Subject: port-mac68k/6665: bogus asm in bus.h
To: None <gnats-bugs@gnats.netbsd.org>
From: None <paul@whooppee.com>
List: netbsd-bugs
Date: 12/28/1998 05:51:43
>Number: 6665
>Category: port-mac68k
>Synopsis: bogus asm in bus.h
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Dec 28 06:05:00 1998
>Last-Modified:
>Originator: Paul Goyette
>Organization:
>Release: Dec 23 1998
>Environment:
System: NetBSD mac1.whooppee.com 1.3H NetBSD 1.3H (MAC1) #33: Fri Nov 27 23:13:15 PST 1998 paul@pc1.whooppee.com:/home/paul/src/sys/arch/mac68k/compile/MAC1 mac68k
>Description:
bus.h contains several macros which generate inline assembly code.
Many of these macros include loop counters, and the assembly code
treats those counters as 32-bit integers. However, there are some
places, such as in dp8390_ring_copy() (from source file
src/sys/dev/ic/dp8390.c) which pass other variable types as the
arguments to the macro; in this particular case, a u_short is
passed to bus_space_read_region_1(). This results in incorrect
assembly code being generated, since the u_short value is moved
directly to a register without having the high-order bits of that
register cleared. The resulting count value can cause all sorts
of errors, including overwriting of buffer space and/or bus access
errors.
>How-To-Repeat:
Build a NetBSD/Mac68k kernel with "ae" device support, and examine
the resulting code for routing _dp8390_ring_copy().
>Fix:
Modify bus.h to force the "count" arguments to be promoted to
int's by using a cast. The following patch does this:
*** /usr/src/sys/arch/mac68k/include/bus.h Sun Aug 16 04:10:20 1998
--- ./bus.h Sun Dec 27 17:26:13 1998
***************
*** 193,199 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 193,199 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 207,213 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 207,213 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 221,227 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 221,227 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 249,255 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 249,255 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 263,269 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 263,269 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 277,283 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 277,283 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 326,332 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 326,332 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 340,346 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 340,346 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 354,360 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 354,360 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 382,388 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 382,388 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 396,402 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 396,402 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 410,416 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" (c) : \
"a0","a1","d0"); \
} while (0)
--- 410,416 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (a), "g" ((int)c) : \
"a0","a1","d0"); \
} while (0)
***************
*** 438,444 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 438,444 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
***************
*** 452,458 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 452,458 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
***************
*** 466,472 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 466,472 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
***************
*** 494,500 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 494,500 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
***************
*** 508,514 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 508,514 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
***************
*** 522,528 ****
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" (c) : \
"a0","d0","d1"); \
} while (0)
--- 522,528 ----
subql #1,d0 ; \
jne 1b" : \
: \
! "r" ((h) + (o)), "g" (val), "g" ((int)c) : \
"a0","d0","d1"); \
} while (0)
-----------------------------------------------------------------------------
| Paul Goyette | PGP DSS Key fingerprint: | E-mail addresses: |
| Network Engineer | BCD7 5301 9513 58A6 0DBC | paul@whooppee.com |
| and kernel hacker | 91EB ADB1 A280 3B79 9221 | paul.goyette@ascend.com |
-----------------------------------------------------------------------------
>Audit-Trail:
>Unformatted: