netbsd-bugs: pkg/11820: SIGBUS in i386 "doscmd" package using -i and -o options

Subject: pkg/11820: SIGBUS in i386 "doscmd" package using -i and -o options
To: None <gnats-bugs@gnats.netbsd.org>
From: Andrew Dyer <adyer@216-80-74-34.dsl.enteract.com>
List: netbsd-bugs
Date: 12/27/2000 00:14:11

>Number:         11820
>Category:       pkg
>Synopsis:       SIGBUS in i386 "doscmd" package using -i and -o options
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 27 00:14:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     Andrew Dyer
>Release:        NetBSD-1.5
>Organization:
none
>Environment:
	i386 architecture machine
	stock NetBSD-1.5 package source tree
	stock NetBSD-1.5 i386 release
	
System: NetBSD locutus 1.5 NetBSD 1.5 (GENERIC) #1: Sun Nov 19 21:42:11 MET 2000 fvdl@sushi:/work/trees/netbsd-1-5/sys/arch/i386/compile/GENERIC i386


>Description:

	The iomap arguments constructed and passed to
	i386_set_ioperm() calls in the doscmd program have the wrong
	sense.  The program will receive a SIGBUS under the following
	conditions:
	      1) doscmd is run by the super-user
	      2) program being emulated does direct IN and OUT
	      instructions to a i/o port (or ports)
	      3) the i/o port in step 2 is also passed to doscmd
	      with the -i option for a port accessed with IN or
	      -o port a port accessed with OUT

>How-To-Repeat:
	build doscmd from the package collection
	find a dos program that does direct i/o to the printer port.
	su to root
	run it under doscmd like so:
	doscmd -i 0x378:8 -o 0x378:8 <progname.exe>

>Fix:
	below is a context diff of a patch that seems to fix the
	problem for me.

*** /usr/pkgsrc/emulators/doscmd/work/doscmd/port.c.orig	Wed Apr 10 05:52:15 1996
--- /usr/pkgsrc/emulators/doscmd/work/doscmd/port.c	Sun Dec 24 07:58:44 2000
***************
*** 63,69 ****
  	goto bad;
      }
      while (cnt--) {
! 	ioports[port/32] |= (1 << (port%32));
  	port++;
      }
      if (i386_set_ioperm(ioports) < 0) {
--- 63,69 ----
  	goto bad;
      }
      while (cnt--) {
! 	ioports[port/32] &= ~(1 << (port%32));
  	port++;
      }
      if (i386_set_ioperm(ioports) < 0) {
***************
*** 82,88 ****
  	goto bad;
      }
      while (cnt--) {
! 	ioports[port/32] &= ~(1 << (port%32));
  	port++;
      }
      if (i386_set_ioperm(ioports) < 0) {
--- 82,88 ----
  	goto bad;
      }
      while (cnt--) {
! 	ioports[port/32] |= (1 << (port%32));
  	port++;
      }
      if (i386_set_ioperm(ioports) < 0) {
***************
*** 169,174 ****
--- 169,178 ----
  	    portsw[i].p_inb = inb_nullport;
  	if (portsw[i].p_outb == 0)
  	    portsw[i].p_outb = outb_nullport;
+     }
+ 
+     for (i = 0; i < MAXPORT/32; i++) {
+         ioports[i] = 0xffffffff;
      }
  }
  
  

>Release-Note:
>Audit-Trail:
>Unformatted: