Fixed bug introduced in r28223: The counter whose modulo was used as

index into the sLastCaller array is vint32, so after overflowing the modulo operation would yield negative indices. This would cause the 256 bytes before the array to be overwritten. Might also be the cause of #2866. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28245 a95241bf-73f2-0310-859d-f6bbb57e9c96
2008-10-20 11:04:24 +00:00 · 2008-10-20 11:04:24 +00:00 · 05fd6d79fe
commit 05fd6d79fe
parent 47c40a10a1
1 changed files with 7 additions and 2 deletions
--- a/src/system/kernel/smp.cpp
+++ b/src/system/kernel/smp.cpp
@ -77,13 +77,18 @@ static struct {
 	void		*caller;
 	spinlock	*lock;
 } sLastCaller[NUM_LAST_CALLERS];
+
 static vint32 sLastIndex = 0;
+	// Is incremented atomically. Must be % NUM_LAST_CALLERS before being used
+	// as index into sLastCaller. Note, that it has to be casted to uint32
+	// before applying the modulo operation, since otherwise after overflowing
+	// that would yield negative indices.


 static void
 push_lock_caller(void *caller, spinlock *lock)
 {
-	int32 index = atomic_add(&sLastIndex, 1) % NUM_LAST_CALLERS;
+	int32 index = (uint32)atomic_add(&sLastIndex, 1) % NUM_LAST_CALLERS;

 	sLastCaller[index].caller = caller;
 	sLastCaller[index].lock = lock;
@ -93,7 +98,7 @@ push_lock_caller(void *caller, spinlock *lock)
 static void *
 find_lock_caller(spinlock *lock)
 {
-	int32 lastIndex = sLastIndex % NUM_LAST_CALLERS;
+	int32 lastIndex = (uint32)sLastIndex % NUM_LAST_CALLERS;

 	for (int32 i = 0; i < NUM_LAST_CALLERS; i++) {
 		int32 index = (NUM_LAST_CALLERS + lastIndex - 1 - i) % NUM_LAST_CALLERS;