From <@vec.ccupm.upm.es:javier@ozono.asin.es>  Sun Dec 29 14:42:51 1996
Received: from vec.ccupm.upm.es (vec.ccupm.upm.es [138.100.1.2])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id OAA15335
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 29 Dec 1996 14:42:50 -0800 (PST)
Received: from ozono.asin.es by vec.ccupm.upm.es (IBM VM SMTP V2R3) with TCP;
   Sun, 29 Dec 96 23:42:21 INV
Received: (from javier@localhost) by ozono.asin.es (8.8.2/8.8.2) id XAA01090; Sun, 29 Dec 1996 23:41:31 +0100 (MET)
Message-Id: <199612292241.XAA01090@ozono.asin.es>
Date: Sun, 29 Dec 1996 23:41:31 +0100 (MET)
From: jmrueda@diatel.upm.es
Reply-To: jmrueda@diatel.upm.es
To: FreeBSD-gnats-submit@freebsd.org
Subject: Using Genius GS-4500 scanner causes page fault panic
X-Send-Pr-Version: 3.2

>Number:         2319
>Category:       kern
>Synopsis:       Using Genius GS-4500 scanner causes page fault panic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 29 14:50:01 PST 1996
>Closed-Date:    Mon Dec 30 21:42:57 MET 1996
>Last-Modified:  Mon Dec 30 21:44:44 MET 1996
>Originator:     Javier Martmn Rueda
>Release:        FreeBSD 2.2-ALPHA i386
>Organization:
>Environment:

	

>Description:

Apparently, someone changed the gsc driver to allocate one big buffer
at device attach time, instead of allocating and freeing buffers as
necessary. But he or she forgot to remove the line that invalidated
the buffer when the device is closed. Therefore, after using the
device for the first time, the buffer was incorrectly invalidated and
that caused a page fault on the second, and subsequent uses.

	

>How-To-Repeat:

sgsc -r 400 -h 800
cat < /dev/gsc0p > /tmp/file

WARNING: that will make the system panic.
	

>Fix:

This simple patch fixes this:

*** gsc.c.orig	Wed Jun 12 07:03:37 1996
--- gsc.c	Sun Dec 29 22:39:05 1996
***************
*** 635,641 ****
  
    outb(scu->ctrl, scu->ctrl_byte & ~GSC_POWER_ON);
  
-   scu->sbuf.base = NULL;
    scu->sbuf.size = INVALID;
    scu->sbuf.poi  = INVALID;
  
--- 635,640 ----
	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Mon Dec 30 21:42:57 MET 1996 
State-Changed-Why:  
Suggested fix applied in rev 1.23 of gsc.c, muchas gracias! 

>Unformatted:
