for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
insertion point into the start queue looking for entries to remove and
mark them with the 'skip' address, recording the entry furthest from the
insertion point that needs to be removed. We then go through a second
loop starting at the furthest entry to be removed and compress the start
queue. The old algorithm started at (old insert point + 1) and wrapped
through the whole queue which would end up moving the start position in
the queue out from under the nose of the scrip processor.
full condition or other error which requires us to purge the
controller's start queue of transactions for a particular device.
We were relying on the NCR CCB's program address to cause the
script engine to skip to the next entry in the queue even though
the CCB is freed (and its program address switched to the idle
loop) by this action. We now set the address in the start queue
to be the "skip" function directly.
in ddb) which I broke by changing %8[l]x to %8p. Hacked the central
printf routine to not add an "0x" prefix for %p formats if the field
width is nonzero. The tables are still horribly misformatted on
64-bit machines.
Use %p instead of %8p to print pointers when the field width isn't
important.
hidden). Now "ticks" are used, which are 4 byte, not 8 byte in size.
The size mismatch did not matter due to sufficient padding at the end
of the structure that holds time stamps (there is an unused member).
The fix suggested by Bruce Evans used "sizeof (ticks_t)", but I prefer
to use "sizeof ticks", and didn't seem to object in his last mail on
this topic.
Submitted by: bde
FreeBSD/alpha. The most significant item is to change the command
argument to ioctl functions from int to u_long. This change brings us
inline with various other BSD versions. Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.
The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.
Most uses of time.tv_sec now uses the new variable time_second instead.
gettime() changed to getmicrotime(0.
Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).
A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.
Add a new nfs_curusec() function.
Mark a couple of bogosities involving the now disappeard time variable.
Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.
Change profiling in ncr.c to use ticks instead of time. Resolution is
the same.
Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.
Reviewed by: bde
number of tags (NCR_SCSI_DFLT_TAGS), which is 0 in the FAILSAFE case.
This should fix the incompatibility between kernel and ncrcontrol,
which is the result of FAILSAFE being defined in the kernel config
file, invisible to the build of ncrcontrol. (See kern/5133, which
should be fixed by this change.)
could cause a solid system lockup in the driver attach:
These chips do not abort an access to the internal SRAM, when
the driver set the software reset bit in the istat register. But
the chip will never acknowledge the requested PCI bus transfer
in the situation, causing an infinite wait and a lockout of other
bus-masters.
The problem has been reported for rev 0x11 of the 53c825a and
rev 0x01 of the 53c875.
Revisions 0x13 of the 53c825a and 0x03 of the 53c875 are known
to support SRAM accesses, even in the software reset state.
- Do not malloc SCRIPTS memory for those parts of the microcode that
are to be loaded into the on-chip SRAM of the 53c825a or 875 ...
- Modify ncr_chip_lookup to make adding new entries easier.
- Disable use of on-chip SRAM for the 53c825 rev 0x10 to 0x12, since
there seems to be a problem with rev 0x11, while 0x13 is known to
work. (Tested by Chuck Robey <chuckr@glue.umd.edu>).
This code will be merged into 2.2-stable after a few more days of
testing in -current.
should work with no driver changes, though not all features are currently
used.
Remove code that was conditional on NEW_SCSICONF not being defined. This
was temporary code, that at a time got excluded correctly, until the new
scsiconf became the default, and NEW_SCSICONF was no longer specified.
Add support for quirks defined in scsiconf.c. For now only the HP3724/5
needs an entry, since that drive can't be used with tags.
type mismatches. There was no problem in practice (at least on 386's).
Removed NetBSD-related TIMEOUT macro. NetBSD uses the same BSD4.4Lite
timeout interface as FreeBSD. As a concession to portability, declare
the timeout function without using the FreeBSD timeout_t typedef.
form `tv = time'. Use a new function gettime(). The current version
just forces atomicicity without fixing precision or efficiency bugs.
Simplified some related valid accesses by using the central function.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
NCR driver dies when "xmcd" accesses the CD-ROM drive
Restrict cacheing of INQUIRY results to LUN 0.
Thanks to Dave Huang <khym@bga.com> for reporting the problem
and suggesting a fix, though I chose a slightly different one.