svn commit: r353459 - head/sys/contrib/ncsw/user/env
Brandon Bergren
bdragon at FreeBSD.org
Sat Oct 12 23:16:18 UTC 2019
Author: bdragon
Date: Sat Oct 12 23:16:17 2019
New Revision: 353459
URL: https://svnweb.freebsd.org/changeset/base/353459
Log:
Fix read past end of struct in ncsw glue code.
The logic in XX_IsPortalIntr() was reading past the end of XX_PInfo.
This was causing it to erroneously return 1 instead of 0 in some
circumstances, causing a panic on the AmigaOne X5000 due to mixing
exclusive and nonexclusive interrupts on the same interrupt line.
Since this code is only called a couple of times during startup, use
a simple double loop instead of the complex read-ahead single loop.
This also fixes a bug where it would never check cpu=0 on type=1.
Approved by: jhibbits (mentor)
Differential Revision: https://reviews.freebsd.org/D21988
Modified:
head/sys/contrib/ncsw/user/env/xx.c
Modified: head/sys/contrib/ncsw/user/env/xx.c
==============================================================================
--- head/sys/contrib/ncsw/user/env/xx.c Sat Oct 12 23:01:16 2019 (r353458)
+++ head/sys/contrib/ncsw/user/env/xx.c Sat Oct 12 23:16:17 2019 (r353459)
@@ -288,16 +288,10 @@ XX_IsPortalIntr(uintptr_t irq)
{
int cpu, type;
/* Check interrupt numbers of all available portals */
- for (cpu = 0, type = 0; XX_PInfo.portal_intr[type][cpu] != 0; cpu++) {
- if (irq == XX_PInfo.portal_intr[type][cpu]) {
- /* Found it! */
- return (1);
- }
- if (XX_PInfo.portal_intr[type][cpu + 1] == 0) {
- type++;
- cpu = 0;
- }
- }
+ for (type = 0; type < 2; type++)
+ for (cpu = 0; cpu < MAXCPU; cpu++)
+ if (irq == XX_PInfo.portal_intr[type][cpu])
+ return (1);
return (0);
}
More information about the svn-src-head
mailing list