Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply the patch, with some minor modifications, provided in: 

http://mail-index.netbsd.org/port-arm/2007/06/04/0000.html

Addresses:
 - an array index overflow in ixpqmgr_intr().
 - ixpqmgr_sc must be initialised before calling ixp425_intr_establish().
This commit is contained in:
scw 2007-06-21 22:18:06 +00:00
parent a08d769680
commit 26603f78b6
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/arch/arm/xscale/ixp425_qmgr.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ixp425_qmgr.c,v 1.2 2007/02/22 05:14:05 thorpej Exp $ */
/* $NetBSD: ixp425_qmgr.c,v 1.3 2007/06/21 22:18:06 scw Exp $ */
/*-
* Copyright (c) 2006 Sam Leffler, Errno Consulting
@ -60,7 +60,7 @@
*/
#include <sys/cdefs.h>
/*__FBSDID("$FreeBSD: src/sys/arm/xscale/ixp425/ixp425_qmgr.c,v 1.1 2006/11/19 23:55:23 sam Exp $");*/
__KERNEL_RCSID(0, "$NetBSD: ixp425_qmgr.c,v 1.2 2007/02/22 05:14:05 thorpej Exp $");
__KERNEL_RCSID(0, "$NetBSD: ixp425_qmgr.c,v 1.3 2007/06/21 22:18:06 scw Exp $");
/*
* Intel XScale Queue Manager support.
@ -250,9 +250,11 @@ ixpqmgr_init(bus_space_tag_t iot)
bus_setup_intr(dev, sc->sc_irq, INTR_TYPE_NET | INTR_MPSAFE,
ixpqmgr_intr, NULL, &sc->sc_ih);
#else
ixpqmgr_sc = sc;
sc->sc_ih[0] = ixp425_intr_establish(IXP425_INT_QUE1_32, IPL_NET,
ixpqmgr_intr, sc);
if (sc->sc_ih[0] == NULL) {
ixpqmgr_sc = NULL;
free(sc, M_DEVBUF);
return (NULL);
}
@ -260,11 +262,10 @@ ixpqmgr_init(bus_space_tag_t iot)
ixpqmgr_intr, sc);
if (sc->sc_ih[1] == NULL) {
ixp425_intr_disestablish(sc->sc_ih[0]);
ixpqmgr_sc = NULL;
free(sc, M_DEVBUF);
return (NULL);
}
ixpqmgr_sc = sc;
#endif
/* NB: softc is pre-zero'd */
@ -804,6 +805,8 @@ ixpqmgr_intr(void *arg)
*/
do {
qIndex = sc->priorityTable[priorityTableIndex++];
if (qIndex >= IX_QMGR_MAX_NUM_QUEUES)
break;
qi = &sc->qinfo[qIndex];
/* If this queue caused this interrupt to be raised */
@ -813,7 +816,8 @@ ixpqmgr_intr(void *arg)
/* Clear the interrupt register bit */
intRegVal &= ~qi->intRegCheckMask;
}
} while (intRegVal);
} while (intRegVal &&
priorityTableIndex < IX_QMGR_MAX_NUM_QUEUES);
}
}