Subject: kern/16058: If pcmcia com card insertation fails, kernel panics when card is removed.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <kivinen@ssh.fi>
List: netbsd-bugs
Date: 03/25/2002 23:28:16
>Number: 16058
>Category: kern
>Synopsis: If pcmcia com card insertation fails, kernel panics when card is removed.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Mar 25 13:30:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Tero Kivinen
>Release: NetBSD 1.5ZC
>Organization:
SSH Communications Security
>Environment:
System: NetBSD kaakeli.ssh.fi 1.5ZC NetBSD 1.5ZC (KAAKELI) #11: Mon Mar 25 22:50:11 EET 2002 root@kaakeli.ssh.fi:/usr/src/sys/arch/i386/compile/KAAKELI i386
Architecture: i386
Machine: i386
>Description:
I have Nokia pcmcia gsm modem card which I am trying to get
working (no driver for it yet). When I insert the card the
pcmcia i/o allocation fails (don't know the reason why yet),
and the com_pcmcia_attach fails, and returns without finishing
the initialization. When I then remove the card it fails,
because for example the sc_io_window and sc_pcioh are not set
properly.
There is also another bug in the com.c, where if the
com_attach fails and returns error, it might not yet have
allocated sc_rbuf or sc_tty (actually it cannot fail before
sc_tty is allocated, but the sc_rbuf allocation can fail).
Also if the sc_tty is not allocated that means that we have
not called the rnd_attach nor softintr_establish, so we must
not call them in detach too.
>How-To-Repeat:
Insert pcmcia com card whose com_pcmcia_attach routine cannot
allocate i/o addresses and then remove it.
>Fix:
Here is a diff:
Index: sys/dev/pcmcia/com_pcmcia.c
===================================================================
RCS file: /cvsroot/syssrc/sys/dev/pcmcia/com_pcmcia.c,v
retrieving revision 1.26
diff -u -b -r1.26 com_pcmcia.c
--- com_pcmcia.c 2002/03/10 19:20:50 1.26
+++ com_pcmcia.c 2002/03/25 21:11:47
@@ -216,7 +216,7 @@
int autoalloc = 0;
psc->sc_pf = pa->pf;
-
+ psc->sc_io_window = -1;
retry:
/* find a cfe we can use */
@@ -312,6 +312,11 @@
return error;
/* Unmap our i/o window. */
+ if (psc->sc_io_window == -1) {
+ /* Pcmcia i/o not allocated, return. */
+ printf("I/O window not allocated.");
+ return (0);
+ }
pcmcia_io_unmap(psc->sc_pf, psc->sc_io_window);
/* Free our i/o space. */
Index: sys/dev/ic/com.c
===================================================================
RCS file: /cvsroot/syssrc/sys/dev/ic/com.c,v
retrieving revision 1.194
diff -u -r1.194 com.c
--- com.c 2002/03/17 19:40:57 1.194
+++ com.c 2002/03/25 21:13:30
@@ -660,12 +660,21 @@
mn |= COMDIALOUT_MASK;
vdevgone(maj, mn, mn, VCHR);
- /* Free the receive buffer. */
- free(sc->sc_rbuf, M_DEVBUF);
+ if (sc->sc_rbuf != NULL) {
+ /* Free the receive buffer. */
+ free(sc->sc_rbuf, M_DEVBUF);
+ }
- /* Detach and free the tty. */
- tty_detach(sc->sc_tty);
- ttyfree(sc->sc_tty);
+ if (sc->sc_tty != NULL) {
+ /* Detach and free the tty. */
+ tty_detach(sc->sc_tty);
+ ttyfree(sc->sc_tty);
+ } else {
+ /* Return here, because the softintr and rnd has not been
+ initialized if we do not have sc_tty. Do not return
+ error, as the upper layer will otherwise call panic. */
+ return (0);
+ }
#ifdef __HAVE_GENERIC_SOFT_INTERRUPTS
/* Unhook the soft interrupt handler. */
>Release-Note:
>Audit-Trail:
>Unformatted:
NetBSD current, last update date 2002-03-20