From 05fd6d79fecc6159551570fdf2e72e50303fd7fd Mon Sep 17 00:00:00 2001 From: Ingo Weinhold Date: Mon, 20 Oct 2008 11:04:24 +0000 Subject: [PATCH] Fixed bug introduced in r28223: The counter whose modulo was used as index into the sLastCaller array is vint32, so after overflowing the modulo operation would yield negative indices. This would cause the 256 bytes before the array to be overwritten. Might also be the cause of #2866. git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@28245 a95241bf-73f2-0310-859d-f6bbb57e9c96 --- src/system/kernel/smp.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/system/kernel/smp.cpp b/src/system/kernel/smp.cpp index bfa245efd9..9deece2222 100644 --- a/src/system/kernel/smp.cpp +++ b/src/system/kernel/smp.cpp @@ -77,13 +77,18 @@ static struct { void *caller; spinlock *lock; } sLastCaller[NUM_LAST_CALLERS]; + static vint32 sLastIndex = 0; + // Is incremented atomically. Must be % NUM_LAST_CALLERS before being used + // as index into sLastCaller. Note, that it has to be casted to uint32 + // before applying the modulo operation, since otherwise after overflowing + // that would yield negative indices. static void push_lock_caller(void *caller, spinlock *lock) { - int32 index = atomic_add(&sLastIndex, 1) % NUM_LAST_CALLERS; + int32 index = (uint32)atomic_add(&sLastIndex, 1) % NUM_LAST_CALLERS; sLastCaller[index].caller = caller; sLastCaller[index].lock = lock; @@ -93,7 +98,7 @@ push_lock_caller(void *caller, spinlock *lock) static void * find_lock_caller(spinlock *lock) { - int32 lastIndex = sLastIndex % NUM_LAST_CALLERS; + int32 lastIndex = (uint32)sLastIndex % NUM_LAST_CALLERS; for (int32 i = 0; i < NUM_LAST_CALLERS; i++) { int32 index = (NUM_LAST_CALLERS + lastIndex - 1 - i) % NUM_LAST_CALLERS;