netbsd-bugs: kern/25749: missing splx() in kernel

Subject: kern/25749: missing splx() in kernel
To: None <gnats-bugs@gnats.NetBSD.org>
From: Peter Postma <peter@pointless.nl>
List: netbsd-bugs
Date: 05/30/2004 13:39:24
>Number:         25749
>Category:       kern
>Synopsis:       missing splx() in kernel
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun May 30 11:40:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Peter Postma
>Release:        NetBSD 2.0E
>Organization:
>Environment:
System: NetBSD mercury.pointless.nl 2.0E NetBSD 2.0E (mercury) #9: Thu May 6 18:17:12 CEST 2004 peter@mercury.pointless.nl:/usr/obj/sys/arch/sparc64/compile/mercury sparc64
Architecture: sparc64
Machine: sparc64
>Description:
	splx() missing in kernel.
>How-To-Repeat:
	inspect code.
>Fix:
	diff below adds 3 missing splx().
	i'm not sure if they are all correct, please verify.

Index: kern/tty_pty.c
===================================================================
RCS file: /cvsroot/src/sys/kern/tty_pty.c,v
retrieving revision 1.78
diff -u -p -r1.78 tty_pty.c
--- kern/tty_pty.c	27 May 2004 03:56:49 -0000	1.78
+++ kern/tty_pty.c	30 May 2004 11:19:52 -0000
@@ -441,6 +441,7 @@ again:
 			}
 			error = ttysleep(tp, (caddr_t)&tp->t_canq,
 					 TTIPRI | PCATCH | PNORELOCK, ttyin, 0);
+			splx(s);
 			if (error)
 				return (error);
 			goto again;
Index: kern/vfs_bio.c
===================================================================
RCS file: /cvsroot/src/sys/kern/vfs_bio.c,v
retrieving revision 1.125
diff -u -p -r1.125 vfs_bio.c
--- kern/vfs_bio.c	25 May 2004 04:30:33 -0000	1.125
+++ kern/vfs_bio.c	30 May 2004 11:19:53 -0000
@@ -1423,6 +1423,7 @@ buf_syncwait(void)
 				bawrite(bp);
 				if (dcount-- <= 0) {
 					printf("softdep ");
+					splx(s);
 					goto fail;
 				}
 				simple_lock(&bqueue_slock);
Index: netinet/igmp.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/igmp.c,v
retrieving revision 1.38
diff -u -p -r1.38 igmp.c
--- netinet/igmp.c	26 Apr 2004 01:31:56 -0000	1.38
+++ netinet/igmp.c	30 May 2004 11:19:56 -0000
@@ -425,8 +425,10 @@ igmp_joingroup(inm)
 	if (!IN_LOCAL_GROUP(inm->inm_addr.s_addr) &&
 	    (inm->inm_ifp->if_flags & IFF_LOOPBACK) == 0) {
 		report_type = rti_fill(inm);
-		if (report_type == 0)
+		if (report_type == 0) {
+			splx(s);
 			return ENOMEM;
+		}
 		igmp_sendpkt(inm, report_type);
 		inm->inm_state = IGMP_DELAYING_MEMBER;
 		inm->inm_timer = IGMP_RANDOM_DELAY(

>Release-Note:
>Audit-Trail:
>Unformatted: