>Number:         12471
>Category:       kern
>Synopsis:       adv driver can't handle big timeout value
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 25 08:48:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     YAMAMOTO Takashi
>Release:        NetBSD-current
>Organization:

---
YAMAMOTO Takashi<takashi.yamamoto@bigfoot.com>
>Environment:
System: NetBSD capybara 1.5T NetBSD 1.5T (stg) #169: Sat Mar 24 11:46:48 JST 2001 takashi@capybara:/usr/src/sys/arch/i386/compile/stg i386
Architecture: i386
Machine: i386
>Description:
	overflow is occur when driver translates msec value to ticks.
>How-To-Repeat:
	initiate scsi cmd with big timeout value.
	ex. scsictl /dev/sd0 format
>Fix:
	following is patch.

Index: adv.c
===================================================================
RCS file: /cvsroot/syssrc/sys/dev/ic/adv.c,v
retrieving revision 1.22
diff -u -u -r1.22 adv.c
--- adv.c	2001/03/08 06:49:49	1.22
+++ adv.c	2001/03/25 16:12:47
@@ -69,6 +69,28 @@
 
 /* #define ASC_DEBUG */
 
+int inline msec_to_tick(u_long);
+/* XXX this should not be here? */
+int inline msec_to_tick(u_long ms)
+{
+	/*
+	 * convert msec to tick.
+	 *
+	 * this function is used for callout_reset,
+	 * so return value is int.
+	 */
+	int tick;
+
+	if (ms / 1000 >= INT_MAX / hz) {
+		tick = INT_MAX;
+	}
+	else {
+		tick = ms * hz / 1000;
+	}
+
+	return tick;
+}
+
 /******************************************************************************/
 
 
@@ -375,7 +397,7 @@
 
 		if ((ccb->xs->xs_control & XS_CTL_POLL) == 0)
 			callout_reset(&ccb->xs->xs_callout,
-			    (ccb->timeout * hz) / 1000,
+			    msec_to_tick(ccb->timeout * hz),
 			    adv_timeout, ccb);
 	}
 }
>Release-Note:
>Audit-Trail:
>Unformatted: