NetBSD Problem Report #35934
From apb@cequrux.com Tue Mar 6 08:33:23 2007
Return-Path: <apb@cequrux.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 6644463B8A7
for <gnats-bugs@gnats.NetBSD.org>; Tue, 6 Mar 2007 08:33:23 +0000 (UTC)
Message-Id: <20070306083311.7D9126037E@apb-laptoy.apb.alt.za>
Date: Tue, 6 Mar 2007 10:33:11 +0200 (SAST)
From: apb@cequrux.com
To: gnats-bugs@NetBSD.org
Subject: read(2) from raw disk into unaligned buffer
X-Send-Pr-Version: 3.95
>Number: 35934
>Category: kern
>Synopsis: read(2) from raw disk into unaligned buffer
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: analyzed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Mar 06 08:35:00 +0000 2007
>Closed-Date:
>Last-Modified: Sun Mar 11 21:10:05 +0000 2007
>Originator: Alan Barrett
>Release: NetBSD 4.99.13
>Organization:
Not much
>Environment:
System: NetBSD 4.99.13
Architecture: i386
Machine: i386
>Description:
When read(2) is asked to read from a raw disk device into an unaligned
buffer, the result is written into memory starting 1 byte before the
specified buffer. This problem does not occur when reading from
ordinary files or from non-raw disk devices.
>How-To-Repeat:
$ cat >test.c <<EOF
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int main(int argc, char **argv)
{
int fd;
int offset;
union {
uint64_t u_i64; /* ensure union is aligned */
unsigned char u_chars[2*512]; /* larger than necessary*/
} u;
#define buf u.u_chars
if (argc != 2) exit(1);
fd = open(argv[1], O_RDONLY);
if (fd < 0) exit(2);
for (offset = 0; offset < 8; offset++) {
memset(buf, 0, sizeof(buf));
lseek(fd, 0, 0);
read(fd, &buf[offset], 512);
printf("%02x%02x%02x%02x%02x%02x%02x%02x\n",
buf[0], buf[1], buf[2], buf[3],
buf[4], buf[5], buf[6], buf[7]);
}
return 0;
}
EOF
$ gcc -o test test.c
$ sudo ./test /dev/wd0a # works
eb3c904e65744253
00eb3c904e657442
0000eb3c904e6574
000000eb3c904e65
00000000eb3c904e
0000000000eb3c90
000000000000eb3c
00000000000000eb
$ sudo ./test /dev/rwd0a # fails
eb3c904e65744253
eb3c904e65744253
0000eb3c904e6574
0000eb3c904e6574
00000000eb3c904e
00000000eb3c904e
000000000000eb3c
000000000000eb3c
>Fix:
Not provided.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback
State-Changed-By: itohy@netbsd.org
State-Changed-When: Sat, 10 Mar 2007 03:24:53 +0000
State-Changed-Why:
On raw device access, the disk controller driver directly accesses
user-supplied buffer, so I think this problem is specific to the driver.
Which disk controller are you using?
Please supply the kernel messages.
From: ITOH Yasufumi <itohy@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: PR/35934 CVS commit: src/sys/dev/pci
Date: Sat, 10 Mar 2007 06:01:43 +0000 (UTC)
Module Name: src
Committed By: itohy
Date: Sat Mar 10 06:01:43 UTC 2007
Modified Files:
src/sys/dev/pci: piixide.c
Log Message:
I tried the test code in PR kern/35934 on PIIX4 and ICH6,
both of which turned out to have the problem.
Enabled (untested) workaround for all PIIX controllers.
XXX Do other controllers also have this problem?
To generate a diff of this commit:
cvs rdiff -r1.36 -r1.37 src/sys/dev/pci/piixide.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Alan Barrett <apb@cequrux.com>
To: gnats-bugs@NetBSD.org
Cc: netbsd-bugs@NetBSD.org
Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
Date: Sat, 10 Mar 2007 08:45:05 +0200
On Sat, 10 Mar 2007, itohy@NetBSD.org wrote:
> Which disk controller are you using?
> Please supply the kernel messages.
I am using the Intel 82801DBM controller, with the piix driver. Here
are the relevant messages:
piixide0 at pci0 dev 31 function 1
piixide0: Intel 82801DBM IDE Controller (ICH4-M) (rev. 0x01)
piixide0: bus-master DMA support present
piixide0: primary channel configured to compatibility mode
piixide0: primary channel interrupting at irq 14
atabus0 at piixide0 channel 0
piixide0: secondary channel configured to compatibility mode
piixide0: secondary channel interrupting at irq 15
atabus1 at piixide0 channel 1
wd0 at atabus0 drive 0: <ST9100824A>
wd0: drive supports 16-sector PIO transfers, LBA48 addressing
wd0: 95396 MB, 193821 cyl, 16 head, 63 sec, 512 bytes/sect x 195371568
sectors
rnd: wd0 attached as an entropy source (collecting and estimating)
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 5 (Ultra/100)
wd0(piixide0:0:0): using PIO mode 4, Ultra-DMA mode 5 (Ultra/100) (using DMA)
--apb (Alan Barrett)
From: itohy@NetBSD.org (ITOH Yasufumi)
To: apb@cequrux.com
Cc: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
Date: Sat, 10 Mar 2007 16:48:19 +0900
In article <20070310064505.GD1652@apb-laptoy.apb.alt.za>
apb@cequrux.com writes:
> On Sat, 10 Mar 2007, itohy@NetBSD.org wrote:
> > Which disk controller are you using?
> > Please supply the kernel messages.
>
> I am using the Intel 82801DBM controller, with the piix driver. Here
> are the relevant messages:
>
> piixide0 at pci0 dev 31 function 1
> piixide0: Intel 82801DBM IDE Controller (ICH4-M) (rev. 0x01)
OK, I've committed patch for piixide driver.
Does it work for you?
sys/dev/pci/piixide.c 1.37
Regards,
--
ITOH Yasufumi
From: David Laight <david@l8s.co.uk>
To: ITOH Yasufumi <itohy@NetBSD.org>
Cc: gnats-bugs@NetBSD.org
Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
Date: Sat, 10 Mar 2007 08:36:54 +0000
On Sat, Mar 10, 2007 at 04:48:19PM +0900, ITOH Yasufumi wrote:
> In article <20070310064505.GD1652@apb-laptoy.apb.alt.za>
> apb@cequrux.com writes:
>
> > On Sat, 10 Mar 2007, itohy@NetBSD.org wrote:
> > > Which disk controller are you using?
> > > Please supply the kernel messages.
> >
> > I am using the Intel 82801DBM controller, with the piix driver. Here
> > are the relevant messages:
> >
> > piixide0 at pci0 dev 31 function 1
> > piixide0: Intel 82801DBM IDE Controller (ICH4-M) (rev. 0x01)
>
> OK, I've committed patch for piixide driver.
> Does it work for you?
I saw the same fault on my system - which has:
atabus0 at viaide0 channel 0
Surely the buugy code can't be replicated in every driver ?
David
--
David Laight: david@l8s.co.uk
From: Alan Barrett <apb@cequrux.com>
To: gnats-bugs@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
Date: Sat, 10 Mar 2007 10:56:38 +0200
On Sat, 10 Mar 2007, ITOH Yasufumi wrote:
> OK, I've committed patch for piixide driver.
> Does it work for you?
>
> sys/dev/pci/piixide.c 1.37
Works for me. Thank you.
Is the inability to DMA to non-aligned addresses a hardware bug in this
particular controller, or is a documented feature of PCI in general, or
something in between?
--apb (Alan Barrett)
State-Changed-From-To: feedback->analyzed
State-Changed-By: itohy@netbsd.org
State-Changed-When: Sat, 10 Mar 2007 11:27:14 +0000
State-Changed-Why:
The particular problem is resolved, but thinking about the correct fix...
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, apb@cequrux.com
Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
Date: Sun, 11 Mar 2007 10:19:29 +0100
On Sat, Mar 10, 2007 at 11:10:05AM +0000, Alan Barrett wrote:
> The following reply was made to PR kern/35934; it has been noted by GNATS.
>
> From: Alan Barrett <apb@cequrux.com>
> To: gnats-bugs@netbsd.org, netbsd-bugs@netbsd.org
> Cc:
> Subject: Re: kern/35934 (read(2) from raw disk into unaligned buffer)
> Date: Sat, 10 Mar 2007 10:56:38 +0200
>
> On Sat, 10 Mar 2007, ITOH Yasufumi wrote:
> > OK, I've committed patch for piixide driver.
> > Does it work for you?
> >
> > sys/dev/pci/piixide.c 1.37
>
> Works for me. Thank you.
>
> Is the inability to DMA to non-aligned addresses a hardware bug in this
> particular controller, or is a documented feature of PCI in general, or
> something in between?
I can't check right now, but I suspect it's an issue with most pciide
controllers. I'd say the right fix should be in sys//dev/ata/ata_wdc.c
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home