NetBSD Problem Report #45371
From www@NetBSD.org Sat Sep 17 01:14:20 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id C035663B884
for <gnats-bugs@gnats.NetBSD.org>; Sat, 17 Sep 2011 01:14:19 +0000 (UTC)
Message-Id: <20110917011418.F380B63B86B@www.NetBSD.org>
Date: Sat, 17 Sep 2011 01:14:18 +0000 (UTC)
From: y7goto@gmail.com
Reply-To: y7goto@gmail.com
To: gnats-bugs@NetBSD.org
Subject: pic_disestablish_source() might fail to block irq which is larger than or equal to 32.
X-Send-Pr-Version: www-1.0
>Number: 45371
>Category: port-arm
>Synopsis: pic_disestablish_source() might fail to block irq which is larger than or equal to 32.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-arm-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Sep 17 01:15:01 +0000 2011
>Closed-Date: Tue Nov 20 03:17:05 +0000 2012
>Last-Modified: Tue Nov 20 03:17:05 +0000 2012
>Originator: Yuichiro Goto
>Release: 5.99.55
>Organization:
>Environment:
>Description:
As __BIT(irq) is passed to (*pic->pic_ops->pic_block_irqs)() in
pic_disestablish_source() in arch/arm/pic/pic.c, it might be greater
than the value which uint32_t is able to hold when irq >= 32.
Consequently a truncated irq mask is passed to
(*pic->pic_ops->pic_block_irqs)().
>How-To-Repeat:
>Fix:
See the diff below:
Index: pic.c
===================================================================
RCS file: /cvsroot/src/sys/arch/arm/pic/pic.c,v
retrieving revision 1.8
diff -u -r1.8 pic.c
--- pic.c 11 Mar 2011 03:16:14 -0000 1.8
+++ pic.c 17 Sep 2011 00:49:22 -0000
@@ -520,7 +520,7 @@
struct pic_softc * const pic = is->is_pic;
const int irq = is->is_irq;
- (*pic->pic_ops->pic_block_irqs)(pic, irq & ~31, __BIT(irq));
+ (*pic->pic_ops->pic_block_irqs)(pic, irq & ~0x1f, __BIT(irq & 0x1f));
pic->pic_sources[irq] = NULL;
pic__iplsources[pic_ipl_offset[is->is_ipl] + is->is_iplidx] = NULL;
evcnt_detach(&is->is_ev);
>Release-Note:
>Audit-Trail:
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45371 CVS commit: src/sys/arch/arm/pic
Date: Tue, 30 Oct 2012 07:42:39 +0000
Module Name: src
Committed By: msaitoh
Date: Tue Oct 30 07:42:38 UTC 2012
Modified Files:
src/sys/arch/arm/pic: pic.c
Log Message:
Fix a bug that incorrect arg is passed to pic_block_irqs() on disestablish.
Fixes PR#45371 by Yuichiro Goto.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/arch/arm/pic/pic.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Jeff Rizzo" <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/45371 CVS commit: [netbsd-6] src/sys/arch/arm/pic
Date: Mon, 19 Nov 2012 18:45:04 +0000
Module Name: src
Committed By: riz
Date: Mon Nov 19 18:45:04 UTC 2012
Modified Files:
src/sys/arch/arm/pic [netbsd-6]: pic.c
Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #656):
sys/arch/arm/pic/pic.c: revision 1.15
Fix a bug that incorrect arg is passed to pic_block_irqs() on disestablish.
Fixes PR#45371 by Yuichiro Goto.
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.8.10.1 src/sys/arch/arm/pic/pic.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: msaitoh@NetBSD.org
State-Changed-When: Tue, 20 Nov 2012 03:17:05 +0000
State-Changed-Why:
Fixed and pulled up to netbsd-6 branch.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home