>Number:         23238
>Category:       kern
>Synopsis:       wi(4) driver causes panic b/c of unaligned access
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 23 02:17:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Valeriy E. Ushakov
>Release:        -current as of 2003-10-23
>Organization:
>Environment:
NetBSD nada 1.6ZD NetBSD 1.6ZD (NADA) #2: Thu Oct 23 05:49:40 MSD 2003  uwe@sampo:/export/netbsd/cvs/src/sys/arch/hpcsh/compile/NADA hpcsh

>Description:
On my Jornada 680 (NetBSD/hpcsh) wi(4) driver panics e.g. when
issuing wiconfig wi0 -D.

The prioblem is that wi_newstate calls:

    wi_read_rid(sc, WI_RID_CURRENT_BSSID, ni->ni_bssid, &buflen);

and no_bssid is not aligned at 2 bytes boundary.   The wi_read_rid will
pass this to wi_read_bap and that will call:

    CSR_READ_MULTI_STREAM_2(sc, WI_DATA0, (u_int16_t *)buf, cnt);

with ni->ni_bssid as the buf.  But ni->ni_bssid is not properly aligned for a
u_int16_t, so it causes a panic when it's written to.

i386 probably gets away with the unaligned write...

>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: