port-sparc/47771: possible fatal typo in sparc sbus_bus_addr() function

To: port-sparc-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-sparc/47771: possible fatal typo in sparc sbus_bus_addr() function
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Date: Sat, 27 Apr 2013 04:05:00 +0000 (UTC)

>Number:         47771
>Category:       port-sparc
>Synopsis:       possible fatal typo in sparc sbus_bus_addr() function
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    port-sparc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Apr 27 04:05:00 +0000 2013
>Originator:     Izumi Tsutsui
>Release:        NetBSD 6.0
>Organization:
>Environment:
System: NetBSD/sparc 6.0 GENERIC
Architecture: sparc
Machine: sparc
>Description:
It looks there is (a bit fatal) type in sbus_bus_addr() function,
which is used for framebuffer's mmap() functions.

sys/arch/sparc/dev/sbus.c has the following code:
http://nxr.netbsd.org/xref/src/sys/arch/sparc/dev/sbus.c?r=1.78#507

    507 bus_addr_t
    508 sbus_bus_addr(bus_space_tag_t t, u_int btype, u_int offset)
    509 {
    510 
    511         /* XXX: sbus_bus_addr should be g/c'ed */
    512         return (BUS_ADDR(btype, offset));
    513 }

The caller of this function in sys/dev/sbus/cgsix_sbus.c is:
http://nxr.netbsd.org/xref/src/sys/dev/sbus/cgsix_sbus.c?r=1.30#98

     98         /* Remember cookies for cgsix_mmap() */
     99         sc->sc_bustag = sa->sa_bustag;
    100         sc->sc_paddr = sbus_bus_addr(sa->sa_bustag, sa->sa_slot, 
sa->sa_offset);

So sbus_bus_addr() takes a slot number in the 2nd arg
and offset in the 3rd arg.

This sc->sc_paddr is used to mmap(2) framebuffers in MI cgsix driver:
http://nxr.netbsd.org/xref/src/sys/dev/sun/cgsix.c?r=1.60#1100

   1114                         return (bus_space_mmap(sc->sc_bustag,
   1115                                 sc->sc_paddr, u+mo->mo_physoff,
   1116                                 prot, BUS_SPACE_MAP_LINEAR));

On the other hand, the definition of BUS_ADDR() is:
http://nxr.netbsd.org/xref/src/sys/arch/sparc/include/bus_defs.h?r=1.1#79

     79 #define BUS_ADDR(io, pa)        \
     80         ((((uint64_t)(uint32_t)(io))<<32) | (uint32_t)(pa))

so there is no slot or offset in it.

The definition of SBUS_ADDR() is:
http://nxr.netbsd.org/xref/src/sys/arch/sparc/dev/sbusreg.h?r=1.6#54

     54 #define SBUS_ADDR(slot, off)    (SBUS_BASE + ((slot) << 25) + (off))

so it looks BUS_ADDR() in sbus_bus_addr() is a typo of SBUS_ADDR().

>How-To-Repeat:
Code inspection.

>Fix:
See above, but needs more confirmation by sparc guru.
I'm not sure how sparc Xservers works, but applications
which directly access wsfb via wsdisplay (ttyE0)
don't work on sparc.

Prev by Date: Re: kern/41095 (dumps via ahcisata fail)
Next by Date: re: kern/41095 (dumps via ahcisata fail)
Previous by Thread: PR/47770 CVS commit: src/bin/rm
Next by Thread: Re: port-sparc/47771: possible fatal typo in sparc sbus_bus_addr() function
Indexes:

Home | Main Index | Thread Index | Old Index