From j@uriah.heep.sax.de  Tue Dec 17 15:22:15 1996
Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id PAA27473
          for <freebsd-gnats-submit@freebsd.org>; Tue, 17 Dec 1996 15:22:02 -0800 (PST)
Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id AAA17388; Wed, 18 Dec 1996 00:21:59 +0100
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id AAA19019; Wed, 18 Dec 1996 00:21:58 +0100
Received: (from j@localhost) by uriah.heep.sax.de (8.8.4/8.6.9) id AAA18313; Wed, 18 Dec 1996 00:19:26 +0100 (MET)
Message-Id: <199612172319.AAA18313@uriah.heep.sax.de>
Date: Wed, 18 Dec 1996 00:19:26 +0100 (MET)
From: J Wunsch <j@uriah.heep.sax.de>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
To: curt@tkg.com
Cc: freebsd-gnats-submit@freebsd.org
In-Reply-To: <199612161509.HAA11139@freefall.freebsd.org> from "curt@tkg.com" at "Dec 16, 96 07:09:41 am"
Subject: Re: ill-defined mouse device crashes system

>Number:         2236
>Category:       kern
>Synopsis:       Re: ill-defined mouse device crashes system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    joerg
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 17 15:30:02 PST 1996
>Closed-Date:    Mon Dec 23 20:11:00 MET 1996
>Last-Modified:  Mon Dec 23 20:13:17 MET 1996
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Mon Dec 23 20:11:00 MET 1996 
State-Changed-Why:  
This is a duplicate for PR # bin/2226, and has already been closed. 



Responsible-Changed-From-To: gnats-admin->joerg 
Responsible-Changed-By: joerg 
Responsible-Changed-When: Mon Dec 23 20:11:00 MET 1996 
Responsible-Changed-Why:  
Misfiled to gnats-admin 
I've fixed the bug already. 
>Unformatted:
As curt@tkg.com wrote:

> i had a ps/2 mouse.  even though dmesg said it was not detected, a
> /dev/mse0 device was created.  'cat /dev/mse0' crashes the machine.
> 
> such user command should not be able to crash the system if we want
> freebsd to achieve a reputation of robustness.

I think the `mse' driver is very good in misdetecting foreign
hardware...  Can you quote its boot message, too?  (mse0: ...)

Basically, it's the same old evil that you can't reliable probe most
PC hardware on the ISA bus.  (EISA and PCI are way better.)

> maybe spec_open() needs to be a little more careful?  not sure.

Nothing with spec_open().  It simply passes the request on to the mse
driver.  Of course, since there isn't really an mse-style mouse (but
the driver's probe routine initially thought there were one), it gets
confused.

> #4  0xf01a7563 in trap (frame={tf_es = 16, tf_ds = -257425392, tf_edi = 27, 
>       tf_esi = -1073545062, tf_ebp = -272630344, tf_isp = -272630380, 
>       tf_ebx = -2147483648, tf_edx = 0, tf_ecx = -266316512, tf_eax = 0, 
>       tf_trapno = 12, tf_err = 0, tf_eip = 0, tf_cs = 8, tf_eflags = 78470, 
>       tf_esp = -266598368, tf_ss = 0}) at ../../i386/i386/trap.c:310
> #5  0xf019d451 in calltrap ()

See the section about kernel debugging in the handbook for how to
uncover the real location of the error.  It's hidden in a trap frame.

Basically:

(gdb) up 4
(gdb) frame frame->tf_ebp frame->tf_eip

This should tell you where exactly the crash happened (inside
mseopen(), one would think).  You can help us by quoting this spot,
and perhaps values of related variables that are likely to have caused
the page fault.

Of course, you could help us even more by discovering how to
distinguish your hardware from a real mse mouse... but that's probably
not that easy.  Wait... mse by default probes at address 0x23c, that's
a very weird one.  Do you perchance know which device in your machine
might sit at this address?  That's probably the culprit that finally
fooled the mse device probe.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
