NetBSD Problem Report #24741

Received: (qmail 19250 invoked by uid 605); 11 Mar 2004 09:31:10 -0000
Message-Id: <20040311093104.E3ECD11156@narn.netbsd.org>
Date: Thu, 11 Mar 2004 09:31:04 +0000 (UTC)
From: aymeric@netbsd.org
Sender: gnats-bugs-owner@NetBSD.org
Reply-To: aymeric@netbsd.org
To: gnats-bugs@gnats.NetBSD.org
Subject: uninitialized variable can cause early crash of a DIAGNOSTIC kernel
X-Send-Pr-Version: www-1.0

>Number:         24741
>Category:       port-powerpc
>Synopsis:       uninitialized variable can cause early crash of a DIAGNOSTIC kernel
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-powerpc-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 11 09:32:00 +0000 2004
>Closed-Date:    Thu Mar 11 15:40:26 +0000 2004
>Last-Modified:  Thu Mar 11 15:41:00 +0000 2004
>Originator:     Aymeric Vincent
>Release:        1.6ZK
>Organization:
>Environment:
NetBSD/macppc 1.6ZK, custom kernel
>Description:
Variable sme_flags isn't initialized to zero in arch/powerpc/oea/cpu_subr.c:cpu_tau_setup().

This is wrong and can trigger a KASSERT() in the sysmon code very early at startup on G3's, depending on the state of the memory upon booting.

>How-To-Repeat:

Use your G3 powerpc machine of choice, reboot, and notice the exact same kernel you've been booting hundreds times before does not boot anymore.

>Fix:
The following patch initializes explicitly sme_flags to zero, and also zeroes out the whole structure on allocation to avoid erratic behaviours in the future. This is really a trivial fix, anyone can commit it now. (can't commit myself right now)

Index: cpu_subr.c
===================================================================
RCS file: /cvsroot/src/sys/arch/powerpc/oea/cpu_subr.c,v
retrieving revision 1.12
diff -u -r1.12 cpu_subr.c
--- cpu_subr.c	17 Feb 2004 22:03:52 -0000	1.12
+++ cpu_subr.c	11 Mar 2004 09:10:46 -0000
@@ -774,7 +774,7 @@
 	} *datap;
 	int error;

-	datap = malloc(sizeof(*datap), M_DEVBUF, M_WAITOK);
+	datap = malloc(sizeof(*datap), M_DEVBUF, M_WAITOK | M_ZERO);

 	ci->ci_sysmon_cookie = &datap->sme;
 	datap->sme.sme_nsensors = 1;
@@ -789,6 +789,7 @@
 	datap->sme.sme_cookie = ci;
 	datap->sme.sme_gtredata = cpu_tau_gtredata;
 	datap->sme.sme_streinfo = cpu_tau_streinfo;
+	datap->sme.sme_flags = 0;

 	if ((error = sysmon_envsys_register(&datap->sme)) != 0)
 		aprint_error("%s: unable to register with sysmon (%d)\n",

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: christos 
State-Changed-When: Thu Mar 11 10:40:20 EST 2004 
State-Changed-Why:  
fixed, thanks 

From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:  
Subject: pr/24741 CVS commit: src/sys/arch/powerpc/oea
Date: Thu, 11 Mar 2004 15:40:13 +0000 (UTC)

 Module Name:	src
 Committed By:	christos
 Date:		Thu Mar 11 15:40:13 UTC 2004

 Modified Files:
 	src/sys/arch/powerpc/oea: cpu_subr.c

 Log Message:
 PR/24741: Aymeric Vincent: Variable sme_flags isn't initialized to zero


 To generate a diff of this commit:
 cvs rdiff -r1.12 -r1.13 src/sys/arch/powerpc/oea/cpu_subr.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

Home	PR Database Search