Skip to content
Permalink
Browse files

10376 uts: NULL pointer issues in genunix

Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: John Levon <john.levon@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
  • Loading branch information
tsoome committed Jan 18, 2019
1 parent 7e897d1 commit 7e12ceb3ebc63aeb71e91b496032ca22ca55f660
@@ -781,9 +781,9 @@ acevals_init(acevals_t *vals, uid_t key)
static void
ace_list_init(ace_list_t *al, int dfacl_flag)
{
acevals_init(&al->user_obj, NULL);
acevals_init(&al->group_obj, NULL);
acevals_init(&al->other_obj, NULL);
acevals_init(&al->user_obj, 0);
acevals_init(&al->group_obj, 0);
acevals_init(&al->other_obj, 0);
al->numusers = 0;
al->numgroups = 0;
al->acl_mask = 0;
@@ -24,8 +24,6 @@
* Use is subject to license terms.
*/

#pragma ident "%Z%%M% %I% %E% SMI"

#include <sys/types.h>
#include <sys/systm.h>
#include <sys/cmn_err.h>
@@ -154,7 +152,7 @@ getcidbyname_locked(char *clname, id_t *cidp)

ASSERT(MUTEX_HELD(&class_lock));

if (*clname == NULL)
if (*clname == '\0')
return (EINVAL);

for (clp = &sclass[0]; clp < &sclass[nclass]; clp++) {
@@ -954,7 +954,7 @@ dnlc_reduce_cache(void *reduce_percent)
if (dnlc_reduce_idle && (dnlc_nentries >= ncsize || reduce_percent)) {
dnlc_reduce_idle = 0;
if ((taskq_dispatch(system_taskq, do_dnlc_reduce_cache,
reduce_percent, TQ_NOSLEEP)) == NULL)
reduce_percent, TQ_NOSLEEP)) == (uintptr_t)NULL)
dnlc_reduce_idle = 1;
}
}
@@ -246,7 +246,7 @@ swap_getapage(
swap_phys_free(pvp, poff,
PAGESIZE);
ap->an_pvp = NULL;
ap->an_poff = NULL;
ap->an_poff = 0;
hat_setmod(pp);
}

@@ -423,7 +423,7 @@ swap_getconpage(

swap_phys_free(pvp, poff, PAGESIZE);
ap->an_pvp = NULL;
ap->an_poff = NULL;
ap->an_poff = 0;
hat_setmod(pp);
mutex_exit(ahm);
}
@@ -915,7 +915,7 @@ vn_rele_async(vnode_t *vp, taskq_t *taskq)
if (vp->v_count == 1) {
mutex_exit(&vp->v_lock);
VERIFY(taskq_dispatch(taskq, (task_func_t *)vn_rele_inactive,
vp, TQ_SLEEP) != NULL);
vp, TQ_SLEEP) != (uintptr_t)NULL);
return;
}
VN_RELE_LOCKED(vp);
@@ -285,7 +285,7 @@ __inet_pton(int af, char *inp, void *outp, int compat)
in6_addr_t v6addr_u;
} v6buf, *v6outp;
uint16_t *dbl_col = NULL;
char lastbyte = NULL;
char lastbyte = '\0';

v6outp = (union v6buf_u *)outp;

@@ -333,7 +333,7 @@ __inet_pton(int af, char *inp, void *outp, int compat)
} else {
v6buf.v6words_u[i] = htons((uint16_t)byte);
}
if (*end == NULL || i == 7) {
if (*end == '\0' || i == 7) {
inp = end;
break;
}
@@ -349,7 +349,7 @@ __inet_pton(int af, char *inp, void *outp, int compat)
dbl_col = &v6buf.v6words_u[i];
if (i == 0)
inp++;
} else if (*inp == NULL || *inp == ' ' ||
} else if (*inp == '\0' || *inp == ' ' ||
*inp == '\t') {
break;
} else {
@@ -362,12 +362,12 @@ __inet_pton(int af, char *inp, void *outp, int compat)
return (0);
}
inp++;
if (*inp == NULL || *inp == ' ' || *inp == '\t') {
if (*inp == '\0' || *inp == ' ' || *inp == '\t') {
break;
}
lastbyte = *inp;
}
if (*inp != NULL && *inp != ' ' && *inp != '\t') {
if (*inp != '\0' && *inp != ' ' && *inp != '\t') {
return (0);
}
/*
@@ -118,7 +118,7 @@ pci_get_msi_ctrl(dev_info_t *dip, int type, ushort_t *msi_ctrl,

if ((PCI_CAP_LOCATE(*h, PCI_CAP_ID_MSI, caps_ptr) == DDI_SUCCESS) &&
(type == DDI_INTR_TYPE_MSI)) {
if ((*msi_ctrl = PCI_CAP_GET16(*h, NULL, *caps_ptr,
if ((*msi_ctrl = PCI_CAP_GET16(*h, 0, *caps_ptr,
PCI_MSI_CTRL)) == PCI_CAP_EINVAL16)
goto done;

@@ -130,7 +130,7 @@ pci_get_msi_ctrl(dev_info_t *dip, int type, ushort_t *msi_ctrl,

if ((PCI_CAP_LOCATE(*h, PCI_CAP_ID_MSI_X, caps_ptr) == DDI_SUCCESS) &&
(type == DDI_INTR_TYPE_MSIX)) {
if ((*msi_ctrl = PCI_CAP_GET16(*h, NULL, *caps_ptr,
if ((*msi_ctrl = PCI_CAP_GET16(*h, 0, *caps_ptr,
PCI_MSIX_CTRL)) == PCI_CAP_EINVAL16)
goto done;

@@ -214,37 +214,35 @@ pci_msi_configure(dev_info_t *rdip, int type, int count, int inum,
if (type == DDI_INTR_TYPE_MSI) {
/* Set the bits to inform how many MSIs are enabled */
msi_ctrl |= ((highbit(count) -1) << PCI_MSI_MME_SHIFT);
PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_CTRL, msi_ctrl);

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_configure: msi_ctrl = %x\n",
PCI_CAP_GET16(h, NULL, caps_ptr, PCI_MSI_CTRL)));
PCI_CAP_GET16(h, 0, caps_ptr, PCI_MSI_CTRL)));

/* Set the "data" and "addr" bits */
PCI_CAP_PUT32(h, NULL, caps_ptr, PCI_MSI_ADDR_OFFSET, addr);
PCI_CAP_PUT32(h, 0, caps_ptr, PCI_MSI_ADDR_OFFSET, addr);

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_configure: msi_addr = %x\n",
PCI_CAP_GET32(h, NULL, caps_ptr, PCI_MSI_ADDR_OFFSET)));
PCI_CAP_GET32(h, 0, caps_ptr, PCI_MSI_ADDR_OFFSET)));

if (msi_ctrl & PCI_MSI_64BIT_MASK) {
PCI_CAP_PUT32(h, NULL, caps_ptr, PCI_MSI_ADDR_OFFSET
PCI_CAP_PUT32(h, 0, caps_ptr, PCI_MSI_ADDR_OFFSET
+ 4, addr >> 32);

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_configure: upper "
"32bit msi_addr = %x\n", PCI_CAP_GET32(h, NULL,
"32bit msi_addr = %x\n", PCI_CAP_GET32(h, 0,
caps_ptr, PCI_MSI_ADDR_OFFSET + 4)));

PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_64BIT_DATA,
data);
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_64BIT_DATA, data);

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_configure: msi_data "
"= %x\n", PCI_CAP_GET16(h, NULL, caps_ptr,
"= %x\n", PCI_CAP_GET16(h, 0, caps_ptr,
PCI_MSI_64BIT_DATA)));
} else {
PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_32BIT_DATA,
data);
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_32BIT_DATA, data);

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_configure: msi_data "
"= %x\n", PCI_CAP_GET16(h, NULL, caps_ptr,
"= %x\n", PCI_CAP_GET16(h, 0, caps_ptr,
PCI_MSI_32BIT_DATA)));
}
} else if (type == DDI_INTR_TYPE_MSIX) {
@@ -307,22 +305,20 @@ pci_msi_unconfigure(dev_info_t *rdip, int type, int inum)

if (type == DDI_INTR_TYPE_MSI) {
msi_ctrl &= (~PCI_MSI_MME_MASK);
PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_CTRL, msi_ctrl);

PCI_CAP_PUT32(h, NULL, caps_ptr, PCI_MSI_ADDR_OFFSET, 0);
PCI_CAP_PUT32(h, 0, caps_ptr, PCI_MSI_ADDR_OFFSET, 0);

if (msi_ctrl & PCI_MSI_64BIT_MASK) {
PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_64BIT_DATA,
0);
PCI_CAP_PUT32(h, NULL, caps_ptr, PCI_MSI_ADDR_OFFSET
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_64BIT_DATA, 0);
PCI_CAP_PUT32(h, 0, caps_ptr, PCI_MSI_ADDR_OFFSET
+ 4, 0);
} else {
PCI_CAP_PUT16(h, NULL, caps_ptr, PCI_MSI_32BIT_DATA,
0);
PCI_CAP_PUT16(h, 0, caps_ptr, PCI_MSI_32BIT_DATA, 0);
}

DDI_INTR_NEXDBG((CE_CONT, "pci_msi_unconfigure: msi_ctrl "
"= %x\n", PCI_CAP_GET16(h, NULL, caps_ptr, PCI_MSI_CTRL)));
"= %x\n", PCI_CAP_GET16(h, 0, caps_ptr, PCI_MSI_CTRL)));

} else if (type == DDI_INTR_TYPE_MSIX) {
uintptr_t off;
@@ -411,14 +407,14 @@ pci_msi_enable_mode(dev_info_t *rdip, int type)
goto finished;

msi_ctrl |= PCI_MSI_ENABLE_BIT;
PCI_CAP_PUT16(cfg_hdle, NULL, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
PCI_CAP_PUT16(cfg_hdle, 0, caps_ptr, PCI_MSI_CTRL, msi_ctrl);

} else if (type == DDI_INTR_TYPE_MSIX) {
if (msi_ctrl & PCI_MSIX_ENABLE_BIT)
goto finished;

msi_ctrl |= PCI_MSIX_ENABLE_BIT;
PCI_CAP_PUT16(cfg_hdle, NULL, caps_ptr, PCI_MSIX_CTRL,
PCI_CAP_PUT16(cfg_hdle, 0, caps_ptr, PCI_MSIX_CTRL,
msi_ctrl);
}

@@ -459,14 +455,13 @@ pci_msi_disable_mode(dev_info_t *rdip, int type)
if (!(msi_ctrl & PCI_MSI_ENABLE_BIT))
goto finished;
msi_ctrl &= ~PCI_MSI_ENABLE_BIT;
PCI_CAP_PUT16(cfg_hdle, NULL, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
PCI_CAP_PUT16(cfg_hdle, 0, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
} else if (type == DDI_INTR_TYPE_MSIX) {
if (!(msi_ctrl & PCI_MSIX_ENABLE_BIT))
goto finished;

msi_ctrl &= ~PCI_MSIX_ENABLE_BIT;
PCI_CAP_PUT16(cfg_hdle, NULL, caps_ptr, PCI_MSIX_CTRL,
msi_ctrl);
PCI_CAP_PUT16(cfg_hdle, 0, caps_ptr, PCI_MSIX_CTRL, msi_ctrl);
}

finished:
@@ -507,13 +502,13 @@ pci_msi_set_mask(dev_info_t *rdip, int type, int inum)
offset = (msi_ctrl & PCI_MSI_64BIT_MASK) ?
PCI_MSI_64BIT_MASKBITS : PCI_MSI_32BIT_MASK;

if ((mask_bits = PCI_CAP_GET32(cfg_hdle, NULL, caps_ptr,
if ((mask_bits = PCI_CAP_GET32(cfg_hdle, 0, caps_ptr,
offset)) == PCI_CAP_EINVAL32)
goto done;

mask_bits |= (1 << inum);

PCI_CAP_PUT32(cfg_hdle, NULL, caps_ptr, offset, mask_bits);
PCI_CAP_PUT32(cfg_hdle, 0, caps_ptr, offset, mask_bits);

} else if (type == DDI_INTR_TYPE_MSIX) {
uintptr_t off;
@@ -570,13 +565,13 @@ pci_msi_clr_mask(dev_info_t *rdip, int type, int inum)

offset = (msi_ctrl & PCI_MSI_64BIT_MASK) ?
PCI_MSI_64BIT_MASKBITS : PCI_MSI_32BIT_MASK;
if ((mask_bits = PCI_CAP_GET32(cfg_hdle, NULL, caps_ptr,
if ((mask_bits = PCI_CAP_GET32(cfg_hdle, 0, caps_ptr,
offset)) == PCI_CAP_EINVAL32)
goto done;

mask_bits &= ~(1 << inum);

PCI_CAP_PUT32(cfg_hdle, NULL, caps_ptr, offset, mask_bits);
PCI_CAP_PUT32(cfg_hdle, 0, caps_ptr, offset, mask_bits);

} else if (type == DDI_INTR_TYPE_MSIX) {
uintptr_t off;
@@ -637,7 +632,7 @@ pci_msi_get_pending(dev_info_t *rdip, int type, int inum, int *pendingp)
offset = (msi_ctrl & PCI_MSI_64BIT_MASK) ?
PCI_MSI_64BIT_PENDING : PCI_MSI_32BIT_PENDING;

if ((pending_bits = PCI_CAP_GET32(cfg_hdle, NULL, caps_ptr,
if ((pending_bits = PCI_CAP_GET32(cfg_hdle, 0, caps_ptr,
offset)) == PCI_CAP_EINVAL32)
goto done;

@@ -727,7 +722,7 @@ pci_msi_set_nintrs(dev_info_t *rdip, int type, int navail)
if (type == DDI_INTR_TYPE_MSI) {
msi_ctrl |= ((highbit(navail) -1) << PCI_MSI_MME_SHIFT);

PCI_CAP_PUT16(cfg_hdle, NULL, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
PCI_CAP_PUT16(cfg_hdle, 0, caps_ptr, PCI_MSI_CTRL, msi_ctrl);
} else if (type == DDI_INTR_TYPE_MSIX) {
DDI_INTR_NEXDBG((CE_CONT, "pci_msi_set_nintrs: unsupported\n"));
}
@@ -809,7 +804,7 @@ pci_msix_init(dev_info_t *rdip)
msix_p->msix_dev_attr.devacc_attr_dataorder = DDI_STRICTORDER_ACC;

/* Map the entire MSI-X vector table */
msix_p->msix_tbl_offset = PCI_CAP_GET32(cfg_hdle, NULL, caps_ptr,
msix_p->msix_tbl_offset = PCI_CAP_GET32(cfg_hdle, 0, caps_ptr,
PCI_MSIX_TBL_OFFSET);

if ((breg = pci_msix_bir_index[msix_p->msix_tbl_offset &
@@ -870,7 +865,7 @@ pci_msix_init(dev_info_t *rdip)
/*
* Map in the MSI-X Pending Bit Array
*/
msix_p->msix_pba_offset = PCI_CAP_GET32(cfg_hdle, NULL, caps_ptr,
msix_p->msix_pba_offset = PCI_CAP_GET32(cfg_hdle, 0, caps_ptr,
PCI_MSIX_PBA_OFFSET);

if ((breg = pci_msix_bir_index[msix_p->msix_pba_offset &
@@ -23,8 +23,6 @@
* Use is subject to license terms.
*/

#pragma ident "%Z%%M% %I% %E% SMI"

/*
* This file contains global data and code shared between master and slave parts
* of the pseudo-terminal driver.
@@ -608,8 +606,8 @@ ptms_constructor(void *maddr, void *arg, int kmflags)
pt->pts_rdq = NULL;
pt->ptm_rdq = NULL;
pt->pt_nullmsg = NULL;
pt->pt_pid = NULL;
pt->pt_minor = NULL;
pt->pt_pid = 0;
pt->pt_minor = 0;
pt->pt_refcnt = 0;
pt->pt_state = 0;
pt->pt_zoneid = GLOBAL_ZONEID;
@@ -2089,7 +2089,7 @@ getq_noenab(queue_t *q, ssize_t rbytes)
if (freezer != curthread)
mutex_exit(QLOCK(q));

STR_FTEVENT_MSG(bp, q, FTEV_GETQ, NULL);
STR_FTEVENT_MSG(bp, q, FTEV_GETQ, 0);

return (bp);
}
@@ -2286,7 +2286,7 @@ rmvq_noenab(queue_t *q, mblk_t *mp)
if (freezer != curthread)
mutex_exit(QLOCK(q));

STR_FTEVENT_MSG(mp, q, FTEV_RMVQ, NULL);
STR_FTEVENT_MSG(mp, q, FTEV_RMVQ, 0);
}

/*
@@ -2334,7 +2334,7 @@ flushq_common(queue_t *q, int flag, int pcproto_flag)
nmp = mp->b_next;
mp->b_next = mp->b_prev = NULL;

STR_FTEVENT_MBLK(mp, q, FTEV_FLUSHQ, NULL);
STR_FTEVENT_MBLK(mp, q, FTEV_FLUSHQ, 0);

if (pcproto_flag && (mp->b_datap->db_type == M_PCPROTO))
(void) putq(q, mp);
@@ -2773,7 +2773,7 @@ putq(queue_t *q, mblk_t *bp)
}
}

STR_FTEVENT_MSG(bp, q, FTEV_PUTQ, NULL);
STR_FTEVENT_MSG(bp, q, FTEV_PUTQ, 0);

if ((mcls > QNORM) ||
(canenable(q) && (q->q_flag & QWANTR || bp->b_band)))
@@ -2955,7 +2955,7 @@ putbq(queue_t *q, mblk_t *bp)
}
}

STR_FTEVENT_MSG(bp, q, FTEV_PUTBQ, NULL);
STR_FTEVENT_MSG(bp, q, FTEV_PUTBQ, 0);

if ((mcls > QNORM) || (canenable(q) && (q->q_flag & QWANTR)))
qenable_locked(q);
@@ -3095,7 +3095,7 @@ insq(queue_t *q, mblk_t *emp, mblk_t *mp)
}
}

STR_FTEVENT_MSG(mp, q, FTEV_INSQ, NULL);
STR_FTEVENT_MSG(mp, q, FTEV_INSQ, 0);

if (canenable(q) && (q->q_flag & QWANTR))
qenable_locked(q);
@@ -3231,7 +3231,7 @@ hash(
* Make a hash value by XORing all the ascii codes in the text string.
*/

for (ptr = (char *)name; *ptr != NULL; ptr++) {
for (ptr = (char *)name; *ptr != '\0'; ptr++) {
val ^= *ptr;
}

0 comments on commit 7e12ceb

Please sign in to comment.
You can’t perform that action at this time.