>Number:         10575
>Category:       kern
>Synopsis:       siop driver can't handle large timeouts
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 12 20:23:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Dave Huang
>Release:        NetBSD-1.5_ALPHA as of July 11, 2000
>Organization:
Name: Dave Huang     |   Mammal, mammal / their names are called /
INet: khym@bga.com   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 23 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++
>Environment:
	
System: NetBSD dahan.metonymy.com 1.5_ALPHA NetBSD 1.5_ALPHA (SPIFF) #375: Wed Jul 12 21:43:55 CDT 2000 khym@dahan.metonymy.com:/usr/src.local/sys/arch/i386/compile/SPIFF i386


>Description:
	The timeout calculation in the siop driver overflows a 32-bit int
if the requested timeout is sufficiently large... for example, scsictl's
low level format option asks for 21600000ms (6 hours); if hz=100 (i386),
21600000 * hz = 2160000000 (0x80BEFC00), slightly too big for a signed
int.
>How-To-Repeat:
	Try to do a low level format with scsictl. E.g.
# scsictl /dev/rsd3d format
sd3(siop1:1:0): command timeout
siop1: scsi bus reset
cmd 0xc05e28d0 (target 1) in reset list
cmd 0xc05e28d0 about to be processed
siop1: target 1 now synchronous at 5.0Mhz, offset 8
siop1: target 0 now synchronous at 10.0Mhz, offset 8

>Fix:
This seems to work, although it increases the granularity to 1 second...

--- /usr/src/sys/dev/ic/siop.c	Tue Jun 27 05:27:17 2000
+++ siop.c	Wed Jul 12 21:43:25 2000
@@ -1355,8 +1355,8 @@
 					    XS_CTL_POLL) == 0) {
 						/* start exire timer */
 						timeout =
-						    siop_cmd->xs->timeout *
-						    hz / 1000;
+						    siop_cmd->xs->timeout /
+						    1000 * hz;
 						if (timeout == 0)
 							timeout = 1;
 						callout_reset(
>Release-Note:
>Audit-Trail:
>Unformatted: