Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-6]: src/sys/dev/qbus Pull up revision 1.51 (requested by ragge ...

details:   https://anonhg.NetBSD.org/src/rev/574a1f7834f9
branches:  netbsd-1-6
changeset: 527820:574a1f7834f9
user:      tv <tv%NetBSD.org@localhost>
date:      Mon Jun 10 16:21:52 2002 +0000

description:
Pull up revision 1.51 (requested by ragge in ticket #212):
Detection bug: If a packet is received while in the match() routine the stack
would be overwritten, so allocate memory for a full packet via malloc()
instead. Use correct buffer maxlen (must be 2 complemet). Bug reported
and helped to find by Roar Thron?s.

diffstat:

 sys/dev/qbus/if_qe.c |  14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diffs (56 lines):

diff -r 11affc812c32 -r 574a1f7834f9 sys/dev/qbus/if_qe.c
--- a/sys/dev/qbus/if_qe.c      Mon Jun 10 16:19:46 2002 +0000
+++ b/sys/dev/qbus/if_qe.c      Mon Jun 10 16:21:52 2002 +0000
@@ -1,4 +1,4 @@
-/*      $NetBSD: if_qe.c,v 1.49 2001/11/13 07:11:24 lukem Exp $ */
+/*      $NetBSD: if_qe.c,v 1.49.10.1 2002/06/10 16:21:52 tv Exp $ */
 /*
  * Copyright (c) 1999 Ludd, University of Lule}, Sweden. All rights reserved.
  *
@@ -38,7 +38,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_qe.c,v 1.49 2001/11/13 07:11:24 lukem Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_qe.c,v 1.49.10.1 2002/06/10 16:21:52 tv Exp $");
 
 #include "opt_inet.h"
 #include "bpfilter.h"
@@ -139,11 +139,12 @@
        struct  uba_softc *ubasc = (struct uba_softc *)parent;
        struct ubinfo ui;
 
-#define        PROBESIZE       (sizeof(struct qe_ring) * 4 + 128)
-       struct  qe_ring ring[15]; /* For diag purposes only */
+#define        PROBESIZE       4096
+       struct qe_ring *ring;
        struct  qe_ring *rp;
        int error;
 
+       ring = malloc(PROBESIZE, M_TEMP, M_WAITOK);
        bzero(sc, sizeof(struct qe_softc));
        bzero(ring, PROBESIZE);
        sc->sc_iot = ua->ua_iot;
@@ -172,12 +173,12 @@
        ring[0].qe_flag = ring[0].qe_status1 = QE_NOTYET;
        ring[0].qe_addr_lo = LOWORD(&rp[4]);
        ring[0].qe_addr_hi = HIWORD(&rp[4]) | QE_VALID | QE_EOMSG | QE_SETUP;
-       ring[0].qe_buf_len = 128;
+       ring[0].qe_buf_len = -64;
 
        ring[2].qe_flag = ring[2].qe_status1 = QE_NOTYET;
        ring[2].qe_addr_lo = LOWORD(&rp[4]);
        ring[2].qe_addr_hi = HIWORD(&rp[4]) | QE_VALID;
-       ring[2].qe_buf_len = 128;
+       ring[2].qe_buf_len = -(1500/2);
 
        QE_WCSR(QE_CSR_CSR, QE_RCSR(QE_CSR_CSR) & ~QE_RESET);
        DELAY(1000);
@@ -196,6 +197,7 @@
         * All done with the bus resources.
         */
        ubfree((void *)parent, &ui);
+       free(ring, M_TEMP);
        return 1;
 }
Home | Main Index | Thread Index | Old Index