Quadlet read/write bug
Buzz Slye
buzz at gaia.arc.nasa.gov
Wed May 26 14:00:12 PDT 2004
A temporary fix to the asyncronous read and write cases of fw_ioctl
for a req.len = 16 is (fwdev.c line 595):
int tc;
.....
/* copy response */
tc = xfer->recv.hdr.mode.hdr.tcode;
tinfo = &sc->fc->tcode[tc];
if (tc == FWTCODE_RRESQ || tc == FWTCODE_WRES)
asyreq->req.len = xfer->recv.pay_len;
else if (asyreq->req.len >= xfer->recv.pay_len + tinfo->hdr_len)
asyreq->req.len = xfer->recv.pay_len;
else
err = EINVAL;
The above will work for rreqq and wreqq, but I didn't look at the other cases.
Note that for the read request response, the payload length is 4, but the
header length is 16. This adds up to 20 which doesn't work for req.len=16.
The response header should be 12 maybe, if the payload is 4 ?
For the write request response, the payload length is 4096, but there really
isn't any payload returned. Returning req.len=4096 isn't good, but if the
application doesn't check it, it certainly beats returning EINVAL.
R. E. Slye
NASA/Ames
More information about the freebsd-firewire
mailing list