NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/46536: some sysctl are incorrectly defined

>Number:         46536
>Category:       kern
>Synopsis:       some sysctl are incorrectly defined
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 03 14:05:00 +0000 2012
>Originator:     David Laight
>Release:        netbsd-5 and netbsd-6
Source inspection after spotting something 'odd'.
Some of the sysctl_createv() calls pass the address of C variables that don't 
match the passed CTLTYPE_xxx.
In particular some 64bit integers are reported as CTLTYPE_INT which will give 
problems on BE systems or when the values exceed 32 bits.

The following have been found:
  sys/dev/acpi/asus_acpi.c: passes some ACPI_INTEGER (uint64_t)
        for CTLTYPE_INT
  ACPI defines AcpiGbl_EnableAmlDebugObject as UINT8 but passes
  sys/dev/bluetooth/bcsp.c passes &sc->sc_le_muzzled as CTLTYPE_INT
        (not CTLTYPE_BOOL)
  sys/kern/vfs_bio.c passes some u_long as CTLTYPE_INT
  sys/miscfs/syncfs/sync_subr.c passes some time_t as CTLTYPE_INT

In addition the code in vfs_bio.c compies the values into an 'int'
temporary during the sysctl processing.
I'm not sure how many times that piece of code has been cloned!
Most of the errors will show up on 64bit BE systems (eg sparc64).
The vfs_bio.c problems also show on amd64 when vm.bufmem_hiwater
exceeds 2^31 (probably needs 16GB main memory).
CVS head (post netbsd-6 branch) has been changed so that sysctl_createv()
can verify the type of the 'void *' pointer argument.
This required a few explicit casts to about 67 lines - so the full patch
isn't appropriate for pullup.

Home | Main Index | Thread Index | Old Index