svn commit: r330876 - head/sys/dev/isp

[Brooks Davis]

Author: brooks
Date: Tue Mar 13 19:56:10 2018
New Revision: 330876
URL: https://svnweb.freebsd.org/changeset/base/330876

Log:
  Fix ISP_FC_LIP and ISP_RESCAN on big-endian 64-bit systems.
  
  For _IO() ioctls, addr is a pointer to uap->data which is a caddr_t.
  When the caddr_t stores an int, dereferencing addr as an (int *) results
  in truncation on little-endian 64-bit systems and corruption (owing to
  extracting top bits) on big-endian 64-bit systems. In practice the
  value of chan was probably always zero on systems of the latter type as
  all such FreeBSD platforms use a register-based calling convention.
  
  Reviewed by:	mav
  Obtained from:	CheriBSD
  MFC after:	1 week
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D14673

Modified:
  head/sys/dev/isp/isp_freebsd.c

Modified: head/sys/dev/isp/isp_freebsd.c
==============================================================================
--- head/sys/dev/isp/isp_freebsd.c	Tue Mar 13 19:49:06 2018	(r330875)
+++ head/sys/dev/isp/isp_freebsd.c	Tue Mar 13 19:56:10 2018	(r330876)
@@ -444,7 +444,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int
 
 	case ISP_RESCAN:
 		if (IS_FC(isp)) {
-			chan = *(int *)addr;
+			chan = *(intptr_t *)addr;
 			if (chan < 0 || chan >= isp->isp_nchan) {
 				retval = -ENXIO;
 				break;
@@ -461,7 +461,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int
 
 	case ISP_FC_LIP:
 		if (IS_FC(isp)) {
-			chan = *(int *)addr;
+			chan = *(intptr_t *)addr;
 			if (chan < 0 || chan >= isp->isp_nchan) {
 				retval = -ENXIO;
 				break;