From nobody@FreeBSD.org  Tue May 24 20:39:04 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EF7F616A41C
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 May 2005 20:39:04 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC76543D48
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 May 2005 20:39:04 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j4OKd4Xt080190
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 24 May 2005 20:39:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j4OKd4fN080184;
	Tue, 24 May 2005 20:39:04 GMT
	(envelope-from nobody)
Message-Id: <200505242039.j4OKd4fN080184@www.freebsd.org>
Date: Tue, 24 May 2005 20:39:04 GMT
From: Sean McNeil <sean@mcneil.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ATAPI support broken in -STABLE
X-Send-Pr-Version: www-2.3

>Number:         81450
>Category:       kern
>Synopsis:       [patch] ATAPI support broken in -STABLE
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    sos
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 24 20:40:01 GMT 2005
>Closed-Date:    Mon Jun 27 12:36:05 GMT 2005
>Last-Modified:  Mon Jun 27 19:20:24 GMT 2005
>Originator:     Sean McNeil
>Release:        5.4-STABLE
>Organization:
Sean McNeil Consulting, Inc
>Environment:
FreeBSD server.mcneil.com 5.4-STABLE FreeBSD 5.4-STABLE #25: Sun May 22 15:35:15 PDT 2005     root@server.mcneil.com:/usr/obj/usr/src/sys/AMD64  amd64

>Description:
      ata-queue.c:ata_completed() will issue a sense request when it encounters an ATAPI error.  This request fails to zero out the donecount which causes corruption of memory.  On amd64, it overwrites the callback value and crashes the computer.
>How-To-Repeat:
      Try to burn a CD from nautilus.  Since nautilus just invokes cdrecord, it should cause the same result by running cdrecord from a command line.

>Fix:
      The following patch fixes the crash:

--- sys/dev/ata/ata-queue.c.orig        Sun May 22 15:28:03 2005
+++ sys/dev/ata/ata-queue.c     Sun May 22 15:28:27 2005
@@ -340,6 +340,7 @@
            request->data = (caddr_t)&request->u.atapi.sense_data;
            request->bytecount = sizeof(struct atapi_sense);
            request->transfersize = sizeof(struct atapi_sense);
+           request->donecount = 0;
            request->timeout = 5;
            request->flags &= (ATA_R_ATAPI | ATA_R_QUIET);
            request->flags |= (ATA_R_READ | ATA_R_IMMEDIATE | ATA_R_REQUEUE);

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->sos 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue May 24 22:32:46 GMT 2005 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81450 
State-Changed-From-To: open->closed 
State-Changed-By: sos 
State-Changed-When: Mon Jun 27 12:34:42 GMT 2005 
State-Changed-Why:  
This is solved (differently) in -current and the ATA mkIII patches for 5-stable. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=81450 

From: Sean McNeil <sean@mcneil.com>
To: sos@freebsd.org, sean@mcneil.com, bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/81450: [patch] ATAPI support broken in -STABLE
Date: Mon, 27 Jun 2005 12:18:30 -0700

 This bug is being closed in error.  Please reopen it until the actual
 bug is fixed by:
 
 a) Applying my patch to -current.
 b) Applying the ATA mkIII patches to -current.
 
 Neither of these things have occurred and thus the bug still exists!
 
 I am actually upset with the bug tracking software that I cannot reopen
 this bug myself as it is an obvious mistake closing something before an
 actual fix has been implemented.  Especially since this is a verified
 problem.
 
 Cheers,
 Sean
 
 
>Unformatted:
