diff options
author | brucec <brucec@FreeBSD.org> | 2010-12-02 22:19:30 +0000 |
---|---|---|
committer | brucec <brucec@FreeBSD.org> | 2010-12-02 22:19:30 +0000 |
commit | dc1c4b92702120dc06348d91c97ca533d7a27bc6 (patch) | |
tree | 5956ab7635210faf252c5fa49f64ff6a8bda82de /sys/pc98/include | |
parent | 904cc72f190967800c699fe0d05d7044b2414147 (diff) | |
download | FreeBSD-src-dc1c4b92702120dc06348d91c97ca533d7a27bc6.zip FreeBSD-src-dc1c4b92702120dc06348d91c97ca533d7a27bc6.tar.gz |
Disallow passing in a count of zero bytes to the bus_space(9) functions.
Passing a count of zero on i386 and amd64 for [I386|AMD64]_BUS_SPACE_MEM
causes a crash/hang since the 'loop' instruction decrements the counter
before checking if it's zero.
PR: kern/80980
Discussed with: jhb
Diffstat (limited to 'sys/pc98/include')
-rw-r--r-- | sys/pc98/include/bus.h | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/sys/pc98/include/bus.h b/sys/pc98/include/bus.h index b12845c..a31590e 100644 --- a/sys/pc98/include/bus.h +++ b/sys/pc98/include/bus.h @@ -78,6 +78,7 @@ #ifndef _PC98_BUS_H_ #define _PC98_BUS_H_ +#include <sys/param.h> #include <sys/systm.h> #include <machine/_bus.h> @@ -378,7 +379,7 @@ bus_space_read_multi_##BWN (tag, bsh, offset, buf, cnt) \ TYPE *buf; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%3" \ :"=c" (cnt), \ "=d" (offset), \ @@ -407,7 +408,7 @@ bus_space_write_multi_##BWN (tag, bsh, offset, buf, cnt) \ const TYPE *buf; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%3" \ :"=c" (cnt), \ "=d" (offset), \ @@ -433,10 +434,10 @@ bus_space_read_region_##BWN (tag, bsh, offset, buf, cnt) \ bus_space_tag_t tag; \ bus_space_handle_t bsh; \ bus_size_t offset; \ - TYPE *buf; \ + TYPE *buf; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%3" \ :"=c" (cnt), \ "=d" (offset), \ @@ -465,7 +466,7 @@ bus_space_write_region_##BWN (tag, bsh, offset, buf, cnt) \ const TYPE *buf; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%3" \ :"=c" (cnt), \ "=d" (offset), \ @@ -494,7 +495,7 @@ bus_space_set_multi_##BWN (tag, bsh, offset, val, cnt) \ TYPE val; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%2" \ :"=c" (cnt), \ "=d" (offset) \ @@ -522,7 +523,7 @@ bus_space_set_region_##BWN (tag, bsh, offset, val, cnt) \ TYPE val; \ size_t cnt; \ { \ - \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%2" \ :"=c" (cnt), \ "=d" (offset) \ @@ -555,6 +556,7 @@ bus_space_copy_region_##BWN (tag, sbsh, src, dbsh, dst, cnt) \ if (dbsh->bsh_bam.bs_copy_region_1 != sbsh->bsh_bam.bs_copy_region_1) \ panic("bus_space_copy_region: funcs mismatch (ENOSUPPORT)");\ \ + KASSERT(cnt != 0, ("count == 0")); \ __asm __volatile("call *%3" \ :"=c" (cnt), \ "=S" (src), \ |