From petri@ibr.cs.tu-bs.de  Tue Jun 20 13:06:57 1995
Received: from ra.ibr.cs.tu-bs.de (ra.ibr.cs.tu-bs.de [134.169.246.34])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id NAA10222
          ; Tue, 20 Jun 1995 13:06:40 -0700
Received: from jupiter [134.169.34.4] by ra.ibr.cs.tu-bs.de (8.6.10/tubsibr) with ESMTP id WAA01306; Tue, 20 Jun 1995 22:06:10 +0200
Received: from petri@localhost by jupiter.ibr.cs.tu-bs.de (8.6.11/tubsibr) id WAA00698; Tue, 20 Jun 1995 22:06:09 +0200
Message-Id: <199506202006.WAA00698@jupiter.ibr.cs.tu-bs.de>
Date: Tue, 20 Jun 1995 22:06:09 +0200
From: petri@ibr.cs.tu-bs.de (stefan Petri)
Reply-To: petri@ibr.cs.tu-bs.de
To: FreeBSD-gnats-submit@freebsd.org, bugs@freebsd.org
Subject: pci_bus_config() does not init parent pointers in device list + fix
X-Send-Pr-Version: 3.2

>Number:         558
>Category:       kern
>Synopsis:       pci_bus_config() does not init parent pointers in device list
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 23 07:27:18 1995
>Closed-Date:    Sun Apr 12 10:49:26 PDT 1998
>Last-Modified:  Sun Apr 12 10:49:47 PDT 1998
>Originator:     Stefan Petri
>Release:        FreeBSD 2.0.950412-SNAP i386
>Organization:
TU Braunschweig, Inst. f. Betriebssysteme u. Rechnerverbund
>Environment:

	486 with PCI bus,
	FreeBSD kernel with ``option DIAGNOSTIC'' enabled

>Description:

	/usr/src/sys/pci.c::pci_bus_config() does not initialize the
	parent pointers in the devconf list; there is also a comment
	that this should be added. In the GENERIC kernel, this seems not
	to be a real problem, because the freshly malloced devconf
	structure almost always is pre-set with 0 resp. NULL.
	However, if ``option DIAGNOSTIC'' is enabled, malloc() will
	fill all memory areas with pattern 0xdeadbeef. If lsdev(8) is
	invoked on such a kernel, it will result in a panic when
	trying to get the descriptions for the PCI bus via sysctl(3).

>How-To-Repeat:

	short version: invoke lsdev(8) on a kernel compiled with DIAGNOSTIC,
	on a machine with PCI bus

	long version: instrument lsdev and /sys/kern/kern_devconf.c with
	printf()s, and then:

jupiter:/tmp 2 # sync;sync;sync;./lsdev+printf
Device     State           Description
---------- --------------- --------------------------------------------------
cpu0       Busy            i486 DX4
[..]
npx0       Busy            Floating-point unit
> sysctl( {6, 11, 12}, 3, dc, &size, 0, 0)
jupiter /kernel: make_devconf(name=chip unit=0 number=12 parent=0xdeadbeef
                                   ^^^^                         ^^^^^^^^^^
jupiter /kernel: Fatal trap 12: page fault while in kernel mode
[..]




>Fix:
	
simply disabling DIAGNOSTIC would be the equivalent to wearing my
Joo Janta 200 Super-Chromatic Peril Sensitive Sunglasses, so I
suggest the following:

--- pci.c-2.0.950412-SNAP	Thu Mar 23 07:14:44 1995
+++ pci.c	Tue Jun 20 21:27:04 1995
@@ -551,7 +551,10 @@
 		pdcp -> pdc_kdc.kdc_name = dvp->pd_name;
 		pdcp -> pdc_kdc.kdc_unit = unit;
 
+		pdcp -> pdc_kdc.kdc_parent = NULL;
+
 		pdcp -> pdc_kdc.kdc_md.mddc_devtype = MDDT_PCI;
+		pdcp -> pdc_kdc.kdc_md.mddc_flags = 0;
 
 		pdcp -> pdc_kdc.kdc_externalize = pci_externalize;
 		pdcp -> pdc_kdc.kdc_internalize = pci_internalize;
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: phk 
State-Changed-When: Sun Apr 12 10:49:26 PDT 1998 
State-Changed-Why:  
devconf is dead 
>Unformatted:


