From pb@fasterix.freenix.fr  Tue Apr 25 18:47:23 1995
Received: from jabba.fdn.org (jabba.fdn.org [193.55.4.70])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id SAA29493
          for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Apr 1995 18:47:10 -0700
Received: (from uucp@localhost) by jabba.fdn.org (8.6.8/8.6.9) with UUCP id DAA09065 for FreeBSD-gnats-submit@freebsd.org; Wed, 26 Apr 1995 03:46:54 +0200
Received: (pb@localhost) by fasterix.frmug.fr.net (8.6.11/fasterix-941011) id CAA00321; Wed, 26 Apr 1995 02:36:59 +0200
Message-Id: <199504260036.CAA00321@fasterix.frmug.fr.net>
Date: Wed, 26 Apr 1995 02:36:59 +0200
From: pb@fasterix.freenix.fr
Reply-To: pb@fasterix.freenix.fr
To: FreeBSD-gnats-submit@freebsd.org
Subject: page fault in sio.c:sioioctl soon after boot (+ suggested fix)
X-Send-Pr-Version: 3.2

>Number:         363
>Category:       kern
>Synopsis:       page fault in sio.c soon after boot (+ suggested fix)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 25 18:50:04 1995
>Closed-Date:    Sun May 7 02:09:10 PDT 1995
>Last-Modified:
>Originator:     Pierre Beyssac
>Release:        FreeBSD 2.1.0-Development i386
>Organization:
Pierre Beyssac
>Environment:

	out-of-the-box April 12th snapshot.

>Description:

page fault line 1296 in sioioctl() :

sio.c:
  1293		com = com_addr(MINOR_TO_UNIT(mynor));
  1294		iobase = com->iobase;
  1295		tp = com->tp;
->1296		term = tp->t_termios;
  1297		oldcmd = cmd;


>How-To-Repeat:

	boot single
	stty -f /dev/ttyid0

		-> page fault

>Fix:
	
suggested fix in sioopen() :

   781		if ((u_int) unit >= NSIO || (com = com_addr(unit)) == NULL)
   782			return (ENXIO);
|< 783		if (mynor & CONTROL_MASK)
|< 784			return (0);
|  785	#if 0 /* XXX TK2.0 */
|  786		tp = com->tp = sio_tty[unit] = ttymalloc(sio_tty[unit]);
|  787	#else
|  788		tp = com->tp = &sio_tty[unit];
|  789	#endif
-->

Move 783-784 after 789

Note that there seems to be a workaround : access /dev/ttydX before
/dev/tty[il]X, using comcontrol for example (as in rc.serial, which may
explain why the bug has gone unnoticed).

Note also that there might be other pointers missing an initialization ;
I had another panic after that fix (most likely related because it occured
on a system call done by getty()), but have not been able to track down
the problem yet.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: bde 
State-Changed-When: Sun May 7 02:09:10 PDT 1995 
State-Changed-Why:  
Already fixed in revision 1.92 of sio.c on 1995/04/13. 
>Unformatted:



