>Number:         33260
>Category:       port-i386
>Synopsis:       [dM] kernel divide-by-zero for some broken disks
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Apr 15 04:20:00 +0000 2006
>Originator:     der Mouse
>Release:        NetBSD 3.0
>Organization:
	Dis-
>Environment:
	NetBSD-3.0/i386, probably any using MBR partitioning
>Description:
	When an IDE drive reports zero sectors/track, zero heads, and
	zero cylinders, the kernel gets a divide-by-zero panic.
>How-To-Repeat:
	Find an IDE drive that's badly enough broken that it
	acknowledges its existence but claims to have zero
	sectors/track, zero heads, and zero cylinders.  (I have two
	such on hand and have seen a third in the past.)  Try to boot
	with that drive connected.  Watch the kernel panic with a
	divide-by-zero trap.  For example (ten-finger copy):

	...
	wd1 at atabus1 drive 1: <Maxtor N40P>
	wd1: drive supports 1-sector PIO transfers, chs addressing
	wd1: 0, 0 cyl, 0 head, 0 sec, 512 bytes/sec x 0 sectors
	wd1: 32-bit data port
	wd1(viaide0:1:1): using PIO mode 0
	kernel: integer divide fault trap, code=0

	The backtrace from this example goes read_sector, scan_mbr,
	readdisklabel, wdgetdisklabel, wdopen, spec_open,
	rf_find_raid_components, rf_autoconfig, ...

	While I didn't look up the exact pc in read_sector, it is small
	and does only one division, that being

        bp->b_cylinder = sector / a->lp->d_secpercyl;

	and it's totally plausible that d_secpercyl is zero in view of
	the numbers printed.
>Fix:
	Not sure.  Maybe error out of read_sector when d_secpercyl is
	zero?  It won't make such a disk _work_, but probably nothing
	will, and it should stop the panics.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B