Date: Tue, 13 Mar 2018 19:56:10 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r330876 - head/sys/dev/isp Message-ID: <201803131956.w2DJuAwP011165@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Tue Mar 13 19:56:10 2018 New Revision: 330876 URL: https://svnweb.freebsd.org/changeset/base/330876 Log: Fix ISP_FC_LIP and ISP_RESCAN on big-endian 64-bit systems. For _IO() ioctls, addr is a pointer to uap->data which is a caddr_t. When the caddr_t stores an int, dereferencing addr as an (int *) results in truncation on little-endian 64-bit systems and corruption (owing to extracting top bits) on big-endian 64-bit systems. In practice the value of chan was probably always zero on systems of the latter type as all such FreeBSD platforms use a register-based calling convention. Reviewed by: mav Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14673 Modified: head/sys/dev/isp/isp_freebsd.c Modified: head/sys/dev/isp/isp_freebsd.c ============================================================================== --- head/sys/dev/isp/isp_freebsd.c Tue Mar 13 19:49:06 2018 (r330875) +++ head/sys/dev/isp/isp_freebsd.c Tue Mar 13 19:56:10 2018 (r330876) @@ -444,7 +444,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int case ISP_RESCAN: if (IS_FC(isp)) { - chan = *(int *)addr; + chan = *(intptr_t *)addr; if (chan < 0 || chan >= isp->isp_nchan) { retval = -ENXIO; break; @@ -461,7 +461,7 @@ ispioctl(struct cdev *dev, u_long c, caddr_t addr, int case ISP_FC_LIP: if (IS_FC(isp)) { - chan = *(int *)addr; + chan = *(intptr_t *)addr; if (chan < 0 || chan >= isp->isp_nchan) { retval = -ENXIO; break;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803131956.w2DJuAwP011165>