Subject: port-powerpc/24741: uninitialized variable can cause early crash of a DIAGNOSTIC kernel
To: None <>
From: None <>
List: netbsd-bugs
Date: 03/11/2004 09:31:04
>Number:         24741
>Category:       port-powerpc
>Synopsis:       uninitialized variable can cause early crash of a DIAGNOSTIC kernel
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-powerpc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 11 09:32:00 UTC 2004
>Originator:     Aymeric Vincent
>Release:        1.6ZK
NetBSD/macppc 1.6ZK, custom kernel
Variable sme_flags isn't initialized to zero in arch/powerpc/oea/cpu_subr.c:cpu_tau_setup().

This is wrong and can trigger a KASSERT() in the sysmon code very early at startup on G3's, depending on the state of the memory upon booting.


Use your G3 powerpc machine of choice, reboot, and notice the exact same kernel you've been booting hundreds times before does not boot anymore.

The following patch initializes explicitly sme_flags to zero, and also zeroes out the whole structure on allocation to avoid erratic behaviours in the future. This is really a trivial fix, anyone can commit it now. (can't commit myself right now)

Index: cpu_subr.c
RCS file: /cvsroot/src/sys/arch/powerpc/oea/cpu_subr.c,v
retrieving revision 1.12
diff -u -r1.12 cpu_subr.c
--- cpu_subr.c	17 Feb 2004 22:03:52 -0000	1.12
+++ cpu_subr.c	11 Mar 2004 09:10:46 -0000
@@ -774,7 +774,7 @@
 	} *datap;
 	int error;
-	datap = malloc(sizeof(*datap), M_DEVBUF, M_WAITOK);
+	datap = malloc(sizeof(*datap), M_DEVBUF, M_WAITOK | M_ZERO);
 	ci->ci_sysmon_cookie = &datap->sme;
 	datap->sme.sme_nsensors = 1;
@@ -789,6 +789,7 @@
 	datap->sme.sme_cookie = ci;
 	datap->sme.sme_gtredata = cpu_tau_gtredata;
 	datap->sme.sme_streinfo = cpu_tau_streinfo;
+	datap->sme.sme_flags = 0;
 	if ((error = sysmon_envsys_register(&datap->sme)) != 0)
 		aprint_error("%s: unable to register with sysmon (%d)\n",