX-3HAX%20Craft%20USB2.0%20%2F%201394a

Because the data is still nonsense, I recommend adding some range
checking of ``poffset'', something like this:

    if (poffset >= sizeof(sizeof(scsipi_sense))) {
	return ERESTART;
    }

added to sd_get_parms_page4() and sd_get_parms_page5(), that avoids the
crash. 

I considered autodetecting the quirk, by setting PQUIRK_NOBIGMODESENSE
in the above error code and retrying, if not already set, but I think it
is too late, since an earlier mode page 0 has already happened and
messed up.

Here is some relevant output from dmesg, including the sense data, which
doesn't make sense (not even the page number in the first byte is
correct, and most of the data is identical in the different cases). It
covers booting, disklabel, and mounting, iirc.

fwohci0: BUS reset
fwohci0: node_id=0xc800ffc1, gen=2, CYCLEMASTER mode
ieee1394if0: 2 nodes, maxhop <= 1, cable IRM = 1 (me)
ieee1394if0: bus manager 1 (me)
ieee1394if0: New S400 device ID:001010055000008c
sbp0 at ieee1394if0: SBP-2/SCSI over IEEE1394
scsibus0 at sbp0: 1 target, 0 luns per target
scsipi_inqmatch: 2/0/0 <, , >
sd0 at scsibus0 target 0 lun 0: <Initio, WD2500JB-00REA0, 0312> disk fixed
scsipi_size -> 488397168 sectors
page 0 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 0 bsize=2
page 0 ok
sd_get_parms_page4: error=0, byte2=8,SMS_DBD=8
sd_get_parms_page4: big=0
&scsipi_sense=0xcb0ffd04, poffset=0x6, pages=0xcb0ffd0a
page 4 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 6f 20 20 57 44 32 35 30 30 4a 42 2d 30 30 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 4 pg_code=29 sense=0xcb0ffd04/0xcb0ffd0a
sd_get_parms_page4: ... != 4 -> return ERESTART
page 5 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 6f 20 20 57 44 32 35 30 30 4a 42 2d 30 30 52 45 41 30 20 33 2e 31 32 00 00 00 00 00 00 00 00 00 00 00 00
sd_get_parms_page5: ... != 5 -> return ERESTART
sd0: fabricating a geometry
sd0: 232 GB, 238475 cyl, 64 head, 32 sec, 512 bytes/sect x 488397168 sectors
scsipi_size -> 488397168 sectors
page 0 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 0 bsize=2
page 0 ok
sd_get_parms_page4: error=0, byte2=8,SMS_DBD=8
sd_get_parms_page4: big=0
&scsipi_sense=0xcb0ffc84, poffset=0x6, pages=0xcb0ffc8a
page 4 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 6f 20 20 57 44 32 35 30 30 4a 42 2d 30 30 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 4 pg_code=29 sense=0xcb0ffc84/0xcb0ffc8a
sd_get_parms_page4: ... != 4 -> return ERESTART
page 5 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 6f 20 20 57 44 32 35 30 30 4a 42 2d 30 30 52 45 41 30 20 33 2e 31 32 00 00 00 00 00 00 00 00 00 00 00 00
sd0: fabricating a geometry
scsipi_size -> 488397168 sectors
page 0 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 0 bsize=2
page 0 ok
sd_get_parms_page4: error=0, byte2=8,SMS_DBD=8
sd_get_parms_page4: big=0
&scsipi_sense=0xcb0ffbf4, poffset=0x6, pages=0xcb0ffbfa
page 4 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 bf 00 06 b9 00 01 f3 a5 b9 00 02 f3 ab ea 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 4 pg_code=29 sense=0xcb0ffbf4/0xcb0ffbfa
sd_get_parms_page4: ... != 4 -> return ERESTART
page 5 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 bf 00 06 b9 00 01 f3 a5 b9 00 02 f3 ab ea 1f 06 00 00 80 fa 8f 7e 02 00 00 00 00 00 00 00 00 00 00 00 00
sd0: fabricating a geometry
scsipi_size -> 488397168 sectors
page 0 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 0 bsize=2
page 0 ok
sd_get_parms_page4: error=0, byte2=8,SMS_DBD=8
sd_get_parms_page4: big=0
&scsipi_sense=0xcb1d7c94, poffset=0x6, pages=0xcb1d7c9a
page 4 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 ff ff f9 8f f5 80 03 8c 10 a0 49 20 b3 df a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
page 4 pg_code=29 sense=0xcb1d7c94/0xcb1d7c9a
sd_get_parms_page4: ... != 4 -> return ERESTART
page 5 sense: 86 0b 00 02 00 00 1d 1c 59 6f ff 00 00 ff ff f9 8f f5 80 03 8c 10 a0 49 20 b3 df a4 ab 5b 85 08 2e 85 34 b2 00 00 00 00 00 00 00 00 00 00 00 00
sd0: fabricating a geometry

Index: scsiconf.c
===================================================================
RCS file: /cvsroot/src/sys/dev/scsipi/scsiconf.c,v
retrieving revision 1.236
diff -u -r1.236 scsiconf.c
--- scsiconf.c	30 Mar 2006 16:09:28 -0000	1.236
+++ scsiconf.c	11 Sep 2006 00:12:48 -0000
@@ -571,6 +571,8 @@
 	/* Broken IBM disk */
 	{{T_DIRECT, T_FIXED,
 	 ""	   , "DFRSS2F",		 ""},	  PQUIRK_AUTOSAVE},
+	{{T_DIRECT, T_FIXED,
+	 "Initio  ", "",		 ""},	  PQUIRK_NOBIGMODESENSE},
 	{{T_DIRECT, T_REMOV,
 	 "MPL     ", "MC-DISK-        ", ""},     PQUIRK_NOLUNS},
 	{{T_DIRECT, T_FIXED,

The range check could be made stricter (sizeof(scsipi_sense) - sizeof
(what we're looking for)) but it works for weeding out the gross
nonsense.

Index: sd.c
===================================================================
RCS file: /cvsroot/src/sys/dev/scsipi/sd.c,v
retrieving revision 1.247
diff -u -r1.247 sd.c
--- sd.c	30 Mar 2006 16:09:28 -0000	1.247
+++ sd.c	11 Sep 2006 00:12:48 -0000
@@ -1816,6 +1816,9 @@
 		poffset += scsipi_sense.header.small.blk_desc_len;
 	}
 
+	if (poffset > sizeof(scsipi_sense))
+		return ERESTART;
+
 	pages = (void *)((u_long)&scsipi_sense + poffset);
 #if 0
 printf("page 4 sense:"); for (i = sizeof(scsipi_sense), p = (void *)&scsipi_sense; i; i--, p++) printf(" %02x", *p); printf("\n");
@@ -1891,6 +1894,9 @@
 		poffset += scsipi_sense.header.small.blk_desc_len;
 	}
 
+	if (poffset > sizeof(scsipi_sense))
+		return ERESTART;
+
 	pages = (void *)((u_long)&scsipi_sense + poffset);
 #if 0
 printf("page 5 sense:"); for (i = sizeof(scsipi_sense), p = (void *)&scsipi_sense; i; i--, p++) printf(" %02x", *p); printf("\n");

These patches apply to -current with some offset.

-Olaf.
-- 
___ Olaf 'Rhialto' Seibert      -- You author it, and I'll reader it.
\X/ rhialto/at/xs4all.nl        -- Cetero censeo "authored" delendum esse.