kern/42374: The fdc driver panics the system when it's attached using the pnpbios.

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/42374: The fdc driver panics the system when it's attached using the pnpbios.
From: buhrow%lothlorien.nfbcal.org@localhost
Date: Wed, 25 Nov 2009 08:45:00 +0000 (UTC)

>Number:         42374
>Category:       kern
>Synopsis:       The fdc driver panics the system when it's attached using the 
>pnpbios.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Nov 25 08:45:00 +0000 2009
>Originator:     Brian Buhrow
>Release:        NetBSD 5.0 and later
>Organization:
        
>Environment:
        
        
>Description:
        
        When the fdc(4) driver tries to attach via the pnpbios, it panics the
system with a NULL pointer reference.
Here is a trace:

[... starts with dmesg output, clipped to the relevant part]

lpt3 at pnpbios0 index 3 (PNP0400)
lpt3: io 378-37f 778-77f, irq 7
fdc1 at pnpbios0 index 4 (PNP0700)
fdc1: io 3f0-3f5, irq 6, DMA 2
fdc1: ctl io 3f7 didn't probe. Forced attach
uvm_fault(0xc0ac3580, 0, 2) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 2 eip c0414ae6 cs 8 eflags 10246 cr2 80 ilevel 8
kernel: supervisor trap page fault, code=0
Stopped in pid 0.1 (system) at  netbsd:device_pmf_driver_register+0x56: movl    
%
ebx,0x80(%esi)
db{0}> bt
device_pmf_driver_register(0,c0658d50,c0657d90,0,c0ab33d8,cb7d7484,c0bd59b8,c065
8d0b,0,c0658d50) at netbsd:device_pmf_driver_register+0x56
pmf_device_register1(0,c0658d50,c0657d90,0,cb7d7484,cb7d7484,c0bd59f8,c070366a,c
b7d7484,6) at netbsd:pmf_device_register1+0x27
fdcattach(cb7d7484,6,2,6,c0657bb0,cb7d7484,cb517ed0,c0700f38,198b5cd,3f0) at net
bsd:fdcattach+0x12b
fdc_pnpbios_attach(cb517eb4,cb7d754c,c0bd5b08,c0bd5a60,c0bd5b08,c0a18c60,cb7d754
c,cb1a6a14,c0bd5b08,0) at netbsd:fdc_pnpbios_attach+0x1ca
config_attach_loc(cb517eb4,c0a0a448,c0bd5a60,c0bd5b08,c0700ec0,c0414f30,c0bd5b28
,c04224e6,c09adc96,3) at netbsd:config_attach_loc+0x163
pnpbios_attachchild(0,cb517ed0,2,0,0,4,cb1a6a14,64,0,0) at netbsd:pnpbios_attach
child+0x77
pnpbios_attachnode(3f,0,1,1b,0,1,0,c0a0af40,cb1cdee0,cb1a6a14) at netbsd:pnpbios
_attachnode+0x24e
pnpbios_attach(cb517bac,cb517eb4,c0bd5c0c,0,c0bd5c0c,c0bd5bc4,cb517eb4,0,0,0) at
 netbsd:pnpbios_attach+0x403
config_attach_loc(cb517bac,c0a0ad90,0,c0bd5c0c,0,0,c0bd5c58,c04fb2b5,cb517bac,c0
9707b4) at netbsd:config_attach_loc+0x163
config_found_ia(cb517bac,c09707b4,c0bd5c0c,0,cb1cef64,c0bd5c0c,0,c0ae8ec0,c0a9df
34,c0972ab2) at netbsd:config_found_ia+0x32
mainbus_attach(0,cb517bac,0,c04150ae,c096fbc4,c096fbc4,cb517bac,0,c096fbc4,bda00
0) at netbsd:mainbus_attach+0x2e5
config_attach_loc(0,c0a094e8,0,0,0,bda000,c0bd5cc8,c0416674,0,c0a094e8) at netbs
d:config_attach_loc+0x163
config_attach(0,c0a094e8,0,0,c0bd3010,bd3000,c0bd5ce8,c04c409d,c096fbc4,0) at ne
tbsd:config_attach+0x2c
config_rootfound(c096fbc4,0,c0bd5ce8,c0416945,c0ac5860,c0bd3010,c0bd5d38,c03dca0
f,c0aafa40,a) at netbsd:config_rootfound+0x44
cpu_configure(c0aafa40,a,14,f9300,0,0,0,0,0,0) at netbsd:cpu_configure+0x2d
main(0,c01002a7,0,0,0,0,0,0,0,0) at netbsd:main+0x1af
db{0}> sync
ACPI Error (hwacpi-0156): No SMI_CMD in FADT, mode transition failed [20080321]
ACPI Error (evxfevnt-0221): Could not exit ACPI mode to legacy mode [20080321]

The operating system has halted.
Please press any key to reboot.

rebooting...

>How-To-Repeat:
        
        Build an I386 kernel with the pnpbios enabled and uncomment the fdc
attachment to the pnpbios in the config file.

i.e.

Make sure the following two lines appear in your config:
pnpbios*        at mainbus?
fdc*            at pnpbios? index ?     # floppy controller

        Then, boot the kernel without acpi enabled, as the acpi attachment
will take precedence over the pnpbios attachment.

>Fix:
        

The following patch fixes the problem.  I imagine this applies to -current
as well as 5.x, so if it could be fixed in both places, that would be
great.
-thanks
-Brian

Index: fdc_pnpbios.c
===================================================================
RCS file: /cvsroot/src/sys/arch/i386/pnpbios/fdc_pnpbios.c,v
retrieving revision 1.14
diff -u -r1.14 fdc_pnpbios.c
--- fdc_pnpbios.c       28 Apr 2008 20:23:25 -0000      1.14
+++ fdc_pnpbios.c       25 Nov 2009 08:21:28 -0000
@@ -93,6 +93,7 @@
        aprint_normal("\n");
 
        fdc->sc_ic = aa->ic;
+       fdc->sc_dev = self;
 
        if (pnpbios_io_map(aa->pbt, aa->resc, 0, &fdc->sc_iot,
             &pdc->sc_baseioh)) {


Here's what the correct probe/attachment should look like:

[ ... again, dmesg trimmed for relevants...]

lpt3 at pnpbios0 index 3 (PNP0400)
lpt3: io 378-37f 778-77f, irq 7
fdc1 at pnpbios0 index 4 (PNP0700)
fdc1: io 3f0-3f5, irq 6, DMA 2
fdc1: ctl io 3f7 didn't probe. Forced attach
pckbc1 at pnpbios0 index 5 (PNP0F13): aux port
PNP0A03 (io cf8-cff) at pnpbios0 index 6 ignored

...

>Unformatted:
 When the fdc driver attaches via the pnpbios under NetBSD-5, it panics the 
system with a NULL pointer reference.

Prev by Date: Re: kern/42095 (Interface specific IPv6 'accept_rtadv' effectively always set to 0 at startup)
Next by Date: Re: port-amd64/42091: ld devices can't be set up with more than 2^31 sectors
Previous by Thread: Re: kern/42095 (Interface specific IPv6 'accept_rtadv' effectively always set to 0 at startup)
Next by Thread: kern/42375: ahd driver uses wrong mask if CND-queuing failed
Indexes:

Home | Main Index | Thread Index | Old Index