Subject: port-i386/3441: bad size calculation for kernel memory mappings
To: None <gnats-bugs@gnats.netbsd.org>
From: Matthias Drochner <drochner@zelz26.zel.kfa-juelich.de>
List: netbsd-bugs
Date: 04/02/1997 21:48:14
>Number: 3441
>Category: port-i386
>Synopsis: bad size calculation for kernel memory mappings
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Apr 2 11:50:01 1997
>Last-Modified:
>Originator: Matthias Drochner
>Organization:
KFA Juelich
>Release: NetBSD-current
>Environment:
NetBSD-current/i386
System: NetBSD zelz26 1.2C NetBSD 1.2C (TULIP) #18: Wed Apr 2 21:06:20 MEST 1997 drochner@zelz26:/home/drochner/netbsd-970314/sys/arch/i386/compile/TULIP i386
>Description:
In bus_mem_add_mapping() (machdep.c) the end of the range
to be mapped into kernel space is calculated ad follows:
endpa = i386_round_page((bpa + size) - 1);
This is by 1 too short if the range ends at n*NBPG+1.
Same for unmapping.
>How-To-Repeat:
Allocate 1 byte from a page aligned address.
>Fix:
(Line numbers might be bad.)
Index: machdep.c
===================================================================
RCS file: /zelnfs/s/sources/netbsd/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.1.1.1
diff -c -2 -r1.1.1.1 machdep.c
*** 1.1.1.1 1997/03/16 12:13:30
--- machdep.c 1997/04/02 19:04:50
***************
*** 1803,1807 ****
pa = i386_trunc_page(bpa);
! endpa = i386_round_page((bpa + size) - 1);
#ifdef DIAGNOSTIC
--- 1839,1843 ----
pa = i386_trunc_page(bpa);
! endpa = i386_round_page(bpa + size);
#ifdef DIAGNOSTIC
***************
*** 1850,1854 ****
ex = iomem_ex;
va = i386_trunc_page(bsh);
! endva = i386_round_page((bsh + size) - 1);
#ifdef DIAGNOSTIC
--- 1886,1890 ----
ex = iomem_ex;
va = i386_trunc_page(bsh);
! endva = i386_round_page(bsh + size);
#ifdef DIAGNOSTIC
>Audit-Trail:
>Unformatted: