diff options
| author | Brandon Bergren <bdragon@FreeBSD.org> | 2019-10-12 23:16:17 +0000 |
|---|---|---|
| committer | Brandon Bergren <bdragon@FreeBSD.org> | 2019-10-12 23:16:17 +0000 |
| commit | 9f15304d32da5a14db31a699c2066b72929f2cd5 (patch) | |
| tree | c808fd28217df672ef5e00d5b2f6230ad3cb59a0 /sys/contrib/ncsw | |
| parent | 6cc9ab8610ae1d5f6522b1679fbf639eb56fe650 (diff) | |
| download | src-9f15304d32da5a14db31a699c2066b72929f2cd5.tar.gz src-9f15304d32da5a14db31a699c2066b72929f2cd5.zip | |
Fix read past end of struct in ncsw glue code.
The logic in XX_IsPortalIntr() was reading past the end of XX_PInfo.
This was causing it to erroneously return 1 instead of 0 in some
circumstances, causing a panic on the AmigaOne X5000 due to mixing
exclusive and nonexclusive interrupts on the same interrupt line.
Since this code is only called a couple of times during startup, use
a simple double loop instead of the complex read-ahead single loop.
This also fixes a bug where it would never check cpu=0 on type=1.
Approved by: jhibbits (mentor)
Differential Revision: https://reviews.freebsd.org/D21988
Notes
Notes:
svn path=/head/; revision=353459
Diffstat (limited to 'sys/contrib/ncsw')
| -rw-r--r-- | sys/contrib/ncsw/user/env/xx.c | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/sys/contrib/ncsw/user/env/xx.c b/sys/contrib/ncsw/user/env/xx.c index 2a0c59ed10e3..4cf78d52f9eb 100644 --- a/sys/contrib/ncsw/user/env/xx.c +++ b/sys/contrib/ncsw/user/env/xx.c @@ -288,16 +288,10 @@ XX_IsPortalIntr(uintptr_t irq) { int cpu, type; /* Check interrupt numbers of all available portals */ - for (cpu = 0, type = 0; XX_PInfo.portal_intr[type][cpu] != 0; cpu++) { - if (irq == XX_PInfo.portal_intr[type][cpu]) { - /* Found it! */ - return (1); - } - if (XX_PInfo.portal_intr[type][cpu + 1] == 0) { - type++; - cpu = 0; - } - } + for (type = 0; type < 2; type++) + for (cpu = 0; cpu < MAXCPU; cpu++) + if (irq == XX_PInfo.portal_intr[type][cpu]) + return (1); return (0); } |