Bug ID: 6687883 i_xvdi_enum_worker() corrupts its stack

Bug ID	6687883
Synopsis	i_xvdi_enum_worker() corrupts its stack
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	xvm:kernel-io
Keywords
Responsible Engineer	Edward Pilatowicz
Reported Against
Duplicate Of
Introduced In	solaris_nevada
Commit to Fix	snv_89
Fixed In	snv_89
Release Fixed	solaris_nevada(snv_89)
Related Bugs	6551858
Submit Date	13-April-2008
Last Update Date	8-May-2008
Description	in i_xvdi_enum_worker() we have the following code: ---8<--- int vdev; ... (void) ddi_strtol(devices[j], &ep, 0, (long )&vdev); ---8<--- casting &vdev to a "long " results in corruption of whatever happens to be located on the stack after vdev. looking at i_xvdi_enum_worker() we also wee the following (domid_t is a 16-bit type): ---8<--- domid_t dom; ... (void) ddi_strtol(domain, &ep, 0, (long *)&dom); ---8<--- it's worth mentioning that the manifestation of this bug that i saw was that when booting a domU with multiple pv devices configured, i would only see one pv disk device. this was because i_xvdi_enum_worker() was corrupting the variable ndevices and there for only enumerating one device. it's also worth mentioning that other people have reported intermittent issues with configuring multiple pv network devices, which could also be a manifestation of this bug.
Work Around	N/A
Comments	N/A

OpenSolaris