svn commit: r330876 - head/sys/dev/isp
Brooks Davis
brooks at FreeBSD.org
Tue Mar 13 19:56:11 UTC 2018
Author: brooks
Date: Tue Mar 13 19:56:10 2018
New Revision: 330876
URL: https://svnweb.freebsd.org/changeset/base/330876
Log:
Fix ISP_FC_LIP and ISP_RESCAN on big-endian 64-bit systems.
For _IO() ioctls, addr is a pointer to uap->data which is a caddr_t.
When the caddr_t stores an int, dereferencing addr as an (int *) results
in truncation on little-endian 64-bit systems and corruption (owing to
extracting top bits) on big-endian 64-bit systems. In practice the
value of chan was probably always zero on systems of the latter type as
all such FreeBSD platforms use a register-based calling convention.
Reviewed by: mav
Obtained from: CheriBSD
MFC after: 1 week
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14673
Modified:
head/sys/dev/isp/isp_freebsd.c
Modified: head/sys/dev/isp/isp_freebsd.c
==============================================================================
--- head/sys/dev/isp/isp_freebsd.c Tue Mar 13 19:49:06 2018 (r330875)
+++ head/sys/dev/isp/isp_freebsd.c Tue Mar 13 19:56:10 2018 (r330876)
@@ -444,7 +444,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int
case ISP_RESCAN:
if (IS_FC(isp)) {
- chan = *(int *)addr;
+ chan = *(intptr_t *)addr;
if (chan < 0 || chan >= isp->isp_nchan) {
retval = -ENXIO;
break;
@@ -461,7 +461,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int
case ISP_FC_LIP:
if (IS_FC(isp)) {
- chan = *(int *)addr;
+ chan = *(intptr_t *)addr;
if (chan < 0 || chan >= isp->isp_nchan) {
retval = -ENXIO;
break;
More information about the svn-src-all
mailing list