From f83d3280f60d79f1fdaf6b0ff833d33b36ec0545 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Wed, 16 Dec 2020 00:13:32 +0000 Subject: [PATCH] Use uintptr_t instead of unsigned long for pointers. The sense_ptr thing is quite broken. As near as I can tell, the driver tries to copyout to a physical address rather than whatever user address the sense buffer should be copied to. It is not immediately obvious what user address the sense buffer should be copied to. Reviewed by: imp Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D27578 --- sys/dev/mrsas/mrsas_ioctl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/dev/mrsas/mrsas_ioctl.c b/sys/dev/mrsas/mrsas_ioctl.c index c9b190e9cde..1044fcbbcf9 100644 --- a/sys/dev/mrsas/mrsas_ioctl.c +++ b/sys/dev/mrsas/mrsas_ioctl.c @@ -136,7 +136,7 @@ mrsas_passthru(struct mrsas_softc *sc, void *arg, u_long ioctlCmd) * iocpacket itself. */ kern_sge32 = (struct mrsas_sge32 *) - ((unsigned long)cmd->frame + user_ioc->sgl_off); + ((uintptr_t)cmd->frame + user_ioc->sgl_off); memset(ioctl_data_tag, 0, (sizeof(bus_dma_tag_t) * MAX_IOCTL_SGE)); memset(ioctl_data_dmamap, 0, (sizeof(bus_dmamap_t) * MAX_IOCTL_SGE)); @@ -243,7 +243,7 @@ mrsas_passthru(struct mrsas_softc *sc, void *arg, u_long ioctlCmd) goto out; } sense_ptr = - (unsigned long *)((unsigned long)cmd->frame + user_ioc->sense_off); + (unsigned long *)((uintptr_t)cmd->frame + user_ioc->sense_off); *sense_ptr = ioctl_sense_phys_addr; } /* @@ -290,9 +290,9 @@ mrsas_passthru(struct mrsas_softc *sc, void *arg, u_long ioctlCmd) * sense_buff points to the location that has the user sense * buffer address */ - sense_ptr = (unsigned long *)((unsigned long)user_ioc->frame.raw + + sense_ptr = (unsigned long *)((uintptr_t)user_ioc->frame.raw + user_ioc->sense_off); - ret = copyout(ioctl_sense_mem, (unsigned long *)*sense_ptr, + ret = copyout(ioctl_sense_mem, (unsigned long *)(uintptr_t)*sense_ptr, user_ioc->sense_len); if (ret) { device_printf(sc->mrsas_dev, "IOCTL sense copyout failed!\n");