From owner-p4-projects Thu Jul 18 2:51: 4 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C404237B401; Thu, 18 Jul 2002 02:50:57 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C9E037B400 for ; Thu, 18 Jul 2002 02:50:57 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 218BB43E42 for ; Thu, 18 Jul 2002 02:50:57 -0700 (PDT) (envelope-from peter@freebsd.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6I9ovJU018695 for ; Thu, 18 Jul 2002 02:50:57 -0700 (PDT) (envelope-from peter@freebsd.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6I9ouDH018692 for perforce@freebsd.org; Thu, 18 Jul 2002 02:50:56 -0700 (PDT) Date: Thu, 18 Jul 2002 02:50:56 -0700 (PDT) Message-Id: <200207180950.g6I9ouDH018692@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to peter@freebsd.org using -f From: Peter Wemm Subject: PERFORCE change 14417 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14417 Change 14417 by peter@peter_ia64 on 2002/07/18 02:50:11 Somebody shoot me please. This cost me weeks of debugging time. First: net->Transmit() takes an address that net->GetStatus() is supposed to return when the buffer is no longer needed. However, somebody decided to make the E1000 UNDI driver return a *different* address for some unknown reason. Maybe it is a copy, who knows. Second: net->Receive() takes a buffer pointer and length. The same E1000 driver feels that it is quite OK to trash memory outside of this buffer. I do not know if it doesn't respect the length, or just simply trashes things. Trashing your stack on IA64 can really ruin your day. So, provide a temporary buffer (also on the stack, urgh) that is "big enough" to hopefully survive and then bcopy the results that we expect without trashing our RPC client. Affected files ... .. //depot/projects/ia64/sys/boot/efi/libefi/efinet.c#3 edit Differences ... ==== //depot/projects/ia64/sys/boot/efi/libefi/efinet.c#3 (text+ko) ==== @@ -102,10 +102,14 @@ return -1; /* Wait for the buffer to be transmitted */ - buf = 0; /* XXX Is this needed? */ do { + buf = 0; /* XXX Is this needed? */ status = net->GetStatus(net, 0, &buf); - } while (status == EFI_SUCCESS && buf != pkt); + /* + * XXX EFI1.1 and the E1000 card returns a different + * address than we gave. Sigh. + */ + } while (status == EFI_SUCCESS && buf == 0); /* XXX How do we deal with status != EFI_SUCCESS now? */ return (status == EFI_SUCCESS) ? len : -1; @@ -120,15 +124,26 @@ EFI_STATUS status; UINTN bufsz; time_t t; + char buf[2048]; net = nif->nif_devdata; t = time(0); while ((time(0) - t) < timeout) { - bufsz = len; - status = net->Receive(net, 0, &bufsz, pkt, 0, 0, 0); - if (status == EFI_SUCCESS) + bufsz = sizeof(buf); + status = net->Receive(net, 0, &bufsz, buf, 0, 0, 0); + if (status == EFI_SUCCESS) { + /* + * XXX EFI1.1 and the E1000 card trash our + * workspace if we do not do this silly copy. + * Either they are not respecting the len + * value or do not like the alignment. + */ + if (bufsz > len) + bufsz = len; + bcopy(buf, pkt, bufsz); return bufsz; + } if (status != EFI_NOT_READY) return 0; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message